Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
0EZ9Ho3Ruc.exe

Overview

General Information

Sample Name:0EZ9Ho3Ruc.exe
Original Sample Name:19F0959FE3AC2F52618FDC2E4A3FC7BE.exe
Analysis ID:1333695
MD5:19f0959fe3ac2f52618fdc2e4a3fc7be
SHA1:670aec0bfa4b20b9ad42998bc1ce95a563c51f93
SHA256:f7f99750fc7f8183e760315a48d42591ab9bedfbc6c1b89c4035e1a10b9c038d
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for dropped file
Snort IDS alert for network traffic
Tries to steal Crypto Currency Wallets
Yara detected Costura Assembly Loader
Machine Learning detection for sample
.NET source code contains potential unpacker
Creates files with lurking names (e.g. Crack.exe)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
Contains functionality to dynamically determine API calls
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Drops PE files
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • 0EZ9Ho3Ruc.exe (PID: 7100 cmdline: C:\Users\user\Desktop\0EZ9Ho3Ruc.exe MD5: 19F0959FE3AC2F52618FDC2E4A3FC7BE)
    • VLAD SANELI.exe (PID: 6392 cmdline: "C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe" MD5: 624026B2505922E950721A6F29006C30)
    • WINChamsBPCrack.exe (PID: 6496 cmdline: "C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe" MD5: 3B3C685EAE1F5EC6D0EFD6ED370D999C)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
RedLine StealerRedLine Stealer is a malware available on underground forums for sale apparently as standalone ($100/$150 depending on the version) or also on a subscription basis ($100/month). This malware harvests information from browsers such as saved credentials, autocomplete data, and credit card information. A system inventory is also taken when running on a target machine, to include details such as the username, location data, hardware configuration, and information regarding installed security software. More recent versions of RedLine added the ability to steal cryptocurrency. FTP and IM clients are also apparently targeted by this family, and this malware has the ability to upload and download files, execute commands, and periodically send back information about the infected computer.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.redline_stealer

Malware Configuration

Threatname: RedLine

{"C2 url": "194.190.152.148:5871", "Bot Id": "VLAD SANELI", "Message": "404", "Authorization Header": "466e0f851ecead47720073b3e83038d1"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
        • 0x3f2c0:$v2_1: ListOfProcesses
        • 0x3ee7a:$v4_3: base64str
        • 0x40f4a:$v4_4: stringKey
        • 0x3ace0:$v4_5: BytesToStringConverted
        • 0x3a118:$v4_6: FromBase64
        • 0x3b908:$v4_8: procName
        • 0x3a898:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
        C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

          Memory Dumps

          SourceRuleDescriptionAuthorStrings
          00000000.00000003.1714559894.0000000000766000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000002.00000000.1719422132.00000241F0C72000.00000002.00000001.01000000.00000007.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              00000001.00000000.1718058455.0000000000E72000.00000002.00000001.01000000.00000005.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                00000000.00000003.1718264812.0000000002F11000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    Click to see the 8 entries

                    Unpacked PEs

                    SourceRuleDescriptionAuthorStrings
                    0.3.0EZ9Ho3Ruc.exe.790ec8.0.raw.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      0.3.0EZ9Ho3Ruc.exe.790ec8.0.raw.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x3f2c0:$v2_1: ListOfProcesses
                      • 0x3ee7a:$v4_3: base64str
                      • 0x40f4a:$v4_4: stringKey
                      • 0x3ace0:$v4_5: BytesToStringConverted
                      • 0x3a118:$v4_6: FromBase64
                      • 0x3b908:$v4_8: procName
                      • 0x3a898:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                      1.0.VLAD SANELI.exe.e70000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        1.0.VLAD SANELI.exe.e70000.0.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                        • 0x3f2c0:$v2_1: ListOfProcesses
                        • 0x3ee7a:$v4_3: base64str
                        • 0x40f4a:$v4_4: stringKey
                        • 0x3ace0:$v4_5: BytesToStringConverted
                        • 0x3a118:$v4_6: FromBase64
                        • 0x3b908:$v4_8: procName
                        • 0x3a898:$v5_9: BCRYPT_KEY_LENGTHS_STRUCT
                        0.3.0EZ9Ho3Ruc.exe.790ec8.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                          Click to see the 5 entries

                          Sigma Signatures

                          No Sigma rule has matched

                          Snort Signatures

                          Timestamp:192.168.2.4194.190.152.1484973658712046045 10/28/23-17:57:03.772338
                          SID:2046045
                          Source Port:49736
                          Destination Port:5871
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:194.190.152.148192.168.2.45871497362046056 10/28/23-17:57:04.378328
                          SID:2046056
                          Source Port:5871
                          Destination Port:49736
                          Protocol:TCP
                          Classtype:A Network Trojan was detected
                          Timestamp:192.168.2.4194.190.152.1484973658712046105 10/28/23-17:57:04.151600
                          SID:2046105
                          Source Port:49736
                          Destination Port:5871
                          Protocol:TCP
                          Classtype:A Network Trojan was detected

                          Joe Sandbox Signatures

                          Click to jump to signature section

                          Show All Signature Results

                          AV Detection

                          barindex
                          Found malware configuration
                          Source: 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: RedLine {"C2 url": "194.190.152.148:5871", "Bot Id": "VLAD SANELI", "Message": "404", "Authorization Header": "466e0f851ecead47720073b3e83038d1"}
                          Multi AV Scanner detection for submitted file
                          Source: 0EZ9Ho3Ruc.exeReversingLabs: Detection: 92%
                          Source: 0EZ9Ho3Ruc.exeVirustotal: Detection: 91%Perma Link
                          Antivirus / Scanner detection for submitted sample
                          Source: 0EZ9Ho3Ruc.exeAvira: detected
                          Multi AV Scanner detection for dropped file
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeReversingLabs: Detection: 91%
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeVirustotal: Detection: 77%Perma Link
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeReversingLabs: Detection: 56%
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeVirustotal: Detection: 38%Perma Link
                          Machine Learning detection for sample
                          Source: 0EZ9Ho3Ruc.exeJoe Sandbox ML: detected
                          Machine Learning detection for dropped file
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeJoe Sandbox ML: detected
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeJoe Sandbox ML: detected
                          Source: 0EZ9Ho3Ruc.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: WINChamsBPCrack.exe.0.dr
                          Source: Binary string: C:\Users\PC\source\repos\WINChamsBPCrack\WINChamsBPCrack\obj\Debug\WINChamsBPCrack.pdb source: WINChamsBPCrack.exe.0.dr
                          Source: Binary string: C:\projects\memory-dll\Memory\obj\x64\Debug\netstandard2.0\Memory.pdbSHA256$ source: WINChamsBPCrack.exe, 00000002.00000002.2991182694.00000241F1130000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: costura.costura.pdb.compressed source: WINChamsBPCrack.exe, 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe.0.dr
                          Source: Binary string: wguna2HtmlLabel1Form1guna2Button1guna2TextBox1Guna.UI2Dictionary`2guna2Button2guna2TextBox2guna2Button3guna2Button4<guna2Button4_Click>d__5<Module>SizeFSystem.IOget_BPset_BPget_FuchsiaCosturacostura.metadataFromArgbmscorlibSystem.Collections.GenericReadLoadAddisAttachedInterlockedcostura.costura.pdb.compressedcostura.guna.ui2.dll.compressedcostura.costura.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedcostura.memory.dll.compressedSynchronized<BP>k__BackingField<Name>k__BackingField<Pass>k__BackingFieldset_UseTransparentBackgrounddefaultInstancesourceset_AutoScaleModeCompressionModeExchangenullCacheIDisposableset_VisibleRuntimeTypeHandleGetTypeFromHandleget_PurpleFontStyleget_Nameset_NamefullNameGetNamerequestedAssemblyNamenameIAsyncStateMachineSetStateMachinestateMachineTypeget_Cultureset_CultureresourceCulturecultureApplicationSettingsBaseDisposeCreateget_DisabledStateget_FocusedStateDebuggerBrowsableStateEditorBrowsableStateButtonStateget_HoverStateTextBoxState<>1__stateget_WhiteWriteGuna.UI2.WinForms.SuiteSTAThreadAttributeCompilerGeneratedAttributeGuidAttributeGeneratedCodeAttributeDebuggerNonUserCodeAttributeDebuggableAttributeDebuggerBrowsableAttributeEditorBrowsableAttributeComVisibleAttributeAssemblyTitleAttributeAsyncStateMachineAttributeDebuggerStepThroughAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeDebuggerHiddenAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeByteTryGetValuevalueadd_AssemblyResolveWINChamsBPCrack.exeset_Sizeset_ClientSizeRegSystem.ThreadingPaddingEncodingSystem.Runtime.VersioningCultureToStringdisposingSystem.DrawingAttachget_LengthEndsWithget_BlackWINChamsBPCrackguna2Button1_Clickguna2Button2_Clickguna2Button3_Clickguna2Button4_Clickadd_ClicknullCacheLockGuna2HtmlLabelSystem.ComponentModelContainerControlget_IBeamReadStreamLoadStreamGetManifestResourceStreamDeflateStreamMemoryStreamstreamProgramMemset_ItemSystemFormresourceManMainAppDomainget_CurrentDomainset_MarginFodyVersionSystem.IO.CompressionApplicationset_LocationdestinationSystem.ConfigurationSystem.GlobalizationSystem.ReflectionControlCollectionset_PositionSetExceptionStringComparisonGuna2ButtonRunCopyToget_CultureInfoset_PasswordCharAssemblyLoaderAsyncVoidMethodBuilder<>t__buildersenderget_ResourceManagerResolveEventHandlerSystem.CodeDom.CompilerIContainerEnterset_ForeColorset_PlaceholderForeColorset_BackColorset_FillColorset_BorderColorset_CustomBorderColorset_Cursor.ctor.cctorMonitorSystem.DiagnosticsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesReadFromEmbeddedResourcesWINChamsBPCrack.Form1.resourcesWINChamsBPCrack.Properties.Resources.resourcesDebuggingModesGetAssembliesWINChamsBPCrack.PropertiesEnableVisualStylesresourceNamessymbolNamesassemblyNamesget_FlagsAssemblyNameFlagsSettingsResolveEventArgs<>4__thisE
                          Source: Binary string: C:\projects\memory-dll\Memory\obj\x64\Debug\netstandard2.0\Memory.pdb source: WINChamsBPCrack.exe, 00000002.00000002.2991182694.00000241F1130000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: WINChamsBPCrack.exe.0.dr

                          Networking

                          barindex
                          Snort IDS alert for network traffic
                          Source: TrafficSnort IDS: 2046045 ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization) 192.168.2.4:49736 -> 194.190.152.148:5871
                          Source: TrafficSnort IDS: 2046105 ET TROJAN Redline Stealer TCP CnC Activity - MSValue (Outbound) 192.168.2.4:49736 -> 194.190.152.148:5871
                          Source: TrafficSnort IDS: 2046056 ET TROJAN Redline Stealer Activity (Response) 194.190.152.148:5871 -> 192.168.2.4:49736
                          Yara detected Generic Downloader
                          Source: Yara matchFile source: 2.2.WINChamsBPCrack.exe.241f3440000.4.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.WINChamsBPCrack.exe.24190269b58.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 2.2.WINChamsBPCrack.exe.24190011a78.1.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                          C2 URLs / IPs found in malware configuration
                          Source: Malware configuration extractorURLs: 194.190.152.148:5871
                          Source: Joe Sandbox ViewASN Name: RSHB-ASRU RSHB-ASRU
                          Source: global trafficTCP traffic: 192.168.2.4:49736 -> 194.190.152.148:5871
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: unknownTCP traffic detected without corresponding DNS query: 194.190.152.148
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2980214626.0000024190011000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe, 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1Response
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue1ResponseD
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2Response
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue2ResponseD
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003434000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3Response
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Contract/MSValue3ResponseD
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/D
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/ip
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtabS
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2991182694.00000241F1130000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/erfg12/memory.dll
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2991182694.00000241F1130000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/erfg12/memory.dll#
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gunaui.com/
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gunaui.com/api/licensing.php
                          Source: WINChamsBPCrack.exe, 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gunaui.com/pricing
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                          Source: VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                          System Summary

                          barindex
                          Malicious sample detected (through community Yara rule)
                          Source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 1.0.VLAD SANELI.exe.e70000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe, type: DROPPEDMatched rule: Detects RedLine infostealer Author: ditekSHen
                          Creates files with lurking names (e.g. Crack.exe)
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeFile created: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeJump to behavior
                          Source: 0EZ9Ho3Ruc.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                          Source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 1.0.VLAD SANELI.exe.e70000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe, type: DROPPEDMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_032908481_2_03290848
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_0329140F1_2_0329140F
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_052D75381_2_052D7538
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_052D3DE01_2_052D3DE0
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_052D3DD11_2_052D3DD1
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_097000401_2_09700040
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_0970F3F81_2_0970F3F8
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_0970DDF81_2_0970DDF8
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_097024901_2_09702490
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_097097001_2_09709700
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_09700ED81_2_09700ED8
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_097081A81_2_097081A8
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_09728B271_2_09728B27
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_097200401_2_09720040
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_0972D1C81_2_0972D1C8
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_09720C001_2_09720C00
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_09723FE81_2_09723FE8
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_097251081_2_09725108
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_09955F481_2_09955F48
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_099570881_2_09957088
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_099520391_2_09952039
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_099596701_2_09959670
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeCode function: 2_2_00007FFD9B8B29D32_2_00007FFD9B8B29D3
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeCode function: 2_2_00007FFD9B8B28FA2_2_00007FFD9B8B28FA
                          Source: 0EZ9Ho3Ruc.exe, 00000000.00000003.1714559894.00000000007EB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameGenophobia.exe" vs 0EZ9Ho3Ruc.exe
                          Source: WINChamsBPCrack.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: 0EZ9Ho3Ruc.exeStatic PE information: Section: .rsrc ZLIB complexity 0.9924066498523622
                          Source: 0EZ9Ho3Ruc.exeReversingLabs: Detection: 92%
                          Source: 0EZ9Ho3Ruc.exeVirustotal: Detection: 91%
                          Source: 0EZ9Ho3Ruc.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                          Source: unknownProcess created: C:\Users\user\Desktop\0EZ9Ho3Ruc.exe C:\Users\user\Desktop\0EZ9Ho3Ruc.exe
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeProcess created: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe "C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe"
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeProcess created: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe "C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe"
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeProcess created: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe "C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeProcess created: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe "C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile created: C:\Users\user\AppData\Local\ElevatedDiagnosticsJump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeFile created: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeJump to behavior
                          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@5/3@0/1
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\b8493bec853ac702d2188091d76ccffa\mscorlib.ni.dllJump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeCode function: 0_2_0040135A GetSystemDirectoryA,PathAddBackslashA,GetWindowsDirectoryA,GetTempPathA,GetModuleFileNameA,GetEnvironmentVariableA,FindResourceA,SizeofResource,LoadResource,LockResource,GlobalAlloc,RtlMoveMemory,GlobalAlloc,RtlMoveMemory,GlobalFree,lstrcpynA,lstrcpyA,lstrlenA,lstrcpyA,lstrlenA,lstrcpyA,lstrcatA,lstrcpyA,CreateFileA,WriteFile,HeapAlloc,WriteFile,HeapFree,CreateFileA,GetFileSize,CloseHandle,HeapAlloc,WriteFile,HeapFree,CloseHandle,FindCloseChangeNotification,GlobalFree,SetFileAttributesA,lstrcpyA,PathFindFileNameA,ShellExecuteA,FreeResource,ExitProcess,ExitProcess,0_2_0040135A
                          Source: Window RecorderWindow detected: More than 3 window changes detected
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
                          Source: Binary string: costura=costura.costura.dll.compressed=costura.costura.pdb.compressed source: WINChamsBPCrack.exe.0.dr
                          Source: Binary string: C:\Users\PC\source\repos\WINChamsBPCrack\WINChamsBPCrack\obj\Debug\WINChamsBPCrack.pdb source: WINChamsBPCrack.exe.0.dr
                          Source: Binary string: C:\projects\memory-dll\Memory\obj\x64\Debug\netstandard2.0\Memory.pdbSHA256$ source: WINChamsBPCrack.exe, 00000002.00000002.2991182694.00000241F1130000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: costura.costura.pdb.compressed source: WINChamsBPCrack.exe, 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmp, WINChamsBPCrack.exe.0.dr
                          Source: Binary string: wguna2HtmlLabel1Form1guna2Button1guna2TextBox1Guna.UI2Dictionary`2guna2Button2guna2TextBox2guna2Button3guna2Button4<guna2Button4_Click>d__5<Module>SizeFSystem.IOget_BPset_BPget_FuchsiaCosturacostura.metadataFromArgbmscorlibSystem.Collections.GenericReadLoadAddisAttachedInterlockedcostura.costura.pdb.compressedcostura.guna.ui2.dll.compressedcostura.costura.dll.compressedcostura.system.diagnostics.diagnosticsource.dll.compressedcostura.memory.dll.compressedSynchronized<BP>k__BackingField<Name>k__BackingField<Pass>k__BackingFieldset_UseTransparentBackgrounddefaultInstancesourceset_AutoScaleModeCompressionModeExchangenullCacheIDisposableset_VisibleRuntimeTypeHandleGetTypeFromHandleget_PurpleFontStyleget_Nameset_NamefullNameGetNamerequestedAssemblyNamenameIAsyncStateMachineSetStateMachinestateMachineTypeget_Cultureset_CultureresourceCulturecultureApplicationSettingsBaseDisposeCreateget_DisabledStateget_FocusedStateDebuggerBrowsableStateEditorBrowsableStateButtonStateget_HoverStateTextBoxState<>1__stateget_WhiteWriteGuna.UI2.WinForms.SuiteSTAThreadAttributeCompilerGeneratedAttributeGuidAttributeGeneratedCodeAttributeDebuggerNonUserCodeAttributeDebuggableAttributeDebuggerBrowsableAttributeEditorBrowsableAttributeComVisibleAttributeAssemblyTitleAttributeAsyncStateMachineAttributeDebuggerStepThroughAttributeAssemblyTrademarkAttributeTargetFrameworkAttributeDebuggerHiddenAttributeAssemblyFileVersionAttributeAssemblyConfigurationAttributeAssemblyDescriptionAttributeCompilationRelaxationsAttributeAssemblyProductAttributeAssemblyCopyrightAttributeAssemblyCompanyAttributeRuntimeCompatibilityAttributeByteTryGetValuevalueadd_AssemblyResolveWINChamsBPCrack.exeset_Sizeset_ClientSizeRegSystem.ThreadingPaddingEncodingSystem.Runtime.VersioningCultureToStringdisposingSystem.DrawingAttachget_LengthEndsWithget_BlackWINChamsBPCrackguna2Button1_Clickguna2Button2_Clickguna2Button3_Clickguna2Button4_Clickadd_ClicknullCacheLockGuna2HtmlLabelSystem.ComponentModelContainerControlget_IBeamReadStreamLoadStreamGetManifestResourceStreamDeflateStreamMemoryStreamstreamProgramMemset_ItemSystemFormresourceManMainAppDomainget_CurrentDomainset_MarginFodyVersionSystem.IO.CompressionApplicationset_LocationdestinationSystem.ConfigurationSystem.GlobalizationSystem.ReflectionControlCollectionset_PositionSetExceptionStringComparisonGuna2ButtonRunCopyToget_CultureInfoset_PasswordCharAssemblyLoaderAsyncVoidMethodBuilder<>t__buildersenderget_ResourceManagerResolveEventHandlerSystem.CodeDom.CompilerIContainerEnterset_ForeColorset_PlaceholderForeColorset_BackColorset_FillColorset_BorderColorset_CustomBorderColorset_Cursor.ctor.cctorMonitorSystem.DiagnosticsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourcesReadFromEmbeddedResourcesWINChamsBPCrack.Form1.resourcesWINChamsBPCrack.Properties.Resources.resourcesDebuggingModesGetAssembliesWINChamsBPCrack.PropertiesEnableVisualStylesresourceNamessymbolNamesassemblyNamesget_FlagsAssemblyNameFlagsSettingsResolveEventArgs<>4__thisE
                          Source: Binary string: C:\projects\memory-dll\Memory\obj\x64\Debug\netstandard2.0\Memory.pdb source: WINChamsBPCrack.exe, 00000002.00000002.2991182694.00000241F1130000.00000004.08000000.00040000.00000000.sdmp
                          Source: Binary string: costura.costura.pdb.compressed|||Costura.pdb|6C6000A5EAF8579850AB82A89BD6268776EB51AD|2608 source: WINChamsBPCrack.exe.0.dr

                          Data Obfuscation

                          barindex
                          Yara detected Costura Assembly Loader
                          Source: Yara matchFile source: 2.0.WINChamsBPCrack.exe.241f0c70000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000002.00000000.1719422132.00000241F0C72000.00000002.00000001.01000000.00000007.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.1718264812.0000000002F11000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000000.00000003.1718603001.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: WINChamsBPCrack.exe PID: 6496, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe, type: DROPPED
                          .NET source code contains potential unpacker
                          Source: WINChamsBPCrack.exe.0.dr, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                          Source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.raw.unpack, SystemExt.cs.Net Code: RaiseEvent
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeCode function: 2_2_00007FFD9B8B6B86 push ecx; iretd 2_2_00007FFD9B8B6B87
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeCode function: 2_2_00007FFD9B8B91FD push 691050FFh; retf 2_2_00007FFD9B8B9203
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeCode function: 0_2_004011CF LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleFileNameA,GetEnvironmentVariableA,0_2_004011CF
                          Source: VLAD SANELI.exe.0.drStatic PE information: 0xC3D33654 [Fri Feb 9 10:52:04 2074 UTC]
                          Source: initial sampleStatic PE information: section name: .text entropy: 7.994660029720465
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeFile created: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeJump to dropped file
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeFile created: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeJump to dropped file
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                          Malware Analysis System Evasion

                          barindex
                          Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeEvasive API call chain: GetPEB, DecisionNodes, ExitProcessgraph_0-249
                          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                          Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe TID: 7176Thread sleep time: -17524406870024063s >= -30000sJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe TID: 6556Thread sleep time: -922337203685477s >= -30000sJump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeCode function: 0_2_004012D9 rdtsc 0_2_004012D9
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWindow / User API: threadDelayed 829Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWindow / User API: threadDelayed 3960Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess information queried: ProcessInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeThread delayed: delay time: 922337203685477Jump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeAPI call chain: ExitProcess graph end nodegraph_0-199
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeAPI call chain: ExitProcess graph end nodegraph_0-226
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeAPI call chain: ExitProcess graph end nodegraph_0-251
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeAPI call chain: ExitProcess graph end nodegraph_0-254
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeAPI call chain: ExitProcess graph end nodegraph_0-167
                          Source: VLAD SANELI.exe, 00000001.00000002.1777892392.0000000001613000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeCode function: 0_2_004011CF LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,GetModuleFileNameA,GetEnvironmentVariableA,0_2_004011CF
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeCode function: 0_2_00401AE1 GetCommandLineA,GetModuleHandleA,GetProcessHeap,ExitProcess,0_2_00401AE1
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeCode function: 0_2_004012D9 rdtsc 0_2_004012D9
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeProcess token adjusted: DebugJump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeCode function: 0_2_0040119D mov eax, dword ptr fs:[00000030h]0_2_0040119D
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeCode function: 0_2_004011AF mov eax, dword ptr fs:[00000030h]0_2_004011AF
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeCode function: 1_2_0972A6D8 LdrInitializeThunk,1_2_0972A6D8
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeMemory allocated: page read and write | page guardJump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeProcess created: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe "C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe" Jump to behavior
                          Source: C:\Users\user\Desktop\0EZ9Ho3Ruc.exeProcess created: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe "C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe" Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\netstandard\v4.0_2.0.0.0__cc7b13ffcd2ddd51\netstandard.dll VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\DUBAI-LIGHT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\flat_officeFontsPreview.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OFFSYM.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OFFSYMSL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OFFSYMSB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OFFSYMXL.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OFFSYML.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                          Source: VLAD SANELI.exe, 00000001.00000002.1787432546.00000000094D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                          Stealing of Sensitive Information

                          barindex
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.0.VLAD SANELI.exe.e70000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.1714559894.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000000.1718058455.0000000000E72000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: VLAD SANELI.exe PID: 6392, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe, type: DROPPED
                          Tries to steal Crypto Currency Wallets
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                          Tries to harvest and steal browser information (history, passwords, etc)
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                          Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                          Source: Yara matchFile source: 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: VLAD SANELI.exe PID: 6392, type: MEMORYSTR

                          Remote Access Functionality

                          barindex
                          Yara detected RedLine Stealer
                          Source: Yara matchFile source: dump.pcap, type: PCAP
                          Source: Yara matchFile source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.raw.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 1.0.VLAD SANELI.exe.e70000.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 0.3.0EZ9Ho3Ruc.exe.790ec8.0.unpack, type: UNPACKEDPE
                          Source: Yara matchFile source: 00000000.00000003.1714559894.0000000000766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000000.1718058455.0000000000E72000.00000002.00000001.01000000.00000005.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                          Source: Yara matchFile source: Process Memory Space: VLAD SANELI.exe PID: 6392, type: MEMORYSTR
                          Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe, type: DROPPED

                          Mitre Att&ck Matrix

                          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                          Valid Accounts221
                          Windows Management Instrumentation                          		Path Interception11
                          Process Injection                          		11
                          Masquerading                          		1
                          OS Credential Dumping                          		351
                          Security Software Discovery                          		Remote Services1
                          Archive Collected Data                          		Exfiltration Over Other Network Medium1
                          Encrypted Channel                          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                          Default Accounts11
                          Native API                          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                          Disable or Modify Tools                          		LSASS Memory1
                          Process Discovery                          		Remote Desktop Protocol2
                          Data from Local System                          		Exfiltration Over Bluetooth1
                          Non-Standard Port                          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)231
                          Virtualization/Sandbox Evasion                          		Security Account Manager231
                          Virtualization/Sandbox Evasion                          		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
                          Application Layer Protocol                          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)11
                          Process Injection                          		NTDS1
                          Application Window Discovery                          		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                          Obfuscated Files or Information                          		LSA Secrets1
                          File and Directory Discovery                          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                          Replication Through Removable MediaLaunchdRc.commonRc.common13
                          Software Packing                          		Cached Domain Credentials113
                          System Information Discovery                          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                          External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                          Timestomp                          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                          Behavior Graph

                          Hide Legend

                          Legend:

                          • Process
                          • Signature
                          • Created File
                          • DNS/IP Info
                          • Is Dropped
                          • Is Windows Process
                          • Number of created Registry Values
                          • Number of created Files
                          • Visual Basic
                          • Delphi
                          • Java
                          • .Net C# or VB.NET
                          • C, C++ or other language
                          • Is malicious
                          • Internet

                          Screenshots

                          Thumbnails

                          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                          windows-stand

                          Antivirus, Machine Learning and Genetic Malware Detection

                          Initial Sample

                          SourceDetectionScannerLabelLink
                          0EZ9Ho3Ruc.exe92%ReversingLabsWin32.Trojan.VBinder
                          0EZ9Ho3Ruc.exe92%VirustotalBrowse
                          0EZ9Ho3Ruc.exe100%AviraTR/Dropper.Gen
                          0EZ9Ho3Ruc.exe100%Joe Sandbox ML

                          Dropped Files

                          SourceDetectionScannerLabelLink
                          C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe100%Joe Sandbox ML
                          C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe91%ReversingLabsByteCode-MSIL.Trojan.RedLine
                          C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe78%VirustotalBrowse
                          C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe57%ReversingLabsByteCode-MSIL.Spyware.Zombie
                          C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe39%VirustotalBrowse

                          Unpacked PE Files

                          No Antivirus matches

                          Domains

                          No Antivirus matches

                          URLs

                          SourceDetectionScannerLabelLink
                          http://www.sajatypeworks.com0%URL Reputationsafe
                          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                          http://www.urwpp.deDPlease0%URL Reputationsafe
                          https://api.ip.sb/ip0%URL Reputationsafe
                          http://www.carterandcone.coml0%URL Reputationsafe
                          http://www.tiro.com0%URL Reputationsafe
                          http://www.goodfont.co.kr0%URL Reputationsafe
                          http://www.typography.netD0%URL Reputationsafe
                          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                          http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
                          http://tempuri.org/0%Avira URL Cloudsafe
                          http://tempuri.org/Contract/MSValue2Response0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
                          http://tempuri.org/Contract/MSValue3ResponseD0%Avira URL Cloudsafe
                          http://tempuri.org/Contract/MSValue3Response0%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn/cThe0%VirustotalBrowse
                          http://tempuri.org/Contract/MSValue2Response2%VirustotalBrowse
                          http://www.zhongyicts.com.cn1%VirustotalBrowse
                          194.190.152.148:58710%Avira URL Cloudsafe
                          https://gunaui.com/pricing0%Avira URL Cloudsafe
                          https://gunaui.com/api/licensing.php0%Avira URL Cloudsafe
                          http://tempuri.org/Contract/MSValue3Response2%VirustotalBrowse
                          http://tempuri.org/Contract/MSValue3ResponseD2%VirustotalBrowse
                          https://gunaui.com/0%Avira URL Cloudsafe
                          http://tempuri.org/Contract/MSValue2ResponseD0%Avira URL Cloudsafe
                          https://gunaui.com/api/licensing.php0%VirustotalBrowse
                          http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
                          https://gunaui.com/pricing0%VirustotalBrowse
                          194.190.152.148:58713%VirustotalBrowse
                          http://tempuri.org/Contract/MSValue10%Avira URL Cloudsafe
                          http://tempuri.org/1%VirustotalBrowse
                          http://tempuri.org/Contract/MSValue20%Avira URL Cloudsafe
                          http://tempuri.org/Contract/MSValue30%Avira URL Cloudsafe
                          http://www.founder.com.cn/cn/bThe1%VirustotalBrowse
                          https://gunaui.com/0%VirustotalBrowse
                          http://tempuri.org/Contract/MSValue11%VirustotalBrowse
                          http://tempuri.org/D0%Avira URL Cloudsafe
                          http://tempuri.org/Contract/MSValue31%VirustotalBrowse
                          http://tempuri.org/Contract/MSValue24%VirustotalBrowse
                          http://tempuri.org/Contract/MSValue2ResponseD2%VirustotalBrowse
                          http://tempuri.org/D1%VirustotalBrowse

                          Domains and IPs

                          Contacted Domains

                          No contacted domains info

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          194.190.152.148:5871true
                          • 3%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TextVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://schemas.xmlsoap.org/ws/2005/02/sc/sctVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://duckduckgo.com/chrome_newtabVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/ac/?q=VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinaryVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/Contract/MSValue3ResponseDVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003434000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 2%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/Contract/MSValue2ResponseVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 2%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://tempuri.org/VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • 1%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.com/designersWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/PrepareVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.sajatypeworks.comWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecretVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.founder.com.cn/cn/cTheWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#licenseVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceVLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/faultVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://schemas.xmlsoap.org/ws/2004/10/wsatVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.galapagosdesign.com/DPleaseWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeyVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.urwpp.deDPleaseWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.zhongyicts.com.cnWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • 1%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/RenewVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://gunaui.com/pricingWINChamsBPCrack.exe, 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api.ip.sb/ipVLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        http://schemas.xmlsoap.org/ws/2004/04/scVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PCVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CancelVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://tempuri.org/Contract/MSValue3ResponseVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003434000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • 2%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/IssueVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.ecosia.org/newtab/VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedVLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.carterandcone.comlWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnlyVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/ReplayVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64BinaryVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PCVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKeyVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://www.fontbureau.com/designers/frere-user.htmlWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://schemas.xmlsoap.org/ws/2004/08/addressingVLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/CompletionVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trustVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://gunaui.com/api/licensing.phpWINChamsBPCrack.exe, 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                • 0%, Virustotal, Browse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/CancelVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trust/NonceVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://gunaui.com/WINChamsBPCrack.exe, 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • 0%, Virustotal, Browse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://tempuri.org/Contract/MSValue2ResponseDVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      • 2%, Virustotal, Browse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnsVLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://schemas.xmlsoap.org/ws/2005/02/trust/RenewVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.fontbureau.com/designersGWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.fontbureau.com/designers/?WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.founder.com.cn/cn/bTheWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • 1%, Virustotal, Browse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKeyVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.fontbureau.com/designers?WINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://schemas.xmlsoap.org/ws/2006/02/addressingidentityVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/soap/envelope/VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/erfg12/memory.dll#WINChamsBPCrack.exe, 00000002.00000002.2991182694.00000241F1130000.00000004.08000000.00040000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.tiro.comWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://tempuri.org/Contract/MSValue1VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  • 1%, Virustotal, Browse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/trustVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://tempuri.org/Contract/MSValue2VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • 4%, Virustotal, Browse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      http://tempuri.org/Contract/MSValue3VLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      • 1%, Virustotal, Browse
                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://duckduckgo.com/chrome_newtabSVLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.goodfont.co.krWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://tempuri.org/DVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            • 1%, Virustotal, Browse
                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                            		unknown
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/06/addressingexVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.typography.netDWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                              		unknown
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wscoorVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.galapagosdesign.com/staff/dennis.htmWINChamsBPCrack.exe, 00000002.00000002.2995688476.00000241F4872000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseVLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/08/addressing/faultVLAD SANELI.exe, 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/RenewVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510VLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKeyVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000392E000.00000004.00000800.00020000.00000000.sdmp, VLAD SANELI.exe, 00000001.00000002.1778443471.000000000398B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQVLAD SANELI.exe, 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                World Map of Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public IPs

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                194.190.152.148
                                                                                                                                                                                		unknownRussian Federation
                                                                                                                                                                                		41615RSHB-ASRUtrue

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox Version:38.0.0 Ammolite
                                                                                                                                                                                Analysis ID:1333695
                                                                                                                                                                                Start date and time:2023-10-28 17:56:05 +02:00
                                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 7m 23s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                Number of analysed new started processes analysed:10
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Sample file name:0EZ9Ho3Ruc.exe
                                                                                                                                                                                renamed because original name is a hash value
                                                                                                                                                                                Original Sample Name:19F0959FE3AC2F52618FDC2E4A3FC7BE.exe
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal100.troj.spyw.evad.winEXE@5/3@0/1
                                                                                                                                                                                EGA Information:
                                                                                                                                                                                • Successful, ratio: 66.7%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 58%
                                                                                                                                                                                • Number of executed functions: 238
                                                                                                                                                                                • Number of non-executed functions: 13
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Found application associated with file extension: .exe

                                                                                                                                                                                Warnings

                                                                                                                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                • Execution Graph export aborted for target WINChamsBPCrack.exe, PID 6496 because it is empty
                                                                                                                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                17:57:03API Interceptor25x Sleep call for process: VLAD SANELI.exe modified

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                No context

                                                                                                                                                                                Domains

                                                                                                                                                                                No context

                                                                                                                                                                                ASNs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                RSHB-ASRUParalysis Hack.exeGet hashmaliciouszgRATBrowse
                                                                                                                                                                                • 194.190.153.137
                                                                                                                                                                                file.exeGet hashmalicious000StealerBrowse
                                                                                                                                                                                • 194.190.152.193
                                                                                                                                                                                EgNIXduB6T.exeGet hashmaliciousErbium StealerBrowse
                                                                                                                                                                                • 194.190.152.194
                                                                                                                                                                                2MNB4UhUqR.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                • 194.190.152.20
                                                                                                                                                                                w9d568i4Ia.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                • 194.190.152.128
                                                                                                                                                                                3pqdFTqin9.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                • 194.190.152.128
                                                                                                                                                                                nJX6vEzSO5.exeGet hashmaliciousRedLineBrowse
                                                                                                                                                                                • 194.190.153.31
                                                                                                                                                                                X3JoqrBG6b.dllGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                • 194.190.152.209
                                                                                                                                                                                Hlf35fELn8.exeGet hashmaliciousAmadeyBrowse
                                                                                                                                                                                • 194.190.152.209
                                                                                                                                                                                U6EbIncPHD.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                                                • 194.190.153.41

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                No context

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                No context

                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\VLAD SANELI.exe.log

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe
                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):2633
                                                                                                                                                                                Entropy (8bit):5.326570006890401
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:48:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HDfHK7HKhBHKdHK8THQmHKtXoDHsLHqHDl:Pq5qHwCYqh3oPtI6eqzxTq7qLqdqojqe
                                                                                                                                                                                MD5:9CFBE9E5DE47BD10B9C9026C4159751F
                                                                                                                                                                                SHA1:9D3DD42B6D8A245DA6DB257C76BA3541497EF07A
                                                                                                                                                                                SHA-256:413ED7E418ACD84EB3A141F346160A146E5DD6A1CE68C15F32EBCEAD9EB1D23B
                                                                                                                                                                                SHA-512:F16F11E717AF574A860D10AE3777CCE567AECF595693A2C83EADA0C007C3E82555556C815EC6B20D822308B334A62B27EC48CD3A1281255CB56652743632E505
                                                                                                                                                                                Malicious:false
                                                                                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\0EZ9Ho3Ruc.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):371200
                                                                                                                                                                                Entropy (8bit):5.55905837793857
                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                SSDEEP:3072:aIDqWnkWmtN0rtzuV4nZQnKyBjBmGIVlXFjnabQo/qiV4WIAON1XKnf:aIDq6kxESV4nZcBBm3PWbcAON1a
                                                                                                                                                                                MD5:624026B2505922E950721A6F29006C30
                                                                                                                                                                                SHA1:764AEDEEE5F2A0638F3ECB398476083560AC8275
                                                                                                                                                                                SHA-256:06CE76FFD891085E5AD21A5FB3E3CAE858FA732C13EB691C0BC8EA0A5DA8B21A
                                                                                                                                                                                SHA-512:CEC195567A26BFAFB665F8E194F4AF5B12300DACFE665F9BE90184FCE2C95F0B697122800495CD642CFD7B1B296405F7E0C360357DD18061AE477DA790CF6DB2
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe, Author: Joe Security
                                                                                                                                                                                • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe, Author: ditekSHen
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 91%
                                                                                                                                                                                • Antivirus: Virustotal, Detection: 78%, Browse
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...T6................0.................. ........@.. ....................................@.....................................O.......0............................................................................ ............... ..H............text........ ...................... ..`.rsrc...0...........................@..@.reloc..............................@..B........................H.......T...X............................................................O1..h..o ....Fk...U.......uq.q..C=:.l^.......$d.......Pz ']..zy!._..uH.CZ&..^..aZy......8X..0..m..q.y:...N.....H..6..T....0...F.....%.g.B.j...8S............*_...=...ZU..T..>R.....647.`0........,EJ.L@..x...pk.B.8..>...j).D...[}......4..W[.`>.7..z=.qpb+L4...L.....5.M..Gf.a=.FoY.b*....{;n.......{..WC<...:e[.............6..].../.U..b.....yY..@...v...V..)N...l.O...e|...f<......a..

                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe

                                                                                                                                                                                Download File
                                                                                                                                                                                Process:C:\Users\user\Desktop\0EZ9Ho3Ruc.exe
                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                Category:dropped
                                                                                                                                                                                Size (bytes):869888
                                                                                                                                                                                Entropy (8bit):7.992371155247238
                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                SSDEEP:24576:cfWjg4xVGitOcfYmzwGXvlBeDWH89eosLliGnIuN1Km:cfWjgYEitVwmzwGXvlBNH89kLZnTam
                                                                                                                                                                                MD5:3B3C685EAE1F5EC6D0EFD6ED370D999C
                                                                                                                                                                                SHA1:79355AF51D9A226F5A76FDC4053B63FDAEE8BB1C
                                                                                                                                                                                SHA-256:92F40003D87A93E1891D54CEADE9270FFFE74F957030DBA49A2F7B68ADE177C1
                                                                                                                                                                                SHA-512:5286E9DF9C6E6FE6E7683048A0DF14F5AA7F93FD8E458904655EC3CDF7D0DB490C2D02F52ED908D2DCE56CB1434DC1EA0B4679FB0637D258B0A2FA2A3844275C
                                                                                                                                                                                Malicious:true
                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe, Author: Joe Security
                                                                                                                                                                                Antivirus:
                                                                                                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 57%
                                                                                                                                                                                • Antivirus: Virustotal, Detection: 39%, Browse
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...h............."...0..<...........Z... ........@.. ....................................`.................................`Z..K....`...............................Y..8............................................ ............... ..H............text....:... ...<.................. ..`.rsrc........`.......>..............@..@.reloc...............D..............@..B.................Z......H......../...)..........l3..p............................................($...*..s....}......}.....(.......(.....*...0...........s.......{....o....o.......{....o....o......o....r...p(....,..o....r...p(....+....,]..{.....o......{.....o......{.....o......{.....o......{.....o......{.....o.....r...p(....&.+..r%..p(....&.*..*...{....(....r...pr...pr...p..o....&r...p(....&*...0..;.......s......(....}......}......}......}......}.....|......(...+*..0..+.........,..{.......+....,...{.

                                                                                                                                                                                Static File Info

                                                                                                                                                                                General

                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                Entropy (8bit):7.992922479980751
                                                                                                                                                                                TrID:
                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                                                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                • VXD Driver (31/22) 0.00%
                                                                                                                                                                                File name:0EZ9Ho3Ruc.exe
                                                                                                                                                                                File size:1'048'064 bytes
                                                                                                                                                                                MD5:19f0959fe3ac2f52618fdc2e4a3fc7be
                                                                                                                                                                                SHA1:670aec0bfa4b20b9ad42998bc1ce95a563c51f93
                                                                                                                                                                                SHA256:f7f99750fc7f8183e760315a48d42591ab9bedfbc6c1b89c4035e1a10b9c038d
                                                                                                                                                                                SHA512:83d7fe2dea8bad6471001134c015d5c1098033df6fa82727ec910bfd166600ee77dbbb411ca39468c69228e0ab93f1448049b4afad9153f5be520027e2b3be21
                                                                                                                                                                                SSDEEP:12288:gSXEp/j9Lz8nCTxI4OaMBnxTA0jAkaGELWju1y6sYPiPAWL1/r/3UD7VbYwp4Lgo:ERjKCNwBx1aGWWjGioHD774Lg4ufi
                                                                                                                                                                                TLSH:1F2533B878FA98E4C0729AF12EC311F52EA66B2554843F56CFF6CDCAB054E07A9504F4
                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......Q..................................... ....@........................................................................

                                                                                                                                                                                File Icon

                                                                                                                                                                                Icon Hash:90cececece8e8eb0

                                                                                                                                                                                Static PE Info

                                                                                                                                                                                General

                                                                                                                                                                                Entrypoint:0x401ae1
                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                DLL Characteristics:
                                                                                                                                                                                Time Stamp:0x51BC99EC [Sat Jun 15 16:44:28 2013 UTC]
                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                Import Hash:d5d9d937853db8b666bd4b525813d7bd

                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                Instruction
                                                                                                                                                                                call 00007F0B4CE2C5E1h
                                                                                                                                                                                mov dword ptr [0040300Bh], eax
                                                                                                                                                                                push 00000000h
                                                                                                                                                                                call 00007F0B4CE2C5EDh
                                                                                                                                                                                mov dword ptr [00403013h], eax
                                                                                                                                                                                call 00007F0B4CE2C5EFh
                                                                                                                                                                                mov dword ptr [00403C70h], eax
                                                                                                                                                                                push 0000000Ah
                                                                                                                                                                                push dword ptr [0040300Bh]
                                                                                                                                                                                push 00000000h
                                                                                                                                                                                push dword ptr [00403013h]
                                                                                                                                                                                call 00007F0B4CE2BA6Fh
                                                                                                                                                                                push 00000000h
                                                                                                                                                                                call 00007F0B4CE2C598h
                                                                                                                                                                                int3
                                                                                                                                                                                jmp dword ptr [0040207Ch]
                                                                                                                                                                                jmp dword ptr [00402008h]
                                                                                                                                                                                jmp dword ptr [0040200Ch]
                                                                                                                                                                                jmp dword ptr [00402010h]
                                                                                                                                                                                jmp dword ptr [00402014h]
                                                                                                                                                                                jmp dword ptr [00402018h]
                                                                                                                                                                                jmp dword ptr [0040201Ch]
                                                                                                                                                                                jmp dword ptr [00402020h]
                                                                                                                                                                                jmp dword ptr [00402024h]
                                                                                                                                                                                jmp dword ptr [00402028h]
                                                                                                                                                                                jmp dword ptr [0040202Ch]
                                                                                                                                                                                jmp dword ptr [00402030h]
                                                                                                                                                                                jmp dword ptr [00402034h]
                                                                                                                                                                                jmp dword ptr [00402038h]
                                                                                                                                                                                jmp dword ptr [0040203Ch]
                                                                                                                                                                                jmp dword ptr [00402040h]
                                                                                                                                                                                jmp dword ptr [00402044h]
                                                                                                                                                                                jmp dword ptr [00402048h]
                                                                                                                                                                                jmp dword ptr [0040204Ch]
                                                                                                                                                                                jmp dword ptr [00402050h]
                                                                                                                                                                                jmp dword ptr [00402054h]
                                                                                                                                                                                jmp dword ptr [00402058h]
                                                                                                                                                                                jmp dword ptr [00402000h]

                                                                                                                                                                                Data Directories

                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x20bc0x50.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x110000xfde08.rsrc
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000xbc.rdata
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                Sections

                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                .text0x10000xc260xe00False0.47935267857142855data5.1463325678068115IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .rdata0x20000x4c00x600False0.4055989583333333data4.212357479426224IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                .data0x30000xd6f00x600False0.16927083333333334data1.7255508052001818IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                .rsrc0x110000xfde080xfe000False0.9924066498523622data7.9950492861679106IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                Resources

                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                IMAGE0x1110c0x42PC bitmap, Windows 3.x format, 1 x 1 x 1, image size 4, cbSize 66, bits offset 62EnglishUnited States0.5151515151515151
                                                                                                                                                                                RT_RCDATA0x111500x2b4a2data0.9575104052697474
                                                                                                                                                                                RT_RCDATA0x3c5f40xd276ddata1.0001995218435817
                                                                                                                                                                                RT_RCDATA0x10ed640xa2data0.8148148148148148

                                                                                                                                                                                Imports

                                                                                                                                                                                DLLImport
                                                                                                                                                                                shlwapi.dllPathFindFileNameA
                                                                                                                                                                                kernel32.dllLockResource, lstrlenA, CloseHandle, CreateFileA, ExitProcess, FindResourceA, FreeResource, GetCommandLineA, GetEnvironmentVariableA, GetFileSize, GetModuleFileNameA, GetModuleHandleA, GetProcAddress, GetProcessHeap, GetSystemDirectoryA, GetTempPathA, GetWindowsDirectoryA, GlobalAlloc, GlobalFree, HeapAlloc, HeapFree, LoadLibraryA, LoadResource, lstrcpynA, RtlMoveMemory, SetFileAttributesA, SizeofResource, WriteFile, lstrcatA, lstrcpyA
                                                                                                                                                                                user32.dllCreateWindowExA, DefWindowProcA, DispatchMessageA, GetMessageA, LoadCursorA, LoadIconA, MessageBoxA, PostQuitMessage, RegisterClassExA, SendMessageA, ShowWindow, TranslateMessage, UpdateWindow

                                                                                                                                                                                Possible Origin

                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                Network Behavior

                                                                                                                                                                                Snort IDS Alerts

                                                                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                192.168.2.4194.190.152.1484973658712046045 10/28/23-17:57:03.772338TCP2046045ET TROJAN [ANY.RUN] RedLine Stealer Related (MC-NMF Authorization)497365871192.168.2.4194.190.152.148
                                                                                                                                                                                194.190.152.148192.168.2.45871497362046056 10/28/23-17:57:04.378328TCP2046056ET TROJAN Redline Stealer Activity (Response)587149736194.190.152.148192.168.2.4
                                                                                                                                                                                192.168.2.4194.190.152.1484973658712046105 10/28/23-17:57:04.151600TCP2046105ET TROJAN Redline Stealer TCP CnC Activity - MSValue (Outbound)497365871192.168.2.4194.190.152.148

                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                TCP Packets

                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                Oct 28, 2023 17:57:03.271753073 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:03.491890907 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:03.492010117 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:03.504458904 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:03.730106115 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:03.772337914 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:04.041754007 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:04.102741003 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:04.151599884 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:04.378328085 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:04.378385067 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:04.378492117 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:04.378509045 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:04.378530025 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:04.378566980 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:04.378581047 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:04.378602028 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:04.378654003 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:05.862869978 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.083338976 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.083393097 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.083447933 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.083482981 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.083532095 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.083653927 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.303423882 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.303482056 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.303500891 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.303929090 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.303996086 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.304032087 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.304050922 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.304065943 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.304080963 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.304511070 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.305968046 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.306045055 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.307699919 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.307764053 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.524808884 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.524873018 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.524904966 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.524976969 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.524987936 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.525129080 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.539501905 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.539530993 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.539609909 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.539843082 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.746633053 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.746691942 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.746727943 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.746751070 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.746812105 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.746860027 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.747603893 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.747659922 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.748224974 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.748286963 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.762588024 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.762650967 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.762800932 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.763334990 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.763744116 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.764391899 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.764463902 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.764698982 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.764708996 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.764731884 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.764859915 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.765269995 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.765330076 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.765543938 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.765598059 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.765697956 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.765846968 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.765916109 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.773993969 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.774159908 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.967530012 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.967588902 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.967605114 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.967636108 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.974565029 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.974617004 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.975225925 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.975429058 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.986882925 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.986911058 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.986920118 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.986927032 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.986933947 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.986942053 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987314939 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987341881 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987380981 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987394094 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987409115 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987422943 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987453938 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987598896 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987622976 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987670898 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.987982035 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.988056898 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.988559961 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.988724947 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:06.989280939 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:06.989458084 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.195880890 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.196165085 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.196180105 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.196194887 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.196638107 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.196844101 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.197035074 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.197217941 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.197578907 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.197617054 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.197762966 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.197911024 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.198196888 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.198482037 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.198529005 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.198827982 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.199016094 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.199152946 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.199368000 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.199546099 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.199882030 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.199928999 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.200158119 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.200407028 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.200572014 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.208095074 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.208424091 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.208609104 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.209156990 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.209172010 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.209184885 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.209198952 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.209338903 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.210578918 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.210905075 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.211131096 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.211249113 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.211420059 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.211945057 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.212955952 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.213623047 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.213738918 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.213859081 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.215437889 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.215452909 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.215466022 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.215538025 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.215552092 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.215565920 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.215616941 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.215707064 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.216026068 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.216169119 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.231370926 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.427925110 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.428025007 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.428153038 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.428745031 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.429105997 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.429291964 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.430003881 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.430373907 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.430761099 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.431041002 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.431071997 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.431554079 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.431611061 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.431828022 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.432013988 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.432214022 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.432418108 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.432497025 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.435110092 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.435424089 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.435471058 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.435548067 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.435659885 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.435739994 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.435811996 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.436019897 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.436347008 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.437074900 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.437144041 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.437216043 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.437246084 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.437277079 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.437916994 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.437947989 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.438020945 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.438052893 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.438338995 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.438517094 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.438745975 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.439282894 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.439312935 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.439743996 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.440377951 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.440408945 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.440850019 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.440906048 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.441154003 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.441267014 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.447025061 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.655004025 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.655062914 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.655483007 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.655587912 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.655605078 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.655622005 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.655637026 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.655936956 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.656066895 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.656338930 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.656500101 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.656739950 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.656936884 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.657169104 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.657372952 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.657624960 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.657877922 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.658040047 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.658381939 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.658413887 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.658703089 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.658842087 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.659193993 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.659224033 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.659498930 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.659960985 CEST497365871192.168.2.4194.190.152.148
                                                                                                                                                                                Oct 28, 2023 17:57:07.660047054 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.660255909 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.660413027 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.660567999 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.660839081 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.660950899 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.661453009 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.661611080 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.661828041 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.662044048 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.662126064 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.662501097 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.662687063 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.663103104 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.663374901 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.663405895 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.663930893 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.664134026 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.664455891 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.664608002 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.664756060 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.665091991 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.879781008 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.879843950 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.879878044 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.879910946 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.880198002 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.880284071 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.880639076 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.880672932 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.880856991 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.881066084 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.881251097 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.881839991 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.958297968 CEST587149736194.190.152.148192.168.2.4
                                                                                                                                                                                Oct 28, 2023 17:57:07.986856937 CEST497365871192.168.2.4194.190.152.148

                                                                                                                                                                                Statistics

                                                                                                                                                                                CPU Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                Memory Usage

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                Behavior

                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                System Behavior

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:0
                                                                                                                                                                                Start time:17:57:00
                                                                                                                                                                                Start date:28/10/2023
                                                                                                                                                                                Path:C:\Users\user\Desktop\0EZ9Ho3Ruc.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:C:\Users\user\Desktop\0EZ9Ho3Ruc.exe
                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                File size:1'048'064 bytes
                                                                                                                                                                                MD5 hash:19F0959FE3AC2F52618FDC2E4A3FC7BE
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000003.1714559894.0000000000766000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000003.1718264812.0000000002F11000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000003.1718603001.0000000002FF0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:1
                                                                                                                                                                                Start time:17:57:00
                                                                                                                                                                                Start date:28/10/2023
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe
                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe"
                                                                                                                                                                                Imagebase:0xe70000
                                                                                                                                                                                File size:371'200 bytes
                                                                                                                                                                                MD5 hash:624026B2505922E950721A6F29006C30
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.1718058455.0000000000E72000.00000002.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.1778443471.0000000003325000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.1778443471.00000000032C1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe, Author: Joe Security
                                                                                                                                                                                • Rule: MALWARE_Win_RedLine, Description: Detects RedLine infostealer, Source: C:\Users\user\AppData\Local\Temp\VLAD SANELI.exe, Author: ditekSHen
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 91%, ReversingLabs
                                                                                                                                                                                • Detection: 78%, Virustotal, Browse
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:true

                                                                                                                                                                                General

                                                                                                                                                                                Target ID:2
                                                                                                                                                                                Start time:17:57:00
                                                                                                                                                                                Start date:28/10/2023
                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe
                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe"
                                                                                                                                                                                Imagebase:0x241f0c70000
                                                                                                                                                                                File size:869'888 bytes
                                                                                                                                                                                MD5 hash:3B3C685EAE1F5EC6D0EFD6ED370D999C
                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                Programmed in:.Net C# or VB.NET
                                                                                                                                                                                Yara matches:
                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000000.1719422132.00000241F0C72000.00000002.00000001.01000000.00000007.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000002.00000002.2973535804.0000024180001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000002.00000002.2992440379.00000241F3440000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: C:\Users\user\AppData\Local\Temp\WINChamsBPCrack.exe, Author: Joe Security
                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                • Detection: 57%, ReversingLabs
                                                                                                                                                                                • Detection: 39%, Virustotal, Browse
                                                                                                                                                                                Reputation:low
                                                                                                                                                                                Has exited:false

                                                                                                                                                                                Disassembly

                                                                                                                                                                                Reset < >

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:64%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                  Signature Coverage:59.3%
                                                                                                                                                                                  Total number of Nodes:81
                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                  execution_graph 161 401ae1 GetCommandLineA GetModuleHandleA GetProcessHeap 164 401000 6 API calls 161->164 165 4010cc GetMessageA 164->165 166 4010e0 TranslateMessage DispatchMessageA 165->166 167 4010f4 ExitProcess 165->167 166->165 255 4018a8 lstrcpyA lstrcatA lstrcatA lstrcatA lstrcatA 256 401906 255->256 168 4010fb 169 401111 168->169 170 40110a 168->170 171 401117 169->171 172 40112f 169->172 179 40135a GetSystemDirectoryA PathAddBackslashA GetWindowsDirectoryA 170->179 223 4011cf 14 API calls 171->223 175 401142 DefWindowProcA 172->175 176 401135 PostQuitMessage 172->176 178 40111c SendMessageA 178->175 180 401395 GetTempPathA 179->180 181 4013af GetModuleFileNameA 180->181 182 4013cb GetEnvironmentVariableA 181->182 183 4013ed 182->183 224 401907 FindResourceA 183->224 185 40142a 186 401438 185->186 238 4011c4 185->238 235 401abe 186->235 190 401445 FindResourceA 191 401455 190->191 192 40145a SizeofResource 190->192 194 401887 191->194 195 40188e 191->195 192->191 193 401470 LoadResource 192->193 193->191 196 40148b LockResource 193->196 247 401157 lstrcpyA lstrcatA lstrcatA 194->247 199 401897 ExitProcess 195->199 200 40189c ExitProcess 195->200 196->191 198 40149f GlobalAlloc 196->198 198->191 202 4014ba RtlMoveMemory 198->202 203 4018a3 200->203 212 40150c 202->212 204 4014f9 GlobalAlloc 204->191 204->212 205 401515 RtlMoveMemory 206 401549 GlobalFree lstrcpynA 205->206 207 40159e lstrcpyA lstrlenA 206->207 206->212 207->212 208 4015c1 lstrcpyA lstrlenA 208->212 209 40163f lstrcpyA 210 40165f lstrcatA 209->210 211 401692 CreateFileA WriteFile 210->211 215 401677 210->215 214 4017cd CloseHandle GlobalFree SetFileAttributesA 211->214 211->215 212->204 212->205 212->206 212->208 212->209 213 401683 lstrcpyA 213->211 214->215 215->211 215->213 215->214 217 401866 FreeResource 215->217 218 401701 HeapAlloc WriteFile HeapFree 215->218 219 40174f CreateFileA GetFileSize CloseHandle 215->219 221 401824 lstrcpyA PathFindFileNameA 215->221 222 401854 ShellExecuteA 215->222 243 4012f7 215->243 217->190 217->191 218->214 219->214 220 40178d HeapAlloc WriteFile HeapFree 219->220 220->214 221->215 222->217 223->178 225 401925 SizeofResource 224->225 227 401920 224->227 225->227 228 40193b LoadResource 225->228 226 401b16 ExitProcess 227->226 228->227 229 401956 LockResource 228->229 229->227 230 40196a RtlMoveMemory 229->230 231 401993 230->231 232 4019a6 HeapAlloc RtlMoveMemory HeapAlloc RtlMoveMemory 231->232 233 401a09 GlobalAlloc RtlMoveMemory FreeResource 231->233 232->233 233->185 233->226 236 40143d 235->236 237 401ac7 MessageBoxA 235->237 236->190 237->236 249 40119d GetPEB 238->249 240 4011c9 252 4011af GetPEB 240->252 242 4011ce 242->186 244 401320 243->244 245 40132c lstrlenA 244->245 246 40134d 245->246 246->215 248 40119c 247->248 248->200 250 4011a9 249->250 250->240 251 401b16 ExitProcess 250->251 253 4011be 252->253 253->242 254 401b16 ExitProcess 253->254

                                                                                                                                                                                  Callgraph

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 0040135A Relevance: 91.4, APIs: 43, Strings: 9, Instructions: 373COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 0 40135a-401431 GetSystemDirectoryA PathAddBackslashA GetWindowsDirectoryA GetTempPathA GetModuleFileNameA GetEnvironmentVariableA call 401907 11 401433 call 4011c4 0->11 12 401438-401443 call 401abe 0->12 11->12 16 401445-401453 FindResourceA 12->16 17 401455 16->17 18 40145a-401469 SizeofResource 16->18 19 40187e-401885 17->19 20 401470-401484 LoadResource 18->20 21 40146b 18->21 22 401887-40188c call 401157 19->22 23 40188e-401895 19->23 24 401486 20->24 25 40148b-401498 LockResource 20->25 21->19 30 40189c-40189e ExitProcess 22->30 29 401897 ExitProcess 23->29 23->30 24->19 27 40149a 25->27 28 40149f-4014b3 GlobalAlloc 25->28 27->19 32 4014b5 28->32 33 4014ba-401505 RtlMoveMemory call 401a90 GlobalAlloc 28->33 34 4018a3 30->34 32->19 37 401507 33->37 38 40150c-401513 33->38 37->19 39 401515-401526 RtlMoveMemory 38->39 40 401528-401541 38->40 41 401549-40159c GlobalFree lstrcpynA 39->41 40->41 42 4015b4-4015bf 41->42 43 40159e-4015b1 lstrcpyA lstrlenA 41->43 44 4015c1-4015d4 lstrcpyA lstrlenA 42->44 45 4015d7-4015dc 42->45 43->42 44->45 46 4015e6-4015e9 45->46 47 4015de-4015e4 45->47 49 4015f3-4015f6 46->49 50 4015eb-4015f1 46->50 48 40163f-401675 lstrcpyA lstrcatA 47->48 58 401692-4016d2 CreateFileA WriteFile 48->58 59 401677-401681 48->59 51 401600-401603 49->51 52 4015f8-4015fe 49->52 50->48 54 401605-40160b 51->54 55 40160d-401610 51->55 52->48 54->48 56 401612-401618 55->56 57 40161a-40161d 55->57 56->48 60 401627-40162a 57->60 61 40161f-401625 57->61 63 4016d8-4016e2 58->63 64 4017cd-4017f1 CloseHandle GlobalFree SetFileAttributesA 58->64 59->58 62 401683-40168d lstrcpyA 59->62 65 401634-401637 60->65 66 40162c-401632 60->66 61->48 62->58 63->64 69 4016e8-4016ef 63->69 67 4017f3-4017f8 call 4012f7 64->67 68 4017fd-401802 64->68 65->48 72 401639 65->72 66->48 67->68 74 401804-40180a 68->74 75 401866-401878 FreeResource 68->75 70 4016f1-4016fb 69->70 71 401746-40174d 69->71 70->64 76 401701-401741 HeapAlloc WriteFile HeapFree 70->76 71->64 77 40174f-40178b CreateFileA GetFileSize CloseHandle 71->77 72->48 78 401810-401813 74->78 79 40180c-40180e 74->79 75->16 75->19 76->64 77->64 80 40178d-4017c8 HeapAlloc WriteFile HeapFree 77->80 82 401815-401817 78->82 83 401819-40181c 78->83 81 401824-401849 lstrcpyA PathFindFileNameA 79->81 80->64 84 401852 81->84 85 40184b-401850 81->85 82->81 86 401822 83->86 87 40181e-401820 83->87 88 401854-401860 ShellExecuteA 84->88 85->88 86->81 87->81 88->75
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetSystemDirectoryA.KERNEL32(C:\Windows\system32\,00001000), ref: 0040136B
                                                                                                                                                                                  • PathAddBackslashA.KERNELBASE(C:\Windows\system32\), ref: 00401375
                                                                                                                                                                                  • GetWindowsDirectoryA.KERNEL32(00404C84,00001000), ref: 00401385
                                                                                                                                                                                  • GetTempPathA.KERNEL32(00001000,00405C84), ref: 0040139F
                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\,00000200), ref: 004013BB
                                                                                                                                                                                  • GetEnvironmentVariableA.KERNEL32(APPDATA,00407C84,00001000), ref: 004013DD
                                                                                                                                                                                    • Part of subcall function 00401907: FindResourceA.KERNEL32(00000000,00001001,0000000A), ref: 00401917
                                                                                                                                                                                    • Part of subcall function 00401907: ExitProcess.KERNEL32(00000000,00000000,0000000A,00000000), ref: 00401B18
                                                                                                                                                                                  • FindResourceA.KERNEL32(00000000,00000001,0000000A), ref: 0040144C
                                                                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000,00000000,00000001,0000000A,00000001), ref: 00401462
                                                                                                                                                                                  • LoadResource.KERNEL32(00000000,00000000,00000000,00000000,00000001,0000000A,00000001), ref: 0040147D
                                                                                                                                                                                  • ExitProcess.KERNEL32(?,?,?,?,004106BC,00000000,00406C84,C0000000,00000003,00000000,00000002,00000080,00000000,00406C84,WINChamsBPCrack.exe), ref: 00401897
                                                                                                                                                                                  • ExitProcess.KERNEL32(00000000,?,?,?,?,004106BC,00000000,00406C84,C0000000,00000003,00000000,00000002,00000080,00000000,00406C84,WINChamsBPCrack.exe), ref: 0040189E
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Resource$ExitProcess$DirectoryFindPath$BackslashEnvironmentFileLoadModuleNameSizeofSystemTempVariableWindows
                                                                                                                                                                                  • String ID: APPDATA$C:\Dir1\SubDir$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\$C:\Users\user\Desktop\$C:\Windows\system32\$WINChamsBPCrack.exe$m'$open
                                                                                                                                                                                  • API String ID: 1865746177-3540159904
                                                                                                                                                                                  • Opcode ID: 0b4706bb5c93686d89f6ed56fbf093ccd5effdb974abd12bc2b349d010d1b901
                                                                                                                                                                                  • Instruction ID: 87517960ec9dbd09822493e96d6633269da166b851f384452dd9e845d648968f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b4706bb5c93686d89f6ed56fbf093ccd5effdb974abd12bc2b349d010d1b901
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3ED18271A44205AFFB24AFA1DD42FA93AB4EB04715F20403BF501B51F1DBBD6A908B1E
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004011CF Relevance: 47.3, APIs: 14, Strings: 13, Instructions: 53libraryloaderCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryA.KERNEL32(Shell32.dll,0040111C), ref: 004011D4
                                                                                                                                                                                  • GetProcAddress.KERNEL32(ShellExecuteA,Shell32.dll), ref: 004011E9
                                                                                                                                                                                  • GetProcAddress.KERNEL32(SHGetSpecialFolderPathA,0040111C), ref: 004011FE
                                                                                                                                                                                  • LoadLibraryA.KERNEL32(shlwapi.dll,SHGetSpecialFolderPathA,0040111C), ref: 0040120D
                                                                                                                                                                                  • GetProcAddress.KERNEL32(PathFindFileNameA,shlwapi.dll), ref: 00401222
                                                                                                                                                                                  • GetProcAddress.KERNEL32(PathAddBackslashA,PathFindFileNameA), ref: 00401237
                                                                                                                                                                                  • LoadLibraryA.KERNEL32(advapi32.dll,PathAddBackslashA,PathFindFileNameA,shlwapi.dll,SHGetSpecialFolderPathA,0040111C), ref: 00401246
                                                                                                                                                                                  • GetProcAddress.KERNEL32(RegCreateKeyExA,advapi32.dll), ref: 0040125B
                                                                                                                                                                                  • GetProcAddress.KERNEL32(RegSetValueExA,RegCreateKeyExA), ref: 00401270
                                                                                                                                                                                  • GetProcAddress.KERNEL32(RegCloseKey,RegSetValueExA), ref: 00401285
                                                                                                                                                                                  • LoadLibraryA.KERNEL32(ntdll.dll,RegCloseKey,RegSetValueExA,RegCreateKeyExA,advapi32.dll,PathAddBackslashA,PathFindFileNameA,shlwapi.dll,SHGetSpecialFolderPathA,0040111C), ref: 00401294
                                                                                                                                                                                  • GetProcAddress.KERNEL32(RtlDecompressBuffer,ntdll.dll), ref: 004012A9
                                                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,0040BC84,00001000,RtlDecompressBuffer,ntdll.dll,RegCloseKey,RegSetValueExA,RegCreateKeyExA,advapi32.dll,PathAddBackslashA,PathFindFileNameA,shlwapi.dll,SHGetSpecialFolderPathA,0040111C), ref: 004012BF
                                                                                                                                                                                  • GetEnvironmentVariableA.KERNEL32(ComSpec,0040FC84,00000500,00000000,0040BC84,00001000,RtlDecompressBuffer,ntdll.dll,RegCloseKey,RegSetValueExA,RegCreateKeyExA,advapi32.dll,PathAddBackslashA,PathFindFileNameA,shlwapi.dll,SHGetSpecialFolderPathA), ref: 004012D3
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: AddressProc$LibraryLoad$EnvironmentFileModuleNameVariable
                                                                                                                                                                                  • String ID: ComSpec$PathAddBackslashA$PathFindFileNameA$RegCloseKey$RegCreateKeyExA$RegSetValueExA$RtlDecompressBuffer$SHGetSpecialFolderPathA$Shell32.dll$ShellExecuteA$advapi32.dll$ntdll.dll$shlwapi.dll
                                                                                                                                                                                  • API String ID: 3647900824-1083084054
                                                                                                                                                                                  • Opcode ID: ed63defba397cbb933b777222a0bacb8b6594ff129ae780b5b0ed5781ffeacf7
                                                                                                                                                                                  • Instruction ID: a06bb1d97dbf063ac68fad512a01dcc274482fcad67705a1e8ff053d2cfa1aac
                                                                                                                                                                                  • Opcode Fuzzy Hash: ed63defba397cbb933b777222a0bacb8b6594ff129ae780b5b0ed5781ffeacf7
                                                                                                                                                                                  • Instruction Fuzzy Hash: AC11AA70A423046EE751BF32ED02BA93E75E790B45B20813BB440751F9E7FD19A19B1C
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00401AE1 Relevance: 6.0, APIs: 4, Instructions: 15memoryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCommandLineA.KERNEL32 ref: 00401AE1
                                                                                                                                                                                  • GetModuleHandleA.KERNEL32(00000000), ref: 00401AED
                                                                                                                                                                                  • GetProcessHeap.KERNEL32(00000000), ref: 00401AF7
                                                                                                                                                                                    • Part of subcall function 00401000: LoadIconA.USER32(00403000,000001F4), ref: 0040104C
                                                                                                                                                                                    • Part of subcall function 00401000: LoadCursorA.USER32(00000000,00007F00), ref: 0040105B
                                                                                                                                                                                    • Part of subcall function 00401000: RegisterClassExA.USER32(00000030), ref: 0040106E
                                                                                                                                                                                    • Part of subcall function 00401000: CreateWindowExA.USER32(00000000,WinClass32,WinClass32,00CF0000,?,?,?,?,00000000,00000000,00403000,00000000), ref: 004010AA
                                                                                                                                                                                    • Part of subcall function 00401000: ShowWindow.USER32(00000001,?), ref: 004010BC
                                                                                                                                                                                    • Part of subcall function 00401000: UpdateWindow.USER32(00000001), ref: 004010C7
                                                                                                                                                                                    • Part of subcall function 00401000: GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004010D6
                                                                                                                                                                                    • Part of subcall function 00401000: TranslateMessage.USER32(?), ref: 004010E4
                                                                                                                                                                                    • Part of subcall function 00401000: DispatchMessageA.USER32(?), ref: 004010ED
                                                                                                                                                                                  • ExitProcess.KERNEL32(00000000,00000000,0000000A,00000000), ref: 00401B18
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageWindow$LoadProcess$ClassCommandCreateCursorDispatchExitHandleHeapIconLineModuleRegisterShowTranslateUpdate
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 673778540-0
                                                                                                                                                                                  • Opcode ID: cfbab243bfee9b5cb56ef1db76fa81e74447810506c232cb5a36ea3a31cdea14
                                                                                                                                                                                  • Instruction ID: a064688063e39c940ae72a4b90be644b02f79907e5f24655d35d5466687fb791
                                                                                                                                                                                  • Opcode Fuzzy Hash: cfbab243bfee9b5cb56ef1db76fa81e74447810506c232cb5a36ea3a31cdea14
                                                                                                                                                                                  • Instruction Fuzzy Hash: FBD067749452006AE6217F71AE02B143E64E70074BF10407AB6057A1F5EB786A10670D
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004011AF Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 129 4011af-4011bc GetPEB 130 4011c3 129->130 131 4011be 129->131 132 401b16-401b1d ExitProcess 130->132 131->132
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ExitProcess.KERNEL32(00000000,00000000,0000000A,00000000), ref: 00401B18
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                  • Opcode ID: b282020c020ec24376e01dd257daea11e10f1f4ac2a3929f2a510d4130da15fc
                                                                                                                                                                                  • Instruction ID: 363a1f89bed63b7dcc895a87b01cf0a5ad2b70b8edfb3c7b62b81fcb133e7216
                                                                                                                                                                                  • Opcode Fuzzy Hash: b282020c020ec24376e01dd257daea11e10f1f4ac2a3929f2a510d4130da15fc
                                                                                                                                                                                  • Instruction Fuzzy Hash: E7C09234268A84CAE219AB08C15AF1133B5BB40B45FA1846BB2152A8F293BCA810E44A
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0040119D Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 125 40119d-4011a7 GetPEB 126 4011a9 125->126 127 4011ae 125->127 128 401b16-401b1d ExitProcess 126->128 127->128
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • ExitProcess.KERNEL32(00000000,00000000,0000000A,00000000), ref: 00401B18
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: ExitProcess
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 621844428-0
                                                                                                                                                                                  • Opcode ID: 016bcc260c57d67281d0a185370db58a258a073e77d6077e442bffbde582f7fc
                                                                                                                                                                                  • Instruction ID: e0a2e36e3d8c8f3e554d3af8483bffc66267ff5874ff8d07cdc79a1876b45754
                                                                                                                                                                                  • Opcode Fuzzy Hash: 016bcc260c57d67281d0a185370db58a258a073e77d6077e442bffbde582f7fc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 62B092306599809AE21AA318801AF917AB26F40B45FDAC4A7F206298F253BCA944D10A
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00401907 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • FindResourceA.KERNEL32(00000000,00001001,0000000A), ref: 00401917
                                                                                                                                                                                  • SizeofResource.KERNEL32(00000000,00000000), ref: 0040192D
                                                                                                                                                                                  • ExitProcess.KERNEL32(00000000,00000000,0000000A,00000000), ref: 00401B18
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Resource$ExitFindProcessSizeof
                                                                                                                                                                                  • String ID: m'
                                                                                                                                                                                  • API String ID: 1411291463-456806329
                                                                                                                                                                                  • Opcode ID: b165bb457e95d8592b2aa645c08f3646812f0134a3116199941ac9cacd79966e
                                                                                                                                                                                  • Instruction ID: d4e59189b2e6214e03afd5d0d5579af94f7f612efc73c1461bf72c218524a00d
                                                                                                                                                                                  • Opcode Fuzzy Hash: b165bb457e95d8592b2aa645c08f3646812f0134a3116199941ac9cacd79966e
                                                                                                                                                                                  • Instruction Fuzzy Hash: FD412BB1A54204EFFB00DF65ED81B693BB4EB54305F10407BF905BA2B1E7B46960DB19
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00401000 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 67windowregistryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadIconA.USER32(00403000,000001F4), ref: 0040104C
                                                                                                                                                                                  • LoadCursorA.USER32(00000000,00007F00), ref: 0040105B
                                                                                                                                                                                  • RegisterClassExA.USER32(00000030), ref: 0040106E
                                                                                                                                                                                  • CreateWindowExA.USER32(00000000,WinClass32,WinClass32,00CF0000,?,?,?,?,00000000,00000000,00403000,00000000), ref: 004010AA
                                                                                                                                                                                  • ShowWindow.USER32(00000001,?), ref: 004010BC
                                                                                                                                                                                  • UpdateWindow.USER32(00000001), ref: 004010C7
                                                                                                                                                                                  • GetMessageA.USER32(?,00000000,00000000,00000000), ref: 004010D6
                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 004010E4
                                                                                                                                                                                  • DispatchMessageA.USER32(?), ref: 004010ED
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessageWindow$Load$ClassCreateCursorDispatchIconRegisterShowTranslateUpdate
                                                                                                                                                                                  • String ID: 0$WinClass32
                                                                                                                                                                                  • API String ID: 282685165-2329282442
                                                                                                                                                                                  • Opcode ID: 286dd39defc53bc53642eb2300d05e627e30782ba9ed8b70d4df91332c1cf868
                                                                                                                                                                                  • Instruction ID: db64ee9f6a3c3da8bd2a7b60d0102d68ead382408d30bf1f106ff4c9428f50ce
                                                                                                                                                                                  • Opcode Fuzzy Hash: 286dd39defc53bc53642eb2300d05e627e30782ba9ed8b70d4df91332c1cf868
                                                                                                                                                                                  • Instruction Fuzzy Hash: F7213C70D44248AAEF11DFD0CD46BDDBFB8AB04708F20802AF600BA1E5D7B966459B5C
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004010FB Relevance: 4.5, APIs: 3, Instructions: 30windowCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 114 4010fb-401108 115 401111-401115 114->115 116 40110a call 40135a 114->116 117 401117-40112d call 4011cf SendMessageA 115->117 118 40112f-401133 115->118 123 40110f 116->123 121 401142-401154 DefWindowProcA 117->121 118->121 122 401135-40113f PostQuitMessage 118->122 123->121
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • SendMessageA.USER32(?,00009D99,00000000,00000000), ref: 00401128
                                                                                                                                                                                  • DefWindowProcA.USER32(?,00000002,?,?), ref: 0040114E
                                                                                                                                                                                    • Part of subcall function 0040135A: GetSystemDirectoryA.KERNEL32(C:\Windows\system32\,00001000), ref: 0040136B
                                                                                                                                                                                    • Part of subcall function 0040135A: PathAddBackslashA.KERNELBASE(C:\Windows\system32\), ref: 00401375
                                                                                                                                                                                    • Part of subcall function 0040135A: GetWindowsDirectoryA.KERNEL32(00404C84,00001000), ref: 00401385
                                                                                                                                                                                    • Part of subcall function 0040135A: GetTempPathA.KERNEL32(00001000,00405C84), ref: 0040139F
                                                                                                                                                                                    • Part of subcall function 0040135A: GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\,00000200), ref: 004013BB
                                                                                                                                                                                    • Part of subcall function 0040135A: GetEnvironmentVariableA.KERNEL32(APPDATA,00407C84,00001000), ref: 004013DD
                                                                                                                                                                                    • Part of subcall function 0040135A: FindResourceA.KERNEL32(00000000,00000001,0000000A), ref: 0040144C
                                                                                                                                                                                    • Part of subcall function 0040135A: ExitProcess.KERNEL32(00000000,?,?,?,?,004106BC,00000000,00406C84,C0000000,00000003,00000000,00000002,00000080,00000000,00406C84,WINChamsBPCrack.exe), ref: 0040189E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DirectoryPath$BackslashEnvironmentExitFileFindMessageModuleNameProcProcessResourceSendSystemTempVariableWindowWindows
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1588881643-0
                                                                                                                                                                                  • Opcode ID: f65326d40c1053b06fdae5316820f508df888febf5844a30f467ce6d3140b480
                                                                                                                                                                                  • Instruction ID: dbb62d9085e5d6b3fbefb86f4113f67887605609739cbfea317797e2dab6c195
                                                                                                                                                                                  • Opcode Fuzzy Hash: f65326d40c1053b06fdae5316820f508df888febf5844a30f467ce6d3140b480
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51F01C31244209B6DF296E629C07B5A3762AB08719F10C03BFB197C0F297BDD561AA5E
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 004012D9 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 153 4012d9-4012e0 154 4012e3-4012f0 153->154 154->154 155 4012f2-4012f4 154->155
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a9990774af4119fa70ef41400092c50f263bdf1d164bc37f887e3c0d7a250b32
                                                                                                                                                                                  • Instruction ID: 0611be33569e033cf0bcc92f54b95211119f9e80a1ee943285cb6afbe40d6e6f
                                                                                                                                                                                  • Opcode Fuzzy Hash: a9990774af4119fa70ef41400092c50f263bdf1d164bc37f887e3c0d7a250b32
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91C012B711004827CB08C549D8429D6B798E6B5265714411FF912EB291D97CE90185A4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 004018A8 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 22stringCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 134 4018a8-401906 lstrcpyA lstrcatA * 4
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrcpyA.KERNEL32(0040DC84), ref: 004018AD
                                                                                                                                                                                  • lstrcatA.KERNEL32(0040DC84,0040AC84,0040DC84), ref: 004018BC
                                                                                                                                                                                  • lstrcatA.KERNEL32(0040DC84," ",0040DC84,0040AC84,0040DC84), ref: 004018CB
                                                                                                                                                                                  • lstrcatA.KERNEL32(0040DC84,0040BC84,0040DC84," ",0040DC84,0040AC84,0040DC84), ref: 004018DA
                                                                                                                                                                                  • lstrcatA.KERNEL32(0040DC84," >> NUL,0040DC84,0040BC84,0040DC84," ",0040DC84,0040AC84,0040DC84), ref: 004018E9
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrcat$lstrcpy
                                                                                                                                                                                  • String ID: " "$" >> NUL
                                                                                                                                                                                  • API String ID: 2482611188-2884213582
                                                                                                                                                                                  • Opcode ID: 8513afed51d29f5d4a89328734691a1c3423f533152e92d8ecba9f9dcbb9b028
                                                                                                                                                                                  • Instruction ID: 98fcd78bc27786ddee7840aea87765605715515cd2fa121c906537a6fc253484
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8513afed51d29f5d4a89328734691a1c3423f533152e92d8ecba9f9dcbb9b028
                                                                                                                                                                                  • Instruction Fuzzy Hash: CAE0A264BDD347B9F4A876E20E17F0825665B40F89F72417B7914341E66AFC7118802F
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00401157 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 17stringCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 136 401157-40119c lstrcpyA lstrcatA * 2
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • lstrcpyA.KERNEL32(00410184,/c del ",0040188C,?,?,?,?,004106BC,00000000,00406C84,C0000000,00000003,00000000,00000002,00000080,00000000), ref: 00401161
                                                                                                                                                                                  • lstrcatA.KERNEL32(00410184,0040BC84,00410184,/c del ",0040188C,?,?,?,?,004106BC,00000000,00406C84,C0000000,00000003,00000000,00000002), ref: 00401170
                                                                                                                                                                                  • lstrcatA.KERNEL32(00410184," >> NUL,00410184,0040BC84,00410184,/c del ",0040188C,?,?,?,?,004106BC,00000000,00406C84,C0000000,00000003), ref: 0040117F
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000000.00000002.1720079194.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                  • Associated: 00000000.00000002.1720013874.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720099398.0000000000402000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000403000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720115656.0000000000408000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720155206.0000000000411000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  • Associated: 00000000.00000002.1720236443.000000000050E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_0EZ9Ho3Ruc.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: lstrcat$lstrcpy
                                                                                                                                                                                  • String ID: " >> NUL$/c del "
                                                                                                                                                                                  • API String ID: 2482611188-2706327707
                                                                                                                                                                                  • Opcode ID: cd28eb0aa4a3eae105e9b4c0d92c6737ded14966b8bac3c8ed0da2462ae44cb6
                                                                                                                                                                                  • Instruction ID: 17b86c2f2bfb9d9544adc925f31abe5a394b04165ab65cbffe2899ad540e7a84
                                                                                                                                                                                  • Opcode Fuzzy Hash: cd28eb0aa4a3eae105e9b4c0d92c6737ded14966b8bac3c8ed0da2462ae44cb6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53D0C2747D534676E4747A910E17F8425645740F49F3101BB7514341E65EFE72C1401D
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                  Execution Coverage:12.5%
                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                  Total number of Nodes:83
                                                                                                                                                                                  Total number of Limit Nodes:10
                                                                                                                                                                                  execution_graph 54802 329f028 DuplicateHandle 54803 329f0be 54802->54803 54811 9729250 54812 9729255 54811->54812 54813 972928c 54812->54813 54819 972a585 54812->54819 54824 9729745 54812->54824 54829 9729fb2 54812->54829 54834 9729bef 54812->54834 54839 9729f7e 54812->54839 54821 9729821 54819->54821 54820 972a56d 54821->54820 54822 972a611 LdrInitializeThunk LdrInitializeThunk 54821->54822 54823 972a620 LdrInitializeThunk LdrInitializeThunk 54821->54823 54822->54821 54823->54821 54826 9729748 54824->54826 54825 972a56d 54826->54825 54827 972a620 LdrInitializeThunk LdrInitializeThunk 54826->54827 54828 972a611 LdrInitializeThunk LdrInitializeThunk 54826->54828 54827->54826 54828->54826 54831 9729abf 54829->54831 54830 972a56d 54831->54830 54832 972a611 LdrInitializeThunk LdrInitializeThunk 54831->54832 54833 972a620 LdrInitializeThunk LdrInitializeThunk 54831->54833 54832->54831 54833->54831 54836 9729abf 54834->54836 54835 972a56d 54836->54834 54836->54835 54837 972a620 LdrInitializeThunk LdrInitializeThunk 54836->54837 54838 972a611 LdrInitializeThunk LdrInitializeThunk 54836->54838 54837->54836 54838->54836 54841 9729abf 54839->54841 54840 972a56d 54841->54840 54842 972a620 LdrInitializeThunk LdrInitializeThunk 54841->54842 54843 972a611 LdrInitializeThunk LdrInitializeThunk 54841->54843 54842->54841 54843->54841 54844 329ede0 54845 329ee26 GetCurrentProcess 54844->54845 54847 329ee78 GetCurrentThread 54845->54847 54848 329ee71 54845->54848 54849 329eeae 54847->54849 54850 329eeb5 GetCurrentProcess 54847->54850 54848->54847 54849->54850 54851 329eeeb 54850->54851 54852 329ef13 GetCurrentThreadId 54851->54852 54853 329ef44 54852->54853 54854 32963c0 54858 3296410 54854->54858 54863 32964d0 54854->54863 54855 32963db 54859 329641a 54858->54859 54868 32965e0 54859->54868 54872 32965d0 54859->54872 54864 32964f5 54863->54864 54866 32965e0 CreateActCtxA 54864->54866 54867 32965d0 CreateActCtxA 54864->54867 54865 32964ff 54865->54855 54866->54865 54867->54865 54870 3296607 54868->54870 54869 32966e4 54869->54869 54870->54869 54876 3295f9c 54870->54876 54873 3296607 54872->54873 54874 32966e4 54873->54874 54875 3295f9c CreateActCtxA 54873->54875 54874->54874 54875->54874 54877 3297670 CreateActCtxA 54876->54877 54879 3297733 54877->54879 54880 329ca50 54881 329ca54 54880->54881 54884 329cb39 54881->54884 54882 329ca5f 54885 329cb59 54884->54885 54886 329cb7c 54884->54886 54885->54886 54892 329cde0 54885->54892 54896 329cdd0 54885->54896 54886->54882 54887 329cb74 54887->54886 54888 329cd80 GetModuleHandleW 54887->54888 54889 329cdad 54888->54889 54889->54882 54893 329cdf4 54892->54893 54894 329ce19 54893->54894 54900 329c858 54893->54900 54894->54887 54897 329cdf4 54896->54897 54898 329c858 LoadLibraryExW 54897->54898 54899 329ce19 54897->54899 54898->54899 54899->54887 54901 329cfc0 LoadLibraryExW 54900->54901 54903 329d039 54901->54903 54903->54894 54804 52d6820 54805 52d69ab 54804->54805 54807 52d6846 54804->54807 54807->54805 54808 52d6388 54807->54808 54809 52d6aa0 PostMessageW 54808->54809 54810 52d6b0c 54809->54810 54810->54807

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 09955F48 Relevance: 18.6, Strings: 14, Instructions: 1054COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 4'^q$4c^q$4c^q$4c^q$4|cq$Hbq$Hbq$Hbq$Hbq$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                  • API String ID: 0-91971761
                                                                                                                                                                                  • Opcode ID: af232cf53217cbe9b58d8f55edebe7e33f2092a4db29ea9ac855084075524a2a
                                                                                                                                                                                  • Instruction ID: 6cbb99473636f8d8a7dd4e1d6d420acbd41383037cd655d560b7840ccfda0f57
                                                                                                                                                                                  • Opcode Fuzzy Hash: af232cf53217cbe9b58d8f55edebe7e33f2092a4db29ea9ac855084075524a2a
                                                                                                                                                                                  • Instruction Fuzzy Hash: A0828E30B002198FDB18DF79C4546AEBBF6BF89300F548469E84ADB365DA34DD46CB91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09952039 Relevance: 14.9, Strings: 11, Instructions: 1108COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (_^q$(_^q$,bq$4c^q$4c^q$Hbq$Nv]q$$^q$$^q$c^q$c^q
                                                                                                                                                                                  • API String ID: 0-3459267885
                                                                                                                                                                                  • Opcode ID: 285348e85e64799cd767b615f8cdeba91ca28589a40bed8b8328812929c54be0
                                                                                                                                                                                  • Instruction ID: 4480f0cadef9d9e3a0b815cfbea5ce1ea5abc1073605a7f7d3ec45516e9d6584
                                                                                                                                                                                  • Opcode Fuzzy Hash: 285348e85e64799cd767b615f8cdeba91ca28589a40bed8b8328812929c54be0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C828870B411284FCB69EF7D445022E66D77FCCB40B2049AED856DB3A8EE35DC468B92
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09957088 Relevance: 6.6, Strings: 5, Instructions: 387COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1462 9957088-99570b0 1464 99570d0-99570e8 1462->1464 1465 99570b2-99570be 1462->1465 1470 9957104-995712a 1464->1470 1471 99570ea-99570f6 1464->1471 1465->1464 1468 99570c0-99570ca 1465->1468 1468->1464 1473 99571af-99571bb 1468->1473 1581 995712c call 9957088 1470->1581 1582 995712c call 9957498 1470->1582 1471->1470 1476 99570f8-9957101 1471->1476 1478 99571c1-99571cf 1473->1478 1479 995732e-995733a call 9956d30 1473->1479 1476->1470 1478->1479 1490 99571d5-99571e3 1478->1490 1486 995733c-9957353 1479->1486 1487 995739e-99573a4 1479->1487 1485 9957132-9957134 1488 9957144-9957150 1485->1488 1489 9957136-995713f 1485->1489 1486->1487 1504 9957355-9957380 1486->1504 1491 99573a6-99573ad 1487->1491 1492 9957419-9957477 1487->1492 1497 9957152-995715e 1488->1497 1498 995717c-995718b 1488->1498 1493 99573af-99573bb 1489->1493 1500 995747e-99574cd 1490->1500 1501 99571e9-995723d 1490->1501 1491->1493 1492->1500 1497->1498 1509 9957160-995716c 1497->1509 1498->1493 1520 9957521-9957534 1500->1520 1521 99574cf-99574e6 call 9956268 1500->1521 1501->1487 1539 9957243-9957283 call 9956d30 1501->1539 1528 9957382-995738b 1504->1528 1529 995738d-995739c 1504->1529 1509->1498 1517 995716e-995717a 1509->1517 1517->1498 1530 9957190-99571aa 1517->1530 1523 9957536-9957545 1520->1523 1535 99574eb-99574ed 1521->1535 1537 9957547 1523->1537 1538 995754f 1523->1538 1528->1493 1529->1493 1530->1493 1542 99574ef-9957507 1535->1542 1543 9957509-995751f 1535->1543 1537->1538 1545 9957550 1538->1545 1555 99572b5-99572c2 1539->1555 1556 9957285-995729c 1539->1556 1542->1523 1543->1520 1543->1521 1545->1545 1559 99572c4-99572ca 1555->1559 1560 99572de-99572f1 1555->1560 1556->1555 1565 995729e-99572b3 1556->1565 1561 99572d0-99572d9 1559->1561 1562 99573be-9957412 1559->1562 1569 99572f3-995730a 1560->1569 1561->1493 1562->1492 1565->1569 1574 995730c-9957315 1569->1574 1575 995731a-9957329 1569->1575 1574->1493 1575->1493 1581->1485 1582->1485
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0U^q$4'^q$4'^q$4'^q$PH^q
                                                                                                                                                                                  • API String ID: 0-2407971689
                                                                                                                                                                                  • Opcode ID: 24a9f37155d36f9fe48def965a66c52ddbb490a3b51d6a0bdd31c13b54bf2ae9
                                                                                                                                                                                  • Instruction ID: 8cb34f6046164f61f64b79714afb1db0316727164aae283ee337879439ce8597
                                                                                                                                                                                  • Opcode Fuzzy Hash: 24a9f37155d36f9fe48def965a66c52ddbb490a3b51d6a0bdd31c13b54bf2ae9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 12D18C707001198FDB18DFBAC85466F7BE7BF88740B248469E816CB3A4DE35DD428BA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0972A6D8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 198libraryCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1628 972a6d8-972a72a 1636 972a731-972a74a call 972afb3 1628->1636 1637 972a72c-972a96a 1628->1637 1687 972a74c call 9957a00 1636->1687 1688 972a74c call 99579d2 1636->1688 1641 972a752-972a77c LdrInitializeThunk 1644 972a934-972a942 1641->1644 1645 972a781-972a7d6 1644->1645 1646 972a948-972a960 1644->1646 1654 972a901-972a906 1645->1654 1655 972a7dc-972a820 1645->1655 1658 972a90b-972a90f 1654->1658 1655->1654 1666 972a826-972a8aa 1655->1666 1660 972a911-972a913 1658->1660 1661 972a915-972a918 1658->1661 1663 972a91b-972a922 1660->1663 1661->1663 1667 972a931 1663->1667 1668 972a924-972a92a 1663->1668 1684 972a8ad call 9959f90 1666->1684 1685 972a8ad call 9959f88 1666->1685 1667->1644 1668->1667 1677 972a8b3-972a8c2 1679 972a8c4 1677->1679 1680 972a8cc-972a8ff 1677->1680 1679->1658 1681 972a8c6-972a8ca 1679->1681 1680->1658 1681->1658 1681->1680 1684->1677 1685->1677 1687->1641 1688->1641
                                                                                                                                                                                  APIs
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1789179206.0000000009720000.00000040.00000800.00020000.00000000.sdmp, Offset: 09720000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9720000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: InitializeThunk
                                                                                                                                                                                  • String ID: to$pto
                                                                                                                                                                                  • API String ID: 2994545307-2167161531
                                                                                                                                                                                  • Opcode ID: 70106c0e4ed040342c7073043043b7cccf43cad8933823ded00e7fa2dbead027
                                                                                                                                                                                  • Instruction ID: 3afe91e459a41aa2b9ee21d59890f1691ba8560b015246b49b3a21ad80c5472d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 70106c0e4ed040342c7073043043b7cccf43cad8933823ded00e7fa2dbead027
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0671CF31B012189FDB18DF65D464BAEBBF2EF88700F108169E446A73E4DB71AD46CB91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09728B27 Relevance: 5.3, Strings: 4, Instructions: 300COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1801 9728b27-9728b2e 1802 9728b30-9728b36 1801->1802 1803 9728b39-9728bb8 1801->1803 1802->1803 1811 972901b-9729020 1803->1811 1812 9728bbe-9728be3 1803->1812 1818 9729025-972902f 1811->1818 1815 9728dc1-9728e10 1812->1815 1816 9728be9-9728bf2 1812->1816 1815->1811 1828 9728e16-9728e3b 1815->1828 1816->1811 1817 9728bf8-9728c50 call 9727164 1816->1817 1837 9728c57-9728c73 1817->1837 1828->1818 1833 9728e41-9728e4a 1828->1833 1833->1811 1835 9728e50-9728ec2 call 9727164 1833->1835 1865 9728ec9-9728ecb 1835->1865 1842 9728d1a-9728d33 1837->1842 1843 9728c79-9728ca8 1837->1843 1846 9728d35 1842->1846 1847 9728d3e 1842->1847 1856 9728cb6-9728cc4 1843->1856 1857 9728caa-9728cb0 1843->1857 1846->1847 1847->1815 1863 9728cc6-9728ce9 1856->1863 1864 9728d08-9728d14 1856->1864 1859 9728cb2 1857->1859 1860 9728cb4 1857->1860 1859->1856 1860->1856 1877 9728cf7-9728d01 1863->1877 1878 9728ceb-9728cf1 1863->1878 1864->1842 1864->1843 1866 9728f72-9728f8b 1865->1866 1867 9728ed1-9728f00 1865->1867 1871 9728f96 1866->1871 1872 9728f8d 1866->1872 1884 9728f02-9728f08 1867->1884 1885 9728f0e-9728f1c 1867->1885 1871->1811 1872->1871 1877->1864 1879 9728cf3 1878->1879 1880 9728cf5 1878->1880 1879->1877 1880->1877 1886 9728f0a 1884->1886 1887 9728f0c 1884->1887 1889 9728f60-9728f6c 1885->1889 1890 9728f1e-9728f41 1885->1890 1886->1885 1887->1885 1889->1866 1889->1867 1895 9728f43-9728f49 1890->1895 1896 9728f4f-9728f59 1890->1896 1897 9728f4b 1895->1897 1898 9728f4d 1895->1898 1896->1889 1897->1896 1898->1896
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1789179206.0000000009720000.00000040.00000800.00020000.00000000.sdmp, Offset: 09720000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9720000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                  • API String ID: 0-2125118731
                                                                                                                                                                                  • Opcode ID: 6a804e3316dbdd60862e9bfd0d10353c0404b2ed0f0d74aecc60574c8520629d
                                                                                                                                                                                  • Instruction ID: 4805903dee0cd2506d1adb50665b9fa13efa93c431e12ad783ed12fd07762ffb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a804e3316dbdd60862e9bfd0d10353c0404b2ed0f0d74aecc60574c8520629d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4BA17131B10225DBDB18EB74C5506AEB7F2AF88305F14856DD406EB785EF36CC868B92
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 03290848 Relevance: 3.0, Strings: 2, Instructions: 506COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Te^q$Te^q
                                                                                                                                                                                  • API String ID: 0-3743469327
                                                                                                                                                                                  • Opcode ID: 8af974918c0c39e8bf14bd96cb829993e609b88804f31684656467914e8312d2
                                                                                                                                                                                  • Instruction ID: 0400d3cb09965e71048c434f71d3a2a404e4f9980abf3e5273edf86608e32091
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8af974918c0c39e8bf14bd96cb829993e609b88804f31684656467914e8312d2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2132C175E10219CFEB64CF58C584A99BBF2BB48304F59C5AAD458EB212CB31ED85CF90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09700040 Relevance: 2.0, Strings: 1, Instructions: 701COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $^q
                                                                                                                                                                                  • API String ID: 0-388095546
                                                                                                                                                                                  • Opcode ID: a8564c57cea9091105f2b90924dd52022c6794c342fa80bd7eaba94c0abab08b
                                                                                                                                                                                  • Instruction ID: d2201fe369c0597c8a85dcb4b6db6f5f6a14cf37c1220cc90fb2879e5ef61e72
                                                                                                                                                                                  • Opcode Fuzzy Hash: a8564c57cea9091105f2b90924dd52022c6794c342fa80bd7eaba94c0abab08b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F523535B00205CFCB15DF69C594BAABBF2BF89710F1584A9E4469B3A2CB75EC41CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09959670 Relevance: 1.8, Strings: 1, Instructions: 556COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                  • Opcode ID: 6c25579c8facad902c46ec5ff497f3ef2df038e75e13363b45928f7e8cc749ff
                                                                                                                                                                                  • Instruction ID: ebd005768f310f921f72d48d1d090659b773c6c9c5caded2ab00197d1129f118
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c25579c8facad902c46ec5ff497f3ef2df038e75e13363b45928f7e8cc749ff
                                                                                                                                                                                  • Instruction Fuzzy Hash: E7323A70A00209DFEB14CF69C984AAEB7F6FF88304F548569E85AEB355C731E945CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09702490 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                  • Opcode ID: 8a9fc15d1cb216a0000ada19e611f4655070aa13d692066d46b4791e962c7d3d
                                                                                                                                                                                  • Instruction ID: 45b0b8fe3923ea75a3e2f02d45e52d6b156cc016a0a285c1a0ee6a9387baa2ae
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a9fc15d1cb216a0000ada19e611f4655070aa13d692066d46b4791e962c7d3d
                                                                                                                                                                                  • Instruction Fuzzy Hash: B9025A32A00205DFCB19DF65C4A8AAE7BF6FF89304F14846DE516AB296DB35DC41CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970DDF8 Relevance: 1.7, Strings: 1, Instructions: 409COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @ud
                                                                                                                                                                                  • API String ID: 0-2418490269
                                                                                                                                                                                  • Opcode ID: 10898f4acd3acf8547a41755cb8eafbeb6a678f94909f360f67d73f12d717a10
                                                                                                                                                                                  • Instruction ID: 272d0cb475685af7d06fd0fb70c048218b4703352997510b122dc9bb926df56e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 10898f4acd3acf8547a41755cb8eafbeb6a678f94909f360f67d73f12d717a10
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A028B36A00705CFDB25CFA9C594A6ABBF2FF88300F148969E45ADB7A1D735E845CB40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970F3F8 Relevance: .9, Instructions: 927COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a6cbd2e6d2dbc0dc336f2ea2da55cab5a1e7fcaf7a0999f81eaa6d4e9772384b
                                                                                                                                                                                  • Instruction ID: 0ee0fe8b585e2494cf4fd75f2fffe9ae79703adc9b8c8f889229ea9be8aae3aa
                                                                                                                                                                                  • Opcode Fuzzy Hash: a6cbd2e6d2dbc0dc336f2ea2da55cab5a1e7fcaf7a0999f81eaa6d4e9772384b
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF828F32A00205DFCB25CF69D594AAABBF2FF84310F158569E446CB7A6D730EC85CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0972D1C8 Relevance: .8, Instructions: 814COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1789179206.0000000009720000.00000040.00000800.00020000.00000000.sdmp, Offset: 09720000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9720000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fd7ec4de596b68f10f52abd271a24ef9508a5c41decf22beed5a31086c9d0653
                                                                                                                                                                                  • Instruction ID: 64304ef037d3dec060ec49ddf8d03c793c0389916cd82eb5f901356eebadd635
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd7ec4de596b68f10f52abd271a24ef9508a5c41decf22beed5a31086c9d0653
                                                                                                                                                                                  • Instruction Fuzzy Hash: 79826A356142668FDB34CF24C468B6977F6FB98318F1041A8D8599B3A1EB34DC86CF92
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09700ED8 Relevance: .6, Instructions: 629COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 513cc0f0ba95e1e0e3b732870aff85778cee2fef8f68a6754d0fb4b21ab09e53
                                                                                                                                                                                  • Instruction ID: 1348e063c7c7c4056ca96ffe1d2a6bd1de697018dba7ac4c2e06d40fa1e9895c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 513cc0f0ba95e1e0e3b732870aff85778cee2fef8f68a6754d0fb4b21ab09e53
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD327832A04300CFCB25CF65D5A466ABBF6FFC5319F94846EE0468B6A5CB75E881CB50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329140F Relevance: .6, Instructions: 614COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7db67c08091d3d3bafabff9e540212a1a7539de84d50c3a7645ca73110c8280b
                                                                                                                                                                                  • Instruction ID: 86fa3277f0693f1465efa64617af4b30d978ef7b99fbd527c02e5fe3d2bf28cf
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7db67c08091d3d3bafabff9e540212a1a7539de84d50c3a7645ca73110c8280b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F42AA31A10606CFDB14CF69C5849AEBBF6FF88310B5586AAD456AB345D730F892CF90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09720040 Relevance: .5, Instructions: 466COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1789179206.0000000009720000.00000040.00000800.00020000.00000000.sdmp, Offset: 09720000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9720000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ef6f0fe32a30c62adb2959753b877c0e6b7bafa042fcced925ed03aa58661425
                                                                                                                                                                                  • Instruction ID: 837d05acf13d60fdf6aa9d682bb9ee1743406fcfd9a37a0b76d2326929e6d95d
                                                                                                                                                                                  • Opcode Fuzzy Hash: ef6f0fe32a30c62adb2959753b877c0e6b7bafa042fcced925ed03aa58661425
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A123875A012058FD715DF69C584AAEBBF2FF89300B19C599E409DB366C730ED85CBA0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09709700 Relevance: .4, Instructions: 433COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c9e3fa8a98942d0a5f84f3e904bff176afa7ae4aa15f86e3057490adf73660b8
                                                                                                                                                                                  • Instruction ID: 128b5f4fe6f4efe842d8d362e94558bec353f378b534cb73576d4661f722dd1b
                                                                                                                                                                                  • Opcode Fuzzy Hash: c9e3fa8a98942d0a5f84f3e904bff176afa7ae4aa15f86e3057490adf73660b8
                                                                                                                                                                                  • Instruction Fuzzy Hash: B7026A71A00305DFDB25CFA9C890A9ABBF6FF88300F04896DE5469B7A6D771E845CB50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 052D7538 Relevance: .4, Instructions: 398COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1783651115.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_52d0000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8ffe58c2ab940f7001be3d26cca3794045316457a826d62b5696369ce0f7ae4a
                                                                                                                                                                                  • Instruction ID: 734105082b094010fcf3c6a7f8aa20c612474531b534ea2ca96cb1afb37d9642
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ffe58c2ab940f7001be3d26cca3794045316457a826d62b5696369ce0f7ae4a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 45E19C317213018FEB19DB69C450BAEB7F6EF88700F18446ED54ADB290DB79E941CBA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 097047D0 Relevance: 87.7, Strings: 70, Instructions: 223COMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 294 97047d0-97047e4 295 97048e9-9704915 294->295 296 97047ea-9704815 294->296 302 970491c-9704930 295->302 301 970481b-970483e 296->301 296->302 301->302 314 9704844-97048c7 301->314 307 9704932-970493f 302->307 308 97048da-97048e6 302->308 310 9704961-9704964 307->310 311 9704941-9704943 307->311 312 9704ac4 310->312 313 970496a-9704970 310->313 315 9704945-9704948 311->315 316 970498c-9704991 311->316 319 9704ac9-9704acc 312->319 317 9704972 313->317 318 9704979-970497f 313->318 375 97048c9 314->375 376 97048cd-97048d7 314->376 320 9704a0e-9704a14 315->320 321 970494e-9704954 315->321 316->319 317->318 322 9704a70-9704a75 317->322 323 9704a54-9704a59 317->323 324 9704ab6-9704abb 317->324 325 9704a77-9704a7c 317->325 326 9704a5b-9704a60 317->326 327 9704abd-9704ac2 317->327 328 9704a7e-9704a83 317->328 329 9704a62-9704a67 317->329 330 9704a85-9704a8a 317->330 331 9704aa8-9704aad 317->331 332 9704a69-9704a6e 317->332 333 9704a8c-9704a91 317->333 334 9704acd-9704b06 317->334 335 9704a4d-9704a52 317->335 336 9704aaf-9704ab4 317->336 318->334 339 9704985 318->339 337 9704a20-9704a25 320->337 338 9704a16-9704a1b 320->338 321->334 341 970495a 321->341 322->319 323->319 324->319 325->319 326->319 327->319 328->319 329->319 330->319 331->319 332->319 333->319 335->319 336->319 337->319 338->319 339->316 339->324 339->331 339->336 341->310 341->322 341->323 341->324 341->325 341->326 341->327 341->328 341->329 341->330 341->331 341->332 341->333 341->334 341->335 341->336 342 97049f0-97049f5 341->342 343 97049b4-97049b9 341->343 344 9704a34-9704a3a 341->344 345 97049fa-97049ff 341->345 346 97049be-97049c3 341->346 347 97049a0-97049a5 341->347 348 9704aa1-9704aa6 341->348 349 97049e6-97049eb 341->349 350 97049aa-97049af 341->350 351 9704a2a-9704a2f 341->351 352 97049d2-97049d7 341->352 353 9704a93-9704a98 341->353 354 9704996-970499b 341->354 355 9704a9a-9704a9f 341->355 356 97049dc-97049e1 341->356 357 9704a04-9704a09 341->357 358 97049c8-97049cd 341->358 342->319 343->319 360 9704a46-9704a4b 344->360 361 9704a3c-9704a41 344->361 345->319 346->319 347->319 348->319 349->319 350->319 351->319 352->319 353->319 354->319 355->319 356->319 357->319 358->319 360->319 361->319 375->376 376->308
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: Hbq$U$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd$Wd
                                                                                                                                                                                  • API String ID: 0-685180977
                                                                                                                                                                                  • Opcode ID: e72569c881a507af5b39b6063160f88c4671d37cb84ba36f2cd76e7b2e17e30e
                                                                                                                                                                                  • Instruction ID: be101541d1a01fc1e363d083af5da468c6e483a24efd64cd73859eddab7dde9c
                                                                                                                                                                                  • Opcode Fuzzy Hash: e72569c881a507af5b39b6063160f88c4671d37cb84ba36f2cd76e7b2e17e30e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0281B7B2A08144CBD7648AE9D4A676E77E5FBC1341F08867BF206CB3E5E638CD448716
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329EDD1 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1583 329edd1-329ee6f GetCurrentProcess 1588 329ee78-329eeac GetCurrentThread 1583->1588 1589 329ee71-329ee77 1583->1589 1590 329eeae-329eeb4 1588->1590 1591 329eeb5-329eee9 GetCurrentProcess 1588->1591 1589->1588 1590->1591 1593 329eeeb-329eef1 1591->1593 1594 329eef2-329ef0d call 329efaf 1591->1594 1593->1594 1597 329ef13-329ef42 GetCurrentThreadId 1594->1597 1598 329ef4b-329efad 1597->1598 1599 329ef44-329ef4a 1597->1599 1599->1598
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0329EE5E
                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0329EE9B
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0329EED8
                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0329EF31
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                  • Opcode ID: 3628abac55358fd02c20d771bd138b2ce7fa95479fdbff60408e3382d2a4291f
                                                                                                                                                                                  • Instruction ID: 17aabe0f86bb7f1fdaf35e22bade942c592b56eebb3ff76451ce0d53384d82f9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3628abac55358fd02c20d771bd138b2ce7fa95479fdbff60408e3382d2a4291f
                                                                                                                                                                                  • Instruction Fuzzy Hash: BA5159B0910309CFDB14DFA9D548BAEBBF1FF48314F24846AE859A7260DB349984CF65
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329EDE0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                  • Executed
                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                  control_flow_graph 1606 329ede0-329ee6f GetCurrentProcess 1610 329ee78-329eeac GetCurrentThread 1606->1610 1611 329ee71-329ee77 1606->1611 1612 329eeae-329eeb4 1610->1612 1613 329eeb5-329eee9 GetCurrentProcess 1610->1613 1611->1610 1612->1613 1615 329eeeb-329eef1 1613->1615 1616 329eef2-329ef0d call 329efaf 1613->1616 1615->1616 1619 329ef13-329ef42 GetCurrentThreadId 1616->1619 1620 329ef4b-329efad 1619->1620 1621 329ef44-329ef4a 1619->1621 1621->1620
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0329EE5E
                                                                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 0329EE9B
                                                                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 0329EED8
                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0329EF31
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                                                                  • Opcode ID: b12ddd7f229bf69153e71d0bea304520740e6eed7a1d23a5e777d4eb6f86956e
                                                                                                                                                                                  • Instruction ID: 2e87be6d2326a6aa348e37bc203c8d8dce5a33526bd2bfaa8819001426e1f7eb
                                                                                                                                                                                  • Opcode Fuzzy Hash: b12ddd7f229bf69153e71d0bea304520740e6eed7a1d23a5e777d4eb6f86956e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 935158B0910209CFDB14DFAAD548B9EBBF1EF48314F24C46AE459A7260DB349984CF65
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09958A70 Relevance: 2.9, Strings: 2, Instructions: 413COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: d$d
                                                                                                                                                                                  • API String ID: 0-195624457
                                                                                                                                                                                  • Opcode ID: d5a679f0db65680bb3c72f9ad819f0cbb8a5cd24d5ea06ea8aa40a166b82cefa
                                                                                                                                                                                  • Instruction ID: bd31adc6fdbed0ecba9625723a86ad9aa3f89fe160cad58a55bd5cd532e90ce5
                                                                                                                                                                                  • Opcode Fuzzy Hash: d5a679f0db65680bb3c72f9ad819f0cbb8a5cd24d5ea06ea8aa40a166b82cefa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9BF14A70A00219DFDB24CF69D884B9EBBB6FF88304F14C629E856DB654D731E885CB85
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099582FE Relevance: 2.8, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (bq$(bq
                                                                                                                                                                                  • API String ID: 0-4224401849
                                                                                                                                                                                  • Opcode ID: 3cbcea77bbb35d62ff7e990e56a51b6bb902e160f6d6654aec9ed20a9c31847b
                                                                                                                                                                                  • Instruction ID: 189aeff7b88d9e97b0d567c35ae0d3a862b9e9d91196e1803bd4dc3b300c10ab
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3cbcea77bbb35d62ff7e990e56a51b6bb902e160f6d6654aec9ed20a9c31847b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9EB1CD30A01215CFDB24DF69D98466EB7F6FF84314F14862AE85ADB759CB30E885CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995A658 Relevance: 2.7, Strings: 2, Instructions: 212COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (&^q$(bq
                                                                                                                                                                                  • API String ID: 0-1294341849
                                                                                                                                                                                  • Opcode ID: c5af1aee32329d8808166bf4e81938389d9ad19362cce229b832dfaa7376a86c
                                                                                                                                                                                  • Instruction ID: b5ebf86304c7e9e04c0d0b5027d103ef3d0c7af5d0a87bce18119f0d5f5f4a4e
                                                                                                                                                                                  • Opcode Fuzzy Hash: c5af1aee32329d8808166bf4e81938389d9ad19362cce229b832dfaa7376a86c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F719031F012199BEB19DFB9C8506AEBBB6BFD8740F148529E406A7390DF309D42CB95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995BA58 Relevance: 2.7, Strings: 2, Instructions: 201COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: KDBM$nKvq
                                                                                                                                                                                  • API String ID: 0-3126578318
                                                                                                                                                                                  • Opcode ID: 234f2269ad24e0e1d8f8fbeb758d97e03aa8c7dae01ec1069899971910b23c58
                                                                                                                                                                                  • Instruction ID: dbd6fc1ef8a55767eace0008d673ad1f35b4803cb0ca3797364cc5b215f902c0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 234f2269ad24e0e1d8f8fbeb758d97e03aa8c7dae01ec1069899971910b23c58
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3551D932700215AFDB15EFB68C14A7F7AABEFC9650B14842DE50AD7394DE358C1287A1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D480 Relevance: 2.7, Strings: 2, Instructions: 171COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: to$pto
                                                                                                                                                                                  • API String ID: 0-2167161531
                                                                                                                                                                                  • Opcode ID: 27e8f52fd546c1cbb175a08c948d7ef9aa11471bdaec565a4006bd6ebaf2bb3a
                                                                                                                                                                                  • Instruction ID: 4248bc145f952cfb6625b10933037e88718aff2a86eae68060f056b01d89b6f6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 27e8f52fd546c1cbb175a08c948d7ef9aa11471bdaec565a4006bd6ebaf2bb3a
                                                                                                                                                                                  • Instruction Fuzzy Hash: E351A071B002158FDB14EF74C4507EEBBF2AFC9310F148529C44AA73A5DA749C86CBA2
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09950ED8 Relevance: 2.6, Strings: 2, Instructions: 127COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: xbq$xbq
                                                                                                                                                                                  • API String ID: 0-4275011135
                                                                                                                                                                                  • Opcode ID: bbbcdcf4569a5b791dd16a5f68f38215ab9f28562a03477e3d64000d24e2269f
                                                                                                                                                                                  • Instruction ID: 5db93aa5082ffbd9edab9f600ca4358ba0353c34bd9e325a97610794236738ee
                                                                                                                                                                                  • Opcode Fuzzy Hash: bbbcdcf4569a5b791dd16a5f68f38215ab9f28562a03477e3d64000d24e2269f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 10416A306052418FC725EF79D95466EBBA6FF90700B508A7DC0478B3A8EF75AD4A8BC1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09950ECA Relevance: 2.6, Strings: 2, Instructions: 116COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: xbq$xbq
                                                                                                                                                                                  • API String ID: 0-4275011135
                                                                                                                                                                                  • Opcode ID: 895ccacb65ccac90ccb34d4c292a4881932ceec8de8e5f8f04bf03f1f870a3ba
                                                                                                                                                                                  • Instruction ID: 729a50e22205ac9e2c741e488d2db91942b30d8df2aee8a04e72b0cee4547df2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 895ccacb65ccac90ccb34d4c292a4881932ceec8de8e5f8f04bf03f1f870a3ba
                                                                                                                                                                                  • Instruction Fuzzy Hash: A0415A306012018FC725EF75D94466EBBA6FF90704B408A7EC0478B3A8DF71A94ACBC1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995BA48 Relevance: 2.6, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: KDBM$nKvq
                                                                                                                                                                                  • API String ID: 0-3126578318
                                                                                                                                                                                  • Opcode ID: bc8b77dc462cc61237dbb53d1208687d966ebf0eb98827f7a6e84c1053827522
                                                                                                                                                                                  • Instruction ID: e2b6e4350f967b77e682f00e49b5af509da2847434926ed4c44931d901f4dba1
                                                                                                                                                                                  • Opcode Fuzzy Hash: bc8b77dc462cc61237dbb53d1208687d966ebf0eb98827f7a6e84c1053827522
                                                                                                                                                                                  • Instruction Fuzzy Hash: D621D8707002159FCB15EB798915B7FBAABEFC8700F14802DA50AE73E8DE758C1147A2
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09954680 Relevance: 2.5, Strings: 2, Instructions: 26COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $^q$$^q
                                                                                                                                                                                  • API String ID: 0-355816377
                                                                                                                                                                                  • Opcode ID: c75bc80dcdf203572e24279c3f351459f65c9a0669f11fdca722f6463c5f8a1e
                                                                                                                                                                                  • Instruction ID: e8186ace8c31992881a2f814c794f45bed3fa7a380110864adc20b6daa6bfd8c
                                                                                                                                                                                  • Opcode Fuzzy Hash: c75bc80dcdf203572e24279c3f351459f65c9a0669f11fdca722f6463c5f8a1e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 42E0E530B007188FD7B4D629910431B77E9AB84710F00052ED88287755DF76E88187C1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329CB39 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0329CD9E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                  • Opcode ID: 21d8999c538037dc3a0bea9ff0a0304c32299b576dc8fc3284ef286a9502689f
                                                                                                                                                                                  • Instruction ID: 9058a79cbb12a08ab297a96fd300f06542de501a42eacd72d2a42f8ac31f3372
                                                                                                                                                                                  • Opcode Fuzzy Hash: 21d8999c538037dc3a0bea9ff0a0304c32299b576dc8fc3284ef286a9502689f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 10815670A10B158FEB24DF2AD44175ABBF5FF48700F048A2ED48AD7A50DB74E885CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099582F0 Relevance: 1.7, Strings: 1, Instructions: 401COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                  • Opcode ID: c060f5fc6112099df7a9cd2ee6dc14656f89e3c427613dc82b6aad42176916d6
                                                                                                                                                                                  • Instruction ID: 717c52d50532305b385a9e9565a6884cf493fb6e68ea3a09e4251f9234a19b8a
                                                                                                                                                                                  • Opcode Fuzzy Hash: c060f5fc6112099df7a9cd2ee6dc14656f89e3c427613dc82b6aad42176916d6
                                                                                                                                                                                  • Instruction Fuzzy Hash: DE022470A01609DFDB20CF69D888A5EF7B6FF48314F248619E85ADB625D330E895CF80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 03297664 Relevance: 1.6, APIs: 1, Instructions: 121COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 03297721
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                  • Opcode ID: 0d21a465de3c2e9d4fe6fa6783b1d47df0d668af40a317852068c3fb10c20d54
                                                                                                                                                                                  • Instruction ID: e7538cd49b6caadc80cf9ea78239255587d0e7ee9574b5e3413cef64517dfb44
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d21a465de3c2e9d4fe6fa6783b1d47df0d668af40a317852068c3fb10c20d54
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F5100B1C10719CEEB24CFA9C9447DEBBF5BF48304F24806AD458AB251DB796989CF90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 03295F9C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 03297721
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: Create
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 2289755597-0
                                                                                                                                                                                  • Opcode ID: 93d3c59dcdbb7c5f8dac7cd5dc5151e7f612b46ddebba4bc3c0b8521521a7f6b
                                                                                                                                                                                  • Instruction ID: 2784f3b86dc90928f896f223f85584b38a81ca16c0166480682cbbd5e171f9b3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 93d3c59dcdbb7c5f8dac7cd5dc5151e7f612b46ddebba4bc3c0b8521521a7f6b
                                                                                                                                                                                  • Instruction Fuzzy Hash: D441B0B0C10619CFDB24DFA9C944BDDBBF5BF48304F24806AD418AB255DB756985CF90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329F020 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0329F0AF
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                  • Opcode ID: f9f7b97241e068da9fc26d857c7604b9961755a05d786e41b208e98f108f1364
                                                                                                                                                                                  • Instruction ID: 515405cc2ff77311bc98c034835e026b5a055d84cd83018d5becf434a90a96da
                                                                                                                                                                                  • Opcode Fuzzy Hash: f9f7b97241e068da9fc26d857c7604b9961755a05d786e41b208e98f108f1364
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B2103B5900309AFDB10CFAAD585AEEBFF9FB48320F14841AE914A3310D374A940CFA0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329F028 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0329F0AF
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                  • Opcode ID: 2a54face30f40cefa2456f350b7f681c55ec54b2aff3073ee2a5b8f975d24a78
                                                                                                                                                                                  • Instruction ID: b3cdf64347d8a796cf8bbb61a6ac8e1f44ffe3e55d605abc191d45dc7db58d24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a54face30f40cefa2456f350b7f681c55ec54b2aff3073ee2a5b8f975d24a78
                                                                                                                                                                                  • Instruction Fuzzy Hash: D621E4B5900209AFDB10CF9AD584ADEFFF8FB48310F14841AE954A3310D375A944CFA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329C858 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0329CE19,00000800,00000000,00000000), ref: 0329D02A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                  • Opcode ID: f5c8e6895be2c416b07865a893236e6a6b936dcd0aa3f19e570ba9782f709257
                                                                                                                                                                                  • Instruction ID: b909f87bc24670610aa580d6ab0c874b0d005b43da21b229935b68703a5a6aa9
                                                                                                                                                                                  • Opcode Fuzzy Hash: f5c8e6895be2c416b07865a893236e6a6b936dcd0aa3f19e570ba9782f709257
                                                                                                                                                                                  • Instruction Fuzzy Hash: 711114B69003099FDB10CF9AD444BDEFBF4EB48310F14842AD519A7210C375A545CFA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329CFB9 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0329CE19,00000800,00000000,00000000), ref: 0329D02A
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                  • Opcode ID: 16683a39415ea443ace5256f544bcc982d824106d9db4aa6b15b823eeca06acc
                                                                                                                                                                                  • Instruction ID: c98348641dbeba16cd92cb940e1f1e1adfde58a7bc069b0858d716ad2c7ab1c2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16683a39415ea443ace5256f544bcc982d824106d9db4aa6b15b823eeca06acc
                                                                                                                                                                                  • Instruction Fuzzy Hash: 781100B68003099FDB10CFAAD444AAEFBF4EB88310F14842AE959A7210C375A585CFA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0329CD38 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0329CD9E
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1778379509.0000000003290000.00000040.00000800.00020000.00000000.sdmp, Offset: 03290000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_3290000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: HandleModule
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 4139908857-0
                                                                                                                                                                                  • Opcode ID: 1ec0a592761f98e6614da04209899e828866cfd8f12cdf2aad7bacdf24babb6f
                                                                                                                                                                                  • Instruction ID: cf7675002fdc6148a2fca524107301a83e7c8834751c506baa86c76dbc3bce96
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ec0a592761f98e6614da04209899e828866cfd8f12cdf2aad7bacdf24babb6f
                                                                                                                                                                                  • Instruction Fuzzy Hash: AD11FEB6C003598FDB10DF9AC444ADEFBF4EF88324F14842AD869A7210C379A585CFA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 052D6388 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 052D6AFD
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1783651115.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_52d0000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                  • Opcode ID: 0f2eadf1908a6a0c4aabfbc945703934129ebfd916ee066e0e8b4149fcc0ec44
                                                                                                                                                                                  • Instruction ID: c08d23dccfe90b739b70fd1d8f4f9816c4859be29e8fa238d7718cda414bdf08
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f2eadf1908a6a0c4aabfbc945703934129ebfd916ee066e0e8b4149fcc0ec44
                                                                                                                                                                                  • Instruction Fuzzy Hash: E311F5B59003499FCB10DF9AC485BDEFBF8EB48314F108419E559A7240D375A944CFA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 052D6A99 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  APIs
                                                                                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 052D6AFD
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1783651115.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_52d0000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID: MessagePost
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID: 410705778-0
                                                                                                                                                                                  • Opcode ID: f6b84c6ecebba779016a8911afd3df4e7422c61f4c582ce4180bf15c8d3f12ca
                                                                                                                                                                                  • Instruction ID: b9ecf26f8adfa0198bdbd212db1d96f944368228285a0139745db0dfaca28d1c
                                                                                                                                                                                  • Opcode Fuzzy Hash: f6b84c6ecebba779016a8911afd3df4e7422c61f4c582ce4180bf15c8d3f12ca
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF11E0B5800249DFDB10DF9AD985BDEBBF8EB48320F20841AE558A7250C375A984CFA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D028 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: pto
                                                                                                                                                                                  • API String ID: 0-2184868032
                                                                                                                                                                                  • Opcode ID: 7055dcb70e0affe520cbd914413351e60aed66545adcd85bcc89106c05e023d6
                                                                                                                                                                                  • Instruction ID: 31a8bccd1f22690df12f3e8ba7f12f8738ad54acaa2cbadc95618327efd3db24
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7055dcb70e0affe520cbd914413351e60aed66545adcd85bcc89106c05e023d6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1581B030B002068FDB19EF79D95466FB6A6AFC4304F14852CD806DB3A4DF75ED4A8B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D001 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: pto
                                                                                                                                                                                  • API String ID: 0-2184868032
                                                                                                                                                                                  • Opcode ID: 9895c962b0aefdaf56543c48bc9e7f1fb2a3e04e31cd9506aca6bd839498193a
                                                                                                                                                                                  • Instruction ID: 64427bdab743112b8b1bb73808d8c31b7b6cc8b9cd2c5ff89df7b7f46c57a13f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9895c962b0aefdaf56543c48bc9e7f1fb2a3e04e31cd9506aca6bd839498193a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D71D2307002059FCB19EF79D95066EBAA3EFC9340B14852DD806DB3A4EF75EC4A8B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D6F8 Relevance: 1.4, Strings: 1, Instructions: 195COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $nA
                                                                                                                                                                                  • API String ID: 0-1550252588
                                                                                                                                                                                  • Opcode ID: 5ef8c1c07236165166d8ee1665e5eef8b35f7ce80d60911f74eb240d0f02e9d3
                                                                                                                                                                                  • Instruction ID: 605a4aca431f3952c6aa1f8d3129d2d293ffa52f4b627c16f7255cb2d9e8d287
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ef8c1c07236165166d8ee1665e5eef8b35f7ce80d60911f74eb240d0f02e9d3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F518F34700214DFDB58FB78896462F72EBAFC9641B20883C9406EB3A8DF75DC5287A1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D6E9 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $nA
                                                                                                                                                                                  • API String ID: 0-1550252588
                                                                                                                                                                                  • Opcode ID: 49b4c0938dbda7e60307ab8fb7b1e16827e04875f29d421242d000bb2a04637a
                                                                                                                                                                                  • Instruction ID: 9b7fc67b22a3f06980e798257fa1c92eab709e7f6858e6d6ee98c1af2220bd12
                                                                                                                                                                                  • Opcode Fuzzy Hash: 49b4c0938dbda7e60307ab8fb7b1e16827e04875f29d421242d000bb2a04637a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3B51A134B00215DBDB18FB78896066F61ABAFC9241B20883C9406EB7D8DF79DC5687A1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D304 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: pto
                                                                                                                                                                                  • API String ID: 0-2184868032
                                                                                                                                                                                  • Opcode ID: d3f15e325fb0e196876908557c7d100458b29b7c3dfef506abdabbaa2a58b2d6
                                                                                                                                                                                  • Instruction ID: 17658f277e423e83364df3c8645894048d650cf4207fac84c8e2efbc34f940c3
                                                                                                                                                                                  • Opcode Fuzzy Hash: d3f15e325fb0e196876908557c7d100458b29b7c3dfef506abdabbaa2a58b2d6
                                                                                                                                                                                  • Instruction Fuzzy Hash: FE519030B002069FDB19EF79C95476FB6A2AFC4304F148529D406DB3A4EF75ED8A8B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09958478 Relevance: 1.4, Strings: 1, Instructions: 172COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (bq
                                                                                                                                                                                  • API String ID: 0-149360118
                                                                                                                                                                                  • Opcode ID: eaa533195466579209910875877da4c7e05e4bb4a83ffa6686a1302f3bac9635
                                                                                                                                                                                  • Instruction ID: 2623b8de48235e267b3d221a5df212601611400d07ac952d1e9e7bb0a3cfb5ce
                                                                                                                                                                                  • Opcode Fuzzy Hash: eaa533195466579209910875877da4c7e05e4bb4a83ffa6686a1302f3bac9635
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3471C930A01216CFDB20DF65C488A6EF7F2FF44314F58CA59E89A9BA15C730E895CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995CA60 Relevance: 1.4, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: <{o
                                                                                                                                                                                  • API String ID: 0-1487196280
                                                                                                                                                                                  • Opcode ID: 4a4b8b7664ba6d3fb50e66557aac61a8ed1ad5f44134693072b49de009cd1479
                                                                                                                                                                                  • Instruction ID: 257b5464130c0019877ce89c578578f147b22541ab7067229a31c369107762ea
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a4b8b7664ba6d3fb50e66557aac61a8ed1ad5f44134693072b49de009cd1479
                                                                                                                                                                                  • Instruction Fuzzy Hash: D551A171B002159FCB58EFB9D4506AEB6F7AFC9240B648429D44BE7384EF31DC4287A2
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09702481 Relevance: 1.4, Strings: 1, Instructions: 135COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                  • Opcode ID: 650d3bd43f0e00b60df8358afd99f9c3abf57b28bb96736b1cbc3584d681b1c1
                                                                                                                                                                                  • Instruction ID: f76bb6797b10ad3431785564d513f24932ad1b2477b3c1e8f0f1e39dafee19e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 650d3bd43f0e00b60df8358afd99f9c3abf57b28bb96736b1cbc3584d681b1c1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A51A477A04245DFCB15CF64C498AAEBFF2EF89300F198099E815AB292D734ED55CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970D6A3 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: :d
                                                                                                                                                                                  • API String ID: 0-2062448439
                                                                                                                                                                                  • Opcode ID: e3f06e88181a46003906a67b9dda3df23114c0005d5dd993cbb741df9412e15a
                                                                                                                                                                                  • Instruction ID: 943cc50ea42e0fd753c2165e16eca167247206b4ea08a42b1e1896f3282a04a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: e3f06e88181a46003906a67b9dda3df23114c0005d5dd993cbb741df9412e15a
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3518E36B00209EFDB01DFA9D844ADEFBF6FB88310F14816AE5059B251D731A955CBA0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 097047C1 Relevance: 1.3, Strings: 1, Instructions: 89COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: U
                                                                                                                                                                                  • API String ID: 0-3372436214
                                                                                                                                                                                  • Opcode ID: 5e9c2bf14ac7ab8369077c001943f251c9f8a1e9be375ca98173fd04b8efff53
                                                                                                                                                                                  • Instruction ID: 73d164a6261f9a51e78c25c5c7f7f42a458912a0375d4e24f8e5160f5699ebd4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e9c2bf14ac7ab8369077c001943f251c9f8a1e9be375ca98173fd04b8efff53
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9931F234600305CFCB14DF65D498A6EBBF2FF85321B14C269E45A8B3A2CB34D989CB50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995111F Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: a^q
                                                                                                                                                                                  • API String ID: 0-3411664965
                                                                                                                                                                                  • Opcode ID: e99fc16d8b534aa10385a6b286c1e7e69158c726d15e3eec75737230643ce12b
                                                                                                                                                                                  • Instruction ID: ec80493e2b0a1106095095dc1ab38f742ef291960e3ef5ff8af845083a858da2
                                                                                                                                                                                  • Opcode Fuzzy Hash: e99fc16d8b534aa10385a6b286c1e7e69158c726d15e3eec75737230643ce12b
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD216130A007059FD319DF3AD54065AFBF6FF95200B04C67ED04A9B265EB70E94A8B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09701EAA Relevance: 1.3, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: :d
                                                                                                                                                                                  • API String ID: 0-2062448439
                                                                                                                                                                                  • Opcode ID: 755e357dab6e83490aa84de30325629d54152c2ce845e9896772dc001e57ac34
                                                                                                                                                                                  • Instruction ID: 4d835bcd3c1f19a6f0fa5e766eca8563cfede87e600c11a96d4c64b4396684b4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 755e357dab6e83490aa84de30325629d54152c2ce845e9896772dc001e57ac34
                                                                                                                                                                                  • Instruction Fuzzy Hash: E111C435209304EFD7258F65D844B6A7BE6EF84320F10816EF5468B292C775EC40CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09957498 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: PH^q
                                                                                                                                                                                  • API String ID: 0-2549759414
                                                                                                                                                                                  • Opcode ID: 4af695b1588d91b2ae5800bb771eda488a80cf95e86719c7c85009e3e61018ab
                                                                                                                                                                                  • Instruction ID: 07fd449adc2b0b4d009d7999f016031dd49e43b1de11a5d6f41ba8c7c460f7b2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4af695b1588d91b2ae5800bb771eda488a80cf95e86719c7c85009e3e61018ab
                                                                                                                                                                                  • Instruction Fuzzy Hash: BF1157B1A001099FDB64DFA5D5996AFBBB9AF88340F108525EC16F7284DB349905CBA0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09701EB8 Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: :d
                                                                                                                                                                                  • API String ID: 0-2062448439
                                                                                                                                                                                  • Opcode ID: 21bdb91e18a1efb8f0d84081445822192c8bdb36a7df9c5c01ff452fafef1e0b
                                                                                                                                                                                  • Instruction ID: 84647b48e5755d43e2490f54daf307129e1e7935aa41f0d0d61b497ab0345e4f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 21bdb91e18a1efb8f0d84081445822192c8bdb36a7df9c5c01ff452fafef1e0b
                                                                                                                                                                                  • Instruction Fuzzy Hash: AE118E36305214EFD7248E65D850B7A7BEAEB88760F50C06AF5098B281DB71EC40CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09954671 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: $^q
                                                                                                                                                                                  • API String ID: 0-388095546
                                                                                                                                                                                  • Opcode ID: 3c27bde170d2280574dc87d97801b914e61e0f465780e68baf0e233f72f630ba
                                                                                                                                                                                  • Instruction ID: 6d806b2c1016f06767613d7b29851d9f94ed0edf08bc3a71853c409ae5e0e1a2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c27bde170d2280574dc87d97801b914e61e0f465780e68baf0e233f72f630ba
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FF0A030B0A7508FD7E5CA28D1403AABBE4BB95710F04556ED883CB662DBB5A881CB81
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09708D98 Relevance: .5, Instructions: 532COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 75684bbbdd6592b5738492f524ace32c50ed1c7c88dbea4060f6dcab7842b6f5
                                                                                                                                                                                  • Instruction ID: 0b58e9c5e2cdf4d354268cb9a2cb0dced3a7e25c662df998417eabdd8dd9f0fe
                                                                                                                                                                                  • Opcode Fuzzy Hash: 75684bbbdd6592b5738492f524ace32c50ed1c7c88dbea4060f6dcab7842b6f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: FA32F435A00209CFCB15CFA5D594A9DBBF2FF89314F24856AE919EB292D731E881CF50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09702B58 Relevance: .5, Instructions: 458COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2232fe0ead6647491e1a89c9ca5ceee2fa78e77b9bff205b13b8021c3ca98296
                                                                                                                                                                                  • Instruction ID: 8624e631ab6e3baee89fff69356c7edbb14b5e3017902de14c495496ab486840
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2232fe0ead6647491e1a89c9ca5ceee2fa78e77b9bff205b13b8021c3ca98296
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51123631A00205CFDB18DF69C598A6ABBF2FF89704F148469E416DB3A6DB75EC41CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970D0EB Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ff9fb8d633091526e654f5279721fe71e9a057410f27e5c8b9f3881a3c9271ba
                                                                                                                                                                                  • Instruction ID: d0223f8b4aaf8e110edd92a392b24b07720a7ac063470ebc018a6dde084cda81
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff9fb8d633091526e654f5279721fe71e9a057410f27e5c8b9f3881a3c9271ba
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F022631A00319DFCB18DFA9C494AAEBBF2FF88310F148569E9169B395DB35D941CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970B2D0 Relevance: .4, Instructions: 388COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bc311d4bd9199c7816ccda30aa8104e7e5fc8b4871f1eec7373291a0cbbd95c1
                                                                                                                                                                                  • Instruction ID: a6e216a8185cff3f7733abaeb97feb0077ba60e1e0d757b0cb1f80b42b6abeda
                                                                                                                                                                                  • Opcode Fuzzy Hash: bc311d4bd9199c7816ccda30aa8104e7e5fc8b4871f1eec7373291a0cbbd95c1
                                                                                                                                                                                  • Instruction Fuzzy Hash: EFE13B32B01215DFDB08DF69C8919ADBBF2FFC9701760456AD006DB3A4DB30AE058BA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09951988 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a88b9fab2cd8283201102c5b138cff78fa750d27228fb455994f58decb0b6d5f
                                                                                                                                                                                  • Instruction ID: 32a0afd7a52e00c9d21002a0af6d2c25ebb04152ba7d4ddfe77bfb1d0b618718
                                                                                                                                                                                  • Opcode Fuzzy Hash: a88b9fab2cd8283201102c5b138cff78fa750d27228fb455994f58decb0b6d5f
                                                                                                                                                                                  • Instruction Fuzzy Hash: B5F13C71A04619CFDB24DF69C940B9AF7B5FF88300F15C699E849AB215EB70E985CF80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970C1D0 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5b71e71551cc0e5e201423a519050869b4b728f3cfbd9ae2a672bf2aa3393ba3
                                                                                                                                                                                  • Instruction ID: 9292d6e0b1bb465a5d245af6bd815229dfde67b948b759711837263fa24bfd68
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b71e71551cc0e5e201423a519050869b4b728f3cfbd9ae2a672bf2aa3393ba3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AD10575B00205CFCB05DFA9D5949AEBBF2BF88310B1985A9E949DB3A1DB31EC41CB50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970B9A5 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c9e71557f9090fb68562477e8ec57146a7de508bb7a78af9d3b622621db739ec
                                                                                                                                                                                  • Instruction ID: 897334fc6c1326b7ff5c7a28780edddec30011e57a47ddb2e87eb97b7f882b40
                                                                                                                                                                                  • Opcode Fuzzy Hash: c9e71557f9090fb68562477e8ec57146a7de508bb7a78af9d3b622621db739ec
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A81D0B6A01251DFCB19DF65D1A003EB7E2BFC97407188A59C816AB399DF30ED41CB92
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099517DD Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 149d85ca07f4bca606f6cf2d145c7ec9bfc385d47aa950ddd848c9c3a4c298d4
                                                                                                                                                                                  • Instruction ID: d6e54c7cc02fa5e4006e7147c5f44c3f607010dc464dfb422877523c9cd1f0c0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 149d85ca07f4bca606f6cf2d145c7ec9bfc385d47aa950ddd848c9c3a4c298d4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 23218C70A0835A8FDB66CF28D850BAE7BB5BF49300F0041AAE84AE7255DB70DD45CF61
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09959400 Relevance: .2, Instructions: 209COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e9f36512d5663319b9441fc5cead94a19d5896d9acebd324d86fe522cec95d80
                                                                                                                                                                                  • Instruction ID: 9b89cf8329b09e35e39d1312f8ff0e60deec6582a381ac45f8aa122cce75d273
                                                                                                                                                                                  • Opcode Fuzzy Hash: e9f36512d5663319b9441fc5cead94a19d5896d9acebd324d86fe522cec95d80
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B718070B002159FEB14DF68C840A6EBBF6BFC8314F548168E846AB395DB31EC46CB95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09706D80 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d7ee655ed2f84396734340f01e014003a2323bc2d6b4e74290c19c68971a27c8
                                                                                                                                                                                  • Instruction ID: daafa1891a4652f89cb34e02c2c3b1e3326b55d16928f69f8bc382c5befd8593
                                                                                                                                                                                  • Opcode Fuzzy Hash: d7ee655ed2f84396734340f01e014003a2323bc2d6b4e74290c19c68971a27c8
                                                                                                                                                                                  • Instruction Fuzzy Hash: C2818E31600305DFCB15DF69D8A0A6ABBF6FF85700B008A6EE446CB6A5DB71EC45CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09700BB8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2c8f00804a6b71137abffe012a4be75ca80376b3b9df0d41c59f3d3df2f8cd99
                                                                                                                                                                                  • Instruction ID: 3d9b30e4e607c462122ea82071375c92a67694eb54adfa696f729f30a17e3bc7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c8f00804a6b71137abffe012a4be75ca80376b3b9df0d41c59f3d3df2f8cd99
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B714B31600206CFCB24DF29C5947ABBBE2FFC4324F148529E846873A5DB74E949CBA0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 097009C8 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b2e0f0678b0d312baa2dea737311b86d7e7d81f4cd7bde622f1c0f7b7aea1841
                                                                                                                                                                                  • Instruction ID: fbd19eab2bdc09e7b70e089cc288991d9a7f7e0c8e7aa544a8d662bb674adee1
                                                                                                                                                                                  • Opcode Fuzzy Hash: b2e0f0678b0d312baa2dea737311b86d7e7d81f4cd7bde622f1c0f7b7aea1841
                                                                                                                                                                                  • Instruction Fuzzy Hash: DF61D5B5E00219CFDB54CFA9C890A9EBBF5FF88314F10806AE919E7354E7759941CB60
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995C6C0 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 85afb403f7ed81ac1878fab177cbf1cfa8d271f8184c33264b179373f34dc0b5
                                                                                                                                                                                  • Instruction ID: b5fdad990447cc5f806780927f25f84921528c6016b861a29de09eaad2718a48
                                                                                                                                                                                  • Opcode Fuzzy Hash: 85afb403f7ed81ac1878fab177cbf1cfa8d271f8184c33264b179373f34dc0b5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 21519730B012059FDB04EB68D550AAEB7F7EFC8300F518569D94AAB394EB70ED068B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09959D88 Relevance: .2, Instructions: 161COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7dbd58daad51171f28814f0c99609b91a76b0dfba0fb602c2a8598e69ae4c9c8
                                                                                                                                                                                  • Instruction ID: 3f3218481b7d192aa5cdafd615036a021ad74f5673b0058baf8f758764a12cf3
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7dbd58daad51171f28814f0c99609b91a76b0dfba0fb602c2a8598e69ae4c9c8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 914128317052659FE709AB7D845026FBBAAFFD0750B24852AD509CF3A4DE309C06C3D0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09956EA8 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7d32a8191d78377f276cbcae585de76de0dc63bc597f3500f03ce2bb22a00b64
                                                                                                                                                                                  • Instruction ID: 9786de828c80c2fa5c07108b243125387a11168491e6a63b5b5bccbf9cfa57a9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d32a8191d78377f276cbcae585de76de0dc63bc597f3500f03ce2bb22a00b64
                                                                                                                                                                                  • Instruction Fuzzy Hash: EA512E35B002059FDB54DFB9C950AAFBBE6AF8C340F148479E946EB361DA32DD018B60
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09959210 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d6dc98a0f938e9eb4fa44820776411cdfcb9ab0b975bcccd74828a3b77539bff
                                                                                                                                                                                  • Instruction ID: 4d3d9d135ad3d660d9570ce44c908db24b0db4dfc7bc0d5e25d21302f5334813
                                                                                                                                                                                  • Opcode Fuzzy Hash: d6dc98a0f938e9eb4fa44820776411cdfcb9ab0b975bcccd74828a3b77539bff
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1551B431911619CFDB18CF59C4906AEFBF2FF94310F998569E847AB681C774AC84CBA0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995CCC0 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ff2a599f2c3ae2e10caf74c6c39b4f3b38a862260dbea2b07678d2941d6e1c26
                                                                                                                                                                                  • Instruction ID: 544f3e9412be130f402b421ee21c066cedf42c4122ddf329bde652f7b62322dc
                                                                                                                                                                                  • Opcode Fuzzy Hash: ff2a599f2c3ae2e10caf74c6c39b4f3b38a862260dbea2b07678d2941d6e1c26
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C51A371B102149FDB14EFB8D4506AEB7F3EFC9204F608569D84AE7384DB359D068B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995AE80 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c19a89477ac4c9a54fd76d605b40471cc237a7fb64fa7954f538e3b27859fea3
                                                                                                                                                                                  • Instruction ID: cc8f9787a5e148a97b05b6292db63d035af5ba0a472891cbe329c3d849c9b6ab
                                                                                                                                                                                  • Opcode Fuzzy Hash: c19a89477ac4c9a54fd76d605b40471cc237a7fb64fa7954f538e3b27859fea3
                                                                                                                                                                                  • Instruction Fuzzy Hash: A7516431A002199FDB24DF65C854BAEBBBBFF88300F148499D90AA7394DB319D41CF61
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09953928 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7a28f3840bea82ae67d29b3adaf037036f97f364c304a051295c27cf882ba4e9
                                                                                                                                                                                  • Instruction ID: a4b778b36112985922e9c5109a12240fd01002572b30440aa92b700b42434227
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a28f3840bea82ae67d29b3adaf037036f97f364c304a051295c27cf882ba4e9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 63410271B00214DFDB04EF7888517AEBBA6EBC4750F2484AAE906EB394DF349D4287D1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970A430 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 87f984000b2b55b84efbb2a116793d58a39444ec5a743f80fe50e85f755cb183
                                                                                                                                                                                  • Instruction ID: 98847d3f498f8114c5f366ca3e8547af061fde766b85f2142ba3629425c8b580
                                                                                                                                                                                  • Opcode Fuzzy Hash: 87f984000b2b55b84efbb2a116793d58a39444ec5a743f80fe50e85f755cb183
                                                                                                                                                                                  • Instruction Fuzzy Hash: A541AC71B003069FDB04DF68C584AAAB7F2FF85200F008569D4089B366EB71ED45CBA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09952F18 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6215fecf4b08b207cb637e596e5d71432fdb788ca88bc84288c8ddc4468e7833
                                                                                                                                                                                  • Instruction ID: fa19a3cc05297092344e9913d52d98d0ce0047017daa66577dea80b62c3a5311
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6215fecf4b08b207cb637e596e5d71432fdb788ca88bc84288c8ddc4468e7833
                                                                                                                                                                                  • Instruction Fuzzy Hash: C341EF30A057569FC701DF68C98099AFFF5FF49300B00896AE0998B272D730F846CBA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995B0C0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 373952cf60478c4e69f2760fad5d5b9a3c9560f8aefb0723b8cd03215d95a00d
                                                                                                                                                                                  • Instruction ID: 61971898228eebe72e781b349f7ce8094a3e99f042e166c5bb9651f806f56330
                                                                                                                                                                                  • Opcode Fuzzy Hash: 373952cf60478c4e69f2760fad5d5b9a3c9560f8aefb0723b8cd03215d95a00d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E31D836704254AFCB09EF79C81896F7BA6EFC8211754842DE40ADB391DF31DC1287A1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995C0E8 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: aacb22838f8c0c821b95a2d886ba8203f6567fe7954e2efd60d8ba7cde764b07
                                                                                                                                                                                  • Instruction ID: 42dcf7fbd32db77fe58e9258b70fe6a1aba461607c42c8c49680f2a5cb529af6
                                                                                                                                                                                  • Opcode Fuzzy Hash: aacb22838f8c0c821b95a2d886ba8203f6567fe7954e2efd60d8ba7cde764b07
                                                                                                                                                                                  • Instruction Fuzzy Hash: 22315E31B002546BC705AA79485046FFFE79FCA290B19C06AF8ADDB361DA37DC5387A1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099512F9 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 25480cd906ec9c3b373c6cc577081c75854a3a30e74590a9be53aaf26a624296
                                                                                                                                                                                  • Instruction ID: 54dfd56261fb7367f9fbf6dbbe8cbab29ff1876ded03cbb44a7b11c104a96997
                                                                                                                                                                                  • Opcode Fuzzy Hash: 25480cd906ec9c3b373c6cc577081c75854a3a30e74590a9be53aaf26a624296
                                                                                                                                                                                  • Instruction Fuzzy Hash: E231E3302443019FD728DF35E89476AB7A3FBC8310F544A29D44A8B7A4DB70E88A8B95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099579D2 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ad1f5967774fd9758598f72bc7aa30ff902186e6da497b3506057ab8e2429fad
                                                                                                                                                                                  • Instruction ID: e246a57259c31e2423e7be0be329668f710612b3de5807d60986398e0ac56623
                                                                                                                                                                                  • Opcode Fuzzy Hash: ad1f5967774fd9758598f72bc7aa30ff902186e6da497b3506057ab8e2429fad
                                                                                                                                                                                  • Instruction Fuzzy Hash: FA31CF307043868FCB05DBB9D86565EBBF5EF85300B0085BAE446CB3A1EBB4D905CB91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09954E78 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7a5118caec8ae905b0e79bb5e32a1b74f13c3a394ef93b0340e6223623e70bbe
                                                                                                                                                                                  • Instruction ID: bdb5fda8d17e7b98adcfd6ac489ed7cddf00039c2b810933dd5afa74b3f81d1e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a5118caec8ae905b0e79bb5e32a1b74f13c3a394ef93b0340e6223623e70bbe
                                                                                                                                                                                  • Instruction Fuzzy Hash: 53419670A402059FDF09DFB8D950AAEBBB5FF99300F104569D011AB3A4DF39AD46CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09954E88 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1afb33ccef5a183f7decf2d67e476c6bfdf85d67355ea82310c761e3928c8477
                                                                                                                                                                                  • Instruction ID: e5102119dc98a74288307a3284da8534df6bd8571310d3230e03141b7f7a0312
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1afb33ccef5a183f7decf2d67e476c6bfdf85d67355ea82310c761e3928c8477
                                                                                                                                                                                  • Instruction Fuzzy Hash: CB316970A402059FDF09DFB8D950AAEB7B5FF98300F108569D115AB364DF39AE46CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09707130 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d47e7ffcf71a2b588a9aa703bffc6924649bce3e2f1f0267c32ed5274eed0187
                                                                                                                                                                                  • Instruction ID: bb30f2758db50002c0e0e40cb2cb6a1c0a32984be2f51022ae11022ad9b5133c
                                                                                                                                                                                  • Opcode Fuzzy Hash: d47e7ffcf71a2b588a9aa703bffc6924649bce3e2f1f0267c32ed5274eed0187
                                                                                                                                                                                  • Instruction Fuzzy Hash: D7214B76704204EFDB05CF95DC84DAABBEAEBC8361B04842AF608CB2A2D771D810DB54
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09701758 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d87d0b6965769b5bb286186ac647ef7e1b2e63475260be9f6a2e947668a0dfab
                                                                                                                                                                                  • Instruction ID: 376fee200326db0a44a0e1f92a6a3216f307dcaa87bb1d547fe8d823de95ea1a
                                                                                                                                                                                  • Opcode Fuzzy Hash: d87d0b6965769b5bb286186ac647ef7e1b2e63475260be9f6a2e947668a0dfab
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91319A72B04205DFDB159F29C895A6ABBF6EFC5720F54806AE812DB3A2C730DD41C790
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995ABA0 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a3b23f9c07280ae96e7dd758336dd60b89a03031d94ec4b551664f9bad228940
                                                                                                                                                                                  • Instruction ID: 8f03cb73c72bac4643303b094eeaf16f299886539624bc1e6d0ee4d874c354d1
                                                                                                                                                                                  • Opcode Fuzzy Hash: a3b23f9c07280ae96e7dd758336dd60b89a03031d94ec4b551664f9bad228940
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1021D631B00114ABEB14ABB98D41BAF7AF6FFC8B20F248519E154BB3C8DA715C0187D4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995ABB0 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5988c8a5221b79554331ce275326304824e01b3b4ceeefd054ef7e9bf7bcc090
                                                                                                                                                                                  • Instruction ID: b771eb0aa436c1fc6c1e46c2ec7e92753a31cf1140efe6e8fdfaf0ac1ca0c4da
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5988c8a5221b79554331ce275326304824e01b3b4ceeefd054ef7e9bf7bcc090
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7621B530B001146BEB14AFBD8D41BAF7AF6FFC8B20F108519E114AB3C4DA716C0187A4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970D998 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 71728043ab9192bffb314db78b7b6c8abd83c7f083a6ca4f8844f12c366cdb28
                                                                                                                                                                                  • Instruction ID: 11e79cdd1144f0da4b46e5e086bb797c8c86f5dcf191935776ae0b768c782ceb
                                                                                                                                                                                  • Opcode Fuzzy Hash: 71728043ab9192bffb314db78b7b6c8abd83c7f083a6ca4f8844f12c366cdb28
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C21AD75700255AFDB149FE5D818ABE7BAAFB89B80F004429F806D7381DA759D048BA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0144D730 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1777616722.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_144d000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bce35c9f7588cc55eb84d4776d1af66ea8440879e8d050d0ef8cecadde30f778
                                                                                                                                                                                  • Instruction ID: 152b4da88a77237e8be467da54be3ce19f5f9919dbf90bcb374f53e7fc4184ea
                                                                                                                                                                                  • Opcode Fuzzy Hash: bce35c9f7588cc55eb84d4776d1af66ea8440879e8d050d0ef8cecadde30f778
                                                                                                                                                                                  • Instruction Fuzzy Hash: 36210871900280DFEB06DF54D9C0B27BFA5FB98314F24C26AE9094B366C33AD416CB61
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09958838 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 372c5acd8aa61faab9fa1ab436331892704134905c7e756f930438eaad089d9e
                                                                                                                                                                                  • Instruction ID: 9938278797a09748ab6730141136837f941db6e8f1731b465355fb2d09de65a1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 372c5acd8aa61faab9fa1ab436331892704134905c7e756f930438eaad089d9e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C218135B101198FDB48DF69D454BEEBBF6AF88701F10406AE506EB3A4CBB09C01CBA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0144D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1777616722.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_144d000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 933fe302aa1b8ed94efc7b2c2caf7d092523bf7b98555da3acfa75451d031302
                                                                                                                                                                                  • Instruction ID: 91b08ad29ba5320812674f61c10ca55849c201da0cea8fe51bbc65d2f8cfa0b9
                                                                                                                                                                                  • Opcode Fuzzy Hash: 933fe302aa1b8ed94efc7b2c2caf7d092523bf7b98555da3acfa75451d031302
                                                                                                                                                                                  • Instruction Fuzzy Hash: 25212571A00240DFEB05DF58D9C0B2BBF65FBA8318F20C56AE9094B366C736D456CAE1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0144D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1777616722.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_144d000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 04a332131e0684a0df8640d1c69df063bb8b46e981b20f72548b4a615b78ef83
                                                                                                                                                                                  • Instruction ID: 2badf2f49d3f280e3e6617bc7e5c9a19e7376656ebbd626b88b2f2f9c44cae3b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 04a332131e0684a0df8640d1c69df063bb8b46e981b20f72548b4a615b78ef83
                                                                                                                                                                                  • Instruction Fuzzy Hash: CF210671900204DFEB05DF58D9C0B57BF65FBA4324F20C17AE9094B366C33AE456CAA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995B3E0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ae1bc6d79bb9b679ed6b584163246a07c56e7d7039be20346eb6cdf94dabc4fa
                                                                                                                                                                                  • Instruction ID: a68bf69e1df761e2017eb889bb12139a58216a8345e39867f2641ec8cd8ca56c
                                                                                                                                                                                  • Opcode Fuzzy Hash: ae1bc6d79bb9b679ed6b584163246a07c56e7d7039be20346eb6cdf94dabc4fa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E31F2B1D00259DFCB10DFAAD884ADEFBF5FB48324F14842AE819A7250D7749955CF90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995B3E8 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 884355ac36717279005a9b1e1136bc63f766577eef9051eae4fb304799743d42
                                                                                                                                                                                  • Instruction ID: 53e76db18dc59a7f2c115d7d89ce56735e2d3fe55581cc2cc7d2d4046e9f5655
                                                                                                                                                                                  • Opcode Fuzzy Hash: 884355ac36717279005a9b1e1136bc63f766577eef9051eae4fb304799743d42
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8331D2B1D002599FCB10DFA9D884ADEFBF5FB48324F14842AE819A7250D7749954CF94
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09957A00 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e9385744736fcf2c4502a3fb2e8903ce866c6e8e40c306ae5bd6394028459662
                                                                                                                                                                                  • Instruction ID: 714e8ade49f1240739bb549ac42da5031f5d7bac2642f239ba961de4cbf037e4
                                                                                                                                                                                  • Opcode Fuzzy Hash: e9385744736fcf2c4502a3fb2e8903ce866c6e8e40c306ae5bd6394028459662
                                                                                                                                                                                  • Instruction Fuzzy Hash: C5214C70B003068FCB14EF69D855A5EBBFAEB84700F10852AE5069B394DBB4D9058B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 015AD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1777735232.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_15ad000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a822ea9e5c50c995b9363d8b3485c48a3fd9f1c037408d66d50835780e8fa037
                                                                                                                                                                                  • Instruction ID: 9c45eb5e25385c2517b9624becbfa2b2a5ea264ebb13adc2f5d4bc102544137b
                                                                                                                                                                                  • Opcode Fuzzy Hash: a822ea9e5c50c995b9363d8b3485c48a3fd9f1c037408d66d50835780e8fa037
                                                                                                                                                                                  • Instruction Fuzzy Hash: 16214271284200DFCB11EF68D980B2ABFB1FB88314F60C96DD80A4F656D33AC407CA61
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970A338 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 058be39ac210f7502bd5c6cb59eb8e250d5cc08da4c341444183045466e77b1b
                                                                                                                                                                                  • Instruction ID: 7776e0edf0716689aaaff97ff77e95ab9992263d3d375a56a6007fd298d61580
                                                                                                                                                                                  • Opcode Fuzzy Hash: 058be39ac210f7502bd5c6cb59eb8e250d5cc08da4c341444183045466e77b1b
                                                                                                                                                                                  • Instruction Fuzzy Hash: E3215B317003059FCB189B35C954A6EB7E6FFC9350F108469D805CB7A1DA76EC01CBA0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970F3E8 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9878ab05ff07272ffc9af002d7d6da62754c005445dcb9f0be6d8c3c80fbfa08
                                                                                                                                                                                  • Instruction ID: 9a9012432a3e943ba3f41a08564b95745856b6855fdff2b42b12b0bef3323a06
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9878ab05ff07272ffc9af002d7d6da62754c005445dcb9f0be6d8c3c80fbfa08
                                                                                                                                                                                  • Instruction Fuzzy Hash: AA216D32601640DFD729CF6AC554A66BBF6FF88310B05C5AAE54ACB3A1DB34EC05CB50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09700E28 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0c7ef9b6524c383eda486e17b47855c65b3351d081f82f936251d77d3b0019d8
                                                                                                                                                                                  • Instruction ID: d1b698e421454469aaf54fc7bd9addfe019ec3c1814290c056693906a56c1a77
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c7ef9b6524c383eda486e17b47855c65b3351d081f82f936251d77d3b0019d8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A1101737082258FE725EA6AE8447BAFBD5EBC8771B04823BE504D7280DB31A811C794
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995A84A Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 58f8ce32f2d9ff9abfe47fda8fc9585d8ad69f3c1dab0831e9d6c32ae177fda4
                                                                                                                                                                                  • Instruction ID: 33965418f16ca041e2b65873c34447556e60c1429975352296c1d0fa75a3d4bd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 58f8ce32f2d9ff9abfe47fda8fc9585d8ad69f3c1dab0831e9d6c32ae177fda4
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C11E632708255AFDB09AFB8581426E3FA7FBD8250B14452EE506D7392CF318D0287A6
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995A028 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0156d074dad3778cfe528157408382441580a04002cc0269947e91c0efbe23a9
                                                                                                                                                                                  • Instruction ID: aff8ed9b1cb61031b6f8aeeaf1cfe980f45929baff670d856875e8a04a66096c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0156d074dad3778cfe528157408382441580a04002cc0269947e91c0efbe23a9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3711BC347406119FC758DB798C54B2BBBEAAFC9620B24856EE106DB3E6CF70DC028B50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995DEB9 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 58ec9971688d3ab10ac436c67b15b37eea4b4f2bc7220f9117ea81d91344afad
                                                                                                                                                                                  • Instruction ID: 34c61c22a9b57b03a2577930c01747a618febf18e814fcb78953fd011f094b8c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 58ec9971688d3ab10ac436c67b15b37eea4b4f2bc7220f9117ea81d91344afad
                                                                                                                                                                                  • Instruction Fuzzy Hash: D2116D31E00218DBDB14EBB8C8546EFBBB6EFC8300F14D929D90277390DA755905CBA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 015AD006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1777735232.00000000015AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015AD000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_15ad000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3f4eaf992dffc521e401f92f069f8f0004afb347a438808c4095f5724f824c30
                                                                                                                                                                                  • Instruction ID: 235749190b756b5f15bd27609565d8c1df3e2a099caaf1a2c319c89d20768400
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f4eaf992dffc521e401f92f069f8f0004afb347a438808c4095f5724f824c30
                                                                                                                                                                                  • Instruction Fuzzy Hash: F321A1755493808FDB03DF24D994719BF71FB46214F28C5EAD8498F6A7C33A980ACB62
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0144D72B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1777616722.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_144d000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                  • Instruction ID: 679e7965c9c39812de7aba042e9ad913d9acc8deed133f4f8cb1fe494c58850e
                                                                                                                                                                                  • Opcode Fuzzy Hash: c7c8d58dc0dea2b6e01ffeb94055e7b182a7219ccea2c20f3472bf21e95a7b9d
                                                                                                                                                                                  • Instruction Fuzzy Hash: CF21C076804280DFEB06CF44D9C4B16BF72FB98314F24C2AAD9490B266C33AD416CBA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995DEC8 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0f7b180f05cb9f6b384601f14dba0561557d6029f0f7f3919a9d71b843c84b0a
                                                                                                                                                                                  • Instruction ID: 708b2584e87d4f108e76eb289613e8c8ac28c61c06447302569dfa9221fedafa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f7b180f05cb9f6b384601f14dba0561557d6029f0f7f3919a9d71b843c84b0a
                                                                                                                                                                                  • Instruction Fuzzy Hash: FF112B35E101189BDB14EBB8C8557EFBBB6EF88300F14D429D90277394DA755944CBA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0144D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1777616722.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_144d000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                  • Instruction ID: 530ca983f5f651b6e92f7648bdc7e24ada86a6777906f858b35ca3c72c6a1b5d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9211DF76804240CFDB02CF54D9C4B56BF71FB94324F24C2AAD9090B366C33AE45ACBA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0144D4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1777616722.000000000144D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0144D000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_144d000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                  • Instruction ID: 78960e62d2938c300c75a952c62e181dad983f92d40e4e19e1e51d7b87b97d88
                                                                                                                                                                                  • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                                                  • Instruction Fuzzy Hash: ED11E172904280CFDB02CF54D9C4B16BF71FB94318F24C6AAD8090B366C336D45ACBA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995B0AB Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 560875062d4489ad6e80f805c8d266ec7ce4c20ce5dcf2f6bfac6d6151705ac3
                                                                                                                                                                                  • Instruction ID: 5f8bb5077d940fb410a59f68d852cb1be946841d22bdbdc1811a22e2a131baf5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 560875062d4489ad6e80f805c8d266ec7ce4c20ce5dcf2f6bfac6d6151705ac3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C11AD757042559FDB05DFA59C45AAFBBBAEFC8310F14842AE809DB390EB708C018BA1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995A408 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5639783279ad86224b7182adf6fd1e5632da2d08f4c9281b9317bb29e47041f3
                                                                                                                                                                                  • Instruction ID: 0ac6bf99ef6a706faf992d9aee8f06d957f2bdd521ddabd6a04f2227f7b043c1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5639783279ad86224b7182adf6fd1e5632da2d08f4c9281b9317bb29e47041f3
                                                                                                                                                                                  • Instruction Fuzzy Hash: F41164B2800349DFCB10DF99C845BEEBFF5EB58320F148419E959A7210C379A990CFA4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995AAF0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fb9eee704620351eada674295b519ebbf1c8b4c545d65269224b59175a771e96
                                                                                                                                                                                  • Instruction ID: 0fabfd87f510281c35e17a68c775a1b8a0a2237b56798fecaa29adb1e0ad4a14
                                                                                                                                                                                  • Opcode Fuzzy Hash: fb9eee704620351eada674295b519ebbf1c8b4c545d65269224b59175a771e96
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C1164B6800249DFCB10DF99D845BDEBFF5EF88320F14841AE969A7210D339A950DFA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09709510 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4f446764ddb4cb36c8f91b763e0af260d55d13b6300dd2a5c10994c58a1c37b2
                                                                                                                                                                                  • Instruction ID: 6a67454f526eaee8efc9165e5aedc10a05b0a36e20ffd9f832cfbd2eb7cae039
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f446764ddb4cb36c8f91b763e0af260d55d13b6300dd2a5c10994c58a1c37b2
                                                                                                                                                                                  • Instruction Fuzzy Hash: D7112B716007069FC725DF69D98098EFBF1FF84310B008A29D4599B769EB70FA498BE1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09959F90 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9750b80e67cc234141e1cf8ae26f4df08c83a0ac1fca57f55acc2c36e5d6b889
                                                                                                                                                                                  • Instruction ID: 2fcec73dc8c1f357f35f80edb1be60c02b1b7b8eec51e574ca685eae7054f793
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9750b80e67cc234141e1cf8ae26f4df08c83a0ac1fca57f55acc2c36e5d6b889
                                                                                                                                                                                  • Instruction Fuzzy Hash: FD113070E012159FCF24DF79D8042AFBAF6FF8A704F008529E85AD7240EB759941CBA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995C188 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 92631bbc038f4f43688711ac767c60f857506b961ff430d0e1c34818813fdd3e
                                                                                                                                                                                  • Instruction ID: c3dadcade2394fb9a72ee1250495fd22b192bfc887938d76cceeed08a6e3bf77
                                                                                                                                                                                  • Opcode Fuzzy Hash: 92631bbc038f4f43688711ac767c60f857506b961ff430d0e1c34818813fdd3e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 43014836304145AFCF06AEA598508AE7FA3EFCD2107148069F909D7365DA37DC2397A1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09707B90 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 821436d6508142d32a4b1a7009b3aee19042ddb210dac0a4469df2ec0a6fdc06
                                                                                                                                                                                  • Instruction ID: 13a769972695583fa131bdbdb5be30395ba1f8d321dbd7ec82e911ccdd73ae0c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 821436d6508142d32a4b1a7009b3aee19042ddb210dac0a4469df2ec0a6fdc06
                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F0C273304014D79A295A1FBC9899FF7DEFBD9AB6754413BF908C2241EFB1980285A8
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09959200 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4b6bd3d4c857f09dcd0ebc26f3bc186db8434c5a0ee658613c254ade73138d6a
                                                                                                                                                                                  • Instruction ID: e8446fb3a0e3989e284168f70279d338d5ba9ddd8e896e3a77a901511081a393
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b6bd3d4c857f09dcd0ebc26f3bc186db8434c5a0ee658613c254ade73138d6a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C015A71E022199F8B5CDFAAA9911AEFFF6BFC8310F20803ED44AE7254D63049018B90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09957590 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 34f1b333c039e9e8fa08fae150bbf886fd5a6ec0f4282be781a948f9a7a228fb
                                                                                                                                                                                  • Instruction ID: 73f9bffc8abbdbce8c74bd26066945f8f8de1a20bb7b8b0f92bf1893cd6ae1aa
                                                                                                                                                                                  • Opcode Fuzzy Hash: 34f1b333c039e9e8fa08fae150bbf886fd5a6ec0f4282be781a948f9a7a228fb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 86F0C8337002196B4B14DE9AAC4097FB7EEFBC4660714853AF505C3240DB32D9068760
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09951468 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 54a8414936353022aa8648464e8d33bb9774ab7ce24623895b3d980e0521ee75
                                                                                                                                                                                  • Instruction ID: bf66412f86aa636d9d6500428334acefe3f6371782dde61a50e953a8f740a335
                                                                                                                                                                                  • Opcode Fuzzy Hash: 54a8414936353022aa8648464e8d33bb9774ab7ce24623895b3d980e0521ee75
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E11E0B1D042598FCB24CFAAD844ADEFBF4EB48314F10852AD859A7250C378A545CFA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995B8D0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: abf2b74dadf5d1f0888d94b6b39c23ae5d12ef64f10df65fa7e7b18996e1e419
                                                                                                                                                                                  • Instruction ID: 683514b13068e6fb502579b36e8247c2339d38dfcb3b1ba0d283b7c9d4982d0b
                                                                                                                                                                                  • Opcode Fuzzy Hash: abf2b74dadf5d1f0888d94b6b39c23ae5d12ef64f10df65fa7e7b18996e1e419
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3A018636300154AF8B05BAA9985056F66A7DFC9210724C02AA909AB395EE37DC1397A1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09959F88 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 0bdece60c4b7fe1fcfe50445cd70903d79898cae7e51e07c920465b597db993d
                                                                                                                                                                                  • Instruction ID: c98a4f85dbac2c826650268c489c8759a15cefb1139d7aea2a08bad03040e275
                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bdece60c4b7fe1fcfe50445cd70903d79898cae7e51e07c920465b597db993d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73014830E01615DFCB64DF78C8042AEBAF5FB8A310F00842AE85AD7210E7758942CB95
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09706D7A Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 669b8624d2dd4da43dad7a8b7aee7fc7caee2f4344f97df64fae48a0a4f894a3
                                                                                                                                                                                  • Instruction ID: 3b38ff746d98aa98b051266435a1fdc2b58e36797751003786676a355a08e6ad
                                                                                                                                                                                  • Opcode Fuzzy Hash: 669b8624d2dd4da43dad7a8b7aee7fc7caee2f4344f97df64fae48a0a4f894a3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 27014F71B0010AAFCF18DFA5DC949EFBBB6FFD9350B10813AE549D2260D7319A158B90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970BDC8 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 535c191910e50a5449762cc2d321fb1d6e032316dfc95837b66ab7b119544372
                                                                                                                                                                                  • Instruction ID: 2f2b21a7992c12dc49b49bdbdef238e4fe4ef476f9d7cf2bd1636d31689af9c1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 535c191910e50a5449762cc2d321fb1d6e032316dfc95837b66ab7b119544372
                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F0C273B041149BDB55DA59E014A6EBBE6DBC4770B14803AE908CB390DA36ED82CBD0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995B368 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8242d2f1e722f533dff6a56caae9bce74d61d49a8e5834aaa903eaa5b6d2b880
                                                                                                                                                                                  • Instruction ID: c8d4e89ee4317a518212758efc577f50f1eef93b15c0434effbc1c8150e061dd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8242d2f1e722f533dff6a56caae9bce74d61d49a8e5834aaa903eaa5b6d2b880
                                                                                                                                                                                  • Instruction Fuzzy Hash: C6F0AF317561049BE308CA2C946477FBBA6DBC4314F24442E980AAB350DB32DC4287A0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09951470 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 99a6ede0800e3b217544bf17a4af25fddb66d680fa7e34a0993866db51d6318d
                                                                                                                                                                                  • Instruction ID: 08b9fe73e2be7fabefd27ebcd61c1372b823fce69fa2063eab6197c77dd15d12
                                                                                                                                                                                  • Opcode Fuzzy Hash: 99a6ede0800e3b217544bf17a4af25fddb66d680fa7e34a0993866db51d6318d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E110DB1C043488FCB20DF9AD444BCEFBF4EB48324F10852AD859A7210C378A544CFA5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 097096F0 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5081ecd8e530c27e271031c466f7e19a32eb5df174cb082a353ed7174a8442b2
                                                                                                                                                                                  • Instruction ID: 287d6fe848552f0e47797b3af4ed74caa97ace5dc77a8efd1adcbe92495d9b13
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5081ecd8e530c27e271031c466f7e19a32eb5df174cb082a353ed7174a8442b2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DF04037B143408FC7168B39E860996BBE1ABC9210B0680BBE559C73A3D660DC08C790
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995B378 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 575f87c4a98aa0e6097e6026e522a78cabf1ab82e2807aa20d179f8c20e21e3d
                                                                                                                                                                                  • Instruction ID: 862c6ba11e2ddb38d61f3d8a8e51aebcc32ad9d1332404cee52a38fdc2a62150
                                                                                                                                                                                  • Opcode Fuzzy Hash: 575f87c4a98aa0e6097e6026e522a78cabf1ab82e2807aa20d179f8c20e21e3d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AF0B4317061044BE31CCA1DD46477FB79ADBC5324B24447E980AAB350DF77EC8283A0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D9FF Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 7acd934dfb8d1790b7e3a9c03b751d01adf53830a0d8f835b8ca7d7891f32a27
                                                                                                                                                                                  • Instruction ID: 8bfa801fbe0a9c4f0c89d4358d0a7cf2b89d556c7050a51897ee0a6ad48a1e23
                                                                                                                                                                                  • Opcode Fuzzy Hash: 7acd934dfb8d1790b7e3a9c03b751d01adf53830a0d8f835b8ca7d7891f32a27
                                                                                                                                                                                  • Instruction Fuzzy Hash: 59F09E7378D2495FD711CF6C9C4205677A4EBD5366B0D49DFE84B8E1AAE90484038312
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09951F72 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 232348d5cfe39f3f0edea42c170368b4033dac3b7f6e642736483ef37a539bac
                                                                                                                                                                                  • Instruction ID: 28f67deb0897959364d87b2b2cb65d02ec145dd9f9b021e742e75c9c59de2579
                                                                                                                                                                                  • Opcode Fuzzy Hash: 232348d5cfe39f3f0edea42c170368b4033dac3b7f6e642736483ef37a539bac
                                                                                                                                                                                  • Instruction Fuzzy Hash: E3F040303082515FC709A67CE40061A7BF5EBCA700341007AF006CF3A9CA20DC068B92
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995A8B8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 53f90f80f2d5f593fea0c223b07c23be8021ef4d0617b8cc01675a0f2f87213e
                                                                                                                                                                                  • Instruction ID: 24e0abdef7c3c2854fe301f73e53a8a1be8384a30310704dbbcb1815a160bc80
                                                                                                                                                                                  • Opcode Fuzzy Hash: 53f90f80f2d5f593fea0c223b07c23be8021ef4d0617b8cc01675a0f2f87213e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 93F0E9333002196F8B05AF9898049AF7FAFFBCC220F004029F909C3250CA328D1257A5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995C611 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2a604d05e9b73a7de27bad98986fe0ca37b7315357926ffebbe6c698c337d742
                                                                                                                                                                                  • Instruction ID: f5c5f86ef748cced0f6d5e3e1fd23f04dda63768279a5bb794f66e4767f11972
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2a604d05e9b73a7de27bad98986fe0ca37b7315357926ffebbe6c698c337d742
                                                                                                                                                                                  • Instruction Fuzzy Hash: 55F0E9465093C2ABD31133741C203896FB58FC7290F1E94938054E73D2FD65885283D3
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970B880 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d9e313312e786d8105ded0c9d6a4ad89f73ab0ff01946acfbca3d6ab96fb1038
                                                                                                                                                                                  • Instruction ID: 1a681c271f04c2e0b3ae7eb8a76e5dcaf2c9b8172ca4778f43b1f9351d89654a
                                                                                                                                                                                  • Opcode Fuzzy Hash: d9e313312e786d8105ded0c9d6a4ad89f73ab0ff01946acfbca3d6ab96fb1038
                                                                                                                                                                                  • Instruction Fuzzy Hash: 38F0FE323002109F8219EB79D89095AB7E6FBC9651341567DD50ACB755DE71EC01C7D4
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09951FE2 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 946aa9078b5f20bc27625f83167185e6b12957c6b27d7e8f8c67318db9952bb8
                                                                                                                                                                                  • Instruction ID: 8bb3e9429d6594900ba42308ce8d373b436eb19b4eaccb236a40f1dd734b2926
                                                                                                                                                                                  • Opcode Fuzzy Hash: 946aa9078b5f20bc27625f83167185e6b12957c6b27d7e8f8c67318db9952bb8
                                                                                                                                                                                  • Instruction Fuzzy Hash: B3F05E3064A250AFC749DBA8E450A5EBFF4DB85310F0040AEF40DDF295DA749C428B92
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09951208 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 33b7a32dc326ce03c78cffeb21340d5d4f30cf5a3b2711012915c231656585c3
                                                                                                                                                                                  • Instruction ID: a6e7dc3c732e5336b64bc1dad35d6a56313ae4fbc58c85ec8e8e64a5792241f0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 33b7a32dc326ce03c78cffeb21340d5d4f30cf5a3b2711012915c231656585c3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 82F03A71A002269FC784DFB899456AE7BF0BF99340B114079D51ADB360D7308A018B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09956258 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 10fe816d96e89f9cee21ebeb5ffe449820c777ccdf7ff29e499cc96e652829e4
                                                                                                                                                                                  • Instruction ID: 839ffa744d8c6a6aaa5ff48d424312f8ee59fe33bd22043cf5d17a4ed1d85ba0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 10fe816d96e89f9cee21ebeb5ffe449820c777ccdf7ff29e499cc96e652829e4
                                                                                                                                                                                  • Instruction Fuzzy Hash: F2F05C325490501FE3218B9DD894AAA1F65FFC535075944AFD484CF276D8158C44C361
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09701748 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 34c1baf743ed36c45561c628e496d1ff7d1fe7d589c0c4dcf8ff032451894f46
                                                                                                                                                                                  • Instruction ID: afb9e8eceb1dd9715268c16d89bb0cac0011988380b1bc0cba0cdea98a8db8b8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 34c1baf743ed36c45561c628e496d1ff7d1fe7d589c0c4dcf8ff032451894f46
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8BE02B32609284AF8F214AAD6C018DF7F75DACB370704807FF905D7152C1704915C761
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09956268 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bce00a59ffabc0590a3b6395820405fd5b382b4f101a3606e48da4b2c24c3bcb
                                                                                                                                                                                  • Instruction ID: 7b8a053ba57114cec1ff7924d045f0c582450034d4994de332ff3529d9b36a88
                                                                                                                                                                                  • Opcode Fuzzy Hash: bce00a59ffabc0590a3b6395820405fd5b382b4f101a3606e48da4b2c24c3bcb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EE0D83264111423D734DA9ED854B6F678DEFC9760B54843EE909CF224DD55C84483A2
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09951FF0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 98e2a0638e4a9070ed15facbb2ae8ba5f6e5c9045fd94a89b44fcb44078dcac8
                                                                                                                                                                                  • Instruction ID: 11056e07e4da63290bf7ad39bf01f8b1bffcd8faa74df191e87461274d5202e6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 98e2a0638e4a9070ed15facbb2ae8ba5f6e5c9045fd94a89b44fcb44078dcac8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 05E06D316041149FD750DAA8E440B5F7BF9DB84720F404169F50DDB240CA71AC018B81
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099538C8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 217ae787e32e9bc37cde77061e75182512c9bf57beb2bbfe111bf32cf1d83aa0
                                                                                                                                                                                  • Instruction ID: 8c54cf4c49d741d1c05a9988374c44fc5f533a2f849170470a41853add8120ac
                                                                                                                                                                                  • Opcode Fuzzy Hash: 217ae787e32e9bc37cde77061e75182512c9bf57beb2bbfe111bf32cf1d83aa0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 00E06D74289340DFC726DA28682236E3BD99B9A202F00255AD4B3C62D9E92588838766
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09954E28 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6dd8fd83df64fe06f9f47043573f4744db498cbd869ddf2aedeb4fe2a1aa74e8
                                                                                                                                                                                  • Instruction ID: 0c724a071f459d3ffc5129387cc64861458b69d01ec87021d6021550be26acae
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6dd8fd83df64fe06f9f47043573f4744db498cbd869ddf2aedeb4fe2a1aa74e8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 81E0D831385301DEC766D624782166B7BD99BE1300F01559BE8C3CF1ECDB24AC838361
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995A0D8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4fefcae8e8e62be9555b24a536251918ebb7205a765fc2a560ae89e07986ed39
                                                                                                                                                                                  • Instruction ID: 97d454d672566d5ab40f74f294d2b4d779e34f9b006332410aa8d5dd23a5e160
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fefcae8e8e62be9555b24a536251918ebb7205a765fc2a560ae89e07986ed39
                                                                                                                                                                                  • Instruction Fuzzy Hash: BCE06571D012199FCB50DE7888012AFBBF4AF09340F008635D80AE3100E3308651CBD5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995C670 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e12bfd2317070e4989b4a34df0ed2eb90fe8471c608cda98690cd3138bbf3c53
                                                                                                                                                                                  • Instruction ID: 1ccedd8a1d6d903a441685170b860bfd1db56e204e65b196bc22f78a8cf1bdfa
                                                                                                                                                                                  • Opcode Fuzzy Hash: e12bfd2317070e4989b4a34df0ed2eb90fe8471c608cda98690cd3138bbf3c53
                                                                                                                                                                                  • Instruction Fuzzy Hash: 36E0464A04E6C39EE31217B45C203C86F20CF96360F8E50D384A0AA2E7F918004AC3A3
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09704158 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5799be9135d4ac0b01749ebb3d4e4eecc066667843f7897b0e422bc9c1c1f60e
                                                                                                                                                                                  • Instruction ID: 5170e9a41424461311ffe4286809764b427d54558a1d7d26f1770e903af60315
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5799be9135d4ac0b01749ebb3d4e4eecc066667843f7897b0e422bc9c1c1f60e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7ED012377006187B4B159F96AC01C6BBBAFEFD8621309C42AFA4586610CE71981597A5
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995CFB0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: c1ce37ab54949fe39de28ec5a3c50202f204bc7c9f0e77f2f7f2fe636862cc38
                                                                                                                                                                                  • Instruction ID: cff1eb905131c6f2bc8e66664948977e7bf3b35322af3f97700ded0870e5d4b9
                                                                                                                                                                                  • Opcode Fuzzy Hash: c1ce37ab54949fe39de28ec5a3c50202f204bc7c9f0e77f2f7f2fe636862cc38
                                                                                                                                                                                  • Instruction Fuzzy Hash: 73E02670A0E348DFCB02CFA8E92146CFBF1EB55200B1045EEC404D3268DA301E04CB92
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970BDC4 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 69a9873180c39f7978c6350d8821061630b9ab9a824234740d5b1fda20960cfe
                                                                                                                                                                                  • Instruction ID: 1b210890673645d93fe7bb976599d6d20b6aacb779046d2c94499932a59f71c6
                                                                                                                                                                                  • Opcode Fuzzy Hash: 69a9873180c39f7978c6350d8821061630b9ab9a824234740d5b1fda20960cfe
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DD05E72B002446E5764CEAAA4449EFBFE8DBC9660314803BE40CC2600D6349502CA20
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09955070 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cd9da8d6f8c2e330c71b8add120c0f2b8c4e88cab73791c20be0d2d3aeb41cb0
                                                                                                                                                                                  • Instruction ID: 55c5a4166e4092f7f767e4d881234c4326774125b5b2dd5721d2cfdb3a6efbcc
                                                                                                                                                                                  • Opcode Fuzzy Hash: cd9da8d6f8c2e330c71b8add120c0f2b8c4e88cab73791c20be0d2d3aeb41cb0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 98D0C2602483458FEB45EA74C4102563BE4AF82300F1200A59419CB1AADD3A888AC392
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D948 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1d950cc9b8c57e71993da64d049aeb1e43862d958645fa033261ac305abf65c3
                                                                                                                                                                                  • Instruction ID: a6ae616062a884315aa72a234c1d5c78bde0fbbc30295c0df025c3729817c04d
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d950cc9b8c57e71993da64d049aeb1e43862d958645fa033261ac305abf65c3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 46E01270955219DBDB24DF50D865BAF7775FF4074AF100828F8039A6D8DBB98544CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09953AB0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5b07dd109a27b128b18a09b7725e7f97279b7726600ca7a9ee5d88a46a04bea0
                                                                                                                                                                                  • Instruction ID: 9a093633ba4dd9fcf9491daf697a3c7e012c5a83fcc18ede88305774560668de
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b07dd109a27b128b18a09b7725e7f97279b7726600ca7a9ee5d88a46a04bea0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 31D022326003282B4704FEAC54004CE7FDDCA84030F004066C40CD3200EE706A4002E9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995CFC0 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4a7ee43821a87736890de4aa72bfd406775ddeab21bc3bcd272664423de1f49f
                                                                                                                                                                                  • Instruction ID: dffa04c4d754596e7393a7f9af63b37e5cf9e02940fd4c0b3b258110e0c8b5c0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a7ee43821a87736890de4aa72bfd406775ddeab21bc3bcd272664423de1f49f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 75D05E70A0520CEFCB00DFA9EA1195DF7F9FB49204B5045B9D808D3318EA316F049B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995C640 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2491fdd65fb840b014c0d1bfb72e8b5da0a7635c3c6de865bb368e152f59858a
                                                                                                                                                                                  • Instruction ID: 08d3c4d3dd96d5459ba09fa5cd172118727397eae3396cc43f571d8d9131cb0b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2491fdd65fb840b014c0d1bfb72e8b5da0a7635c3c6de865bb368e152f59858a
                                                                                                                                                                                  • Instruction Fuzzy Hash: 70D02222720028A70908717A140005FB2CE8BCA050750C029C00AEB340DDB6DC9203E2
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970ED78 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: df141ca9cc16fafd5f5995b186ee70fd585ce257882254f5d4a52b01b63cb1d2
                                                                                                                                                                                  • Instruction ID: 8ad6cd00beca7ee7f84f3ed366df415d2db637887eb86178b53673b90c8758b0
                                                                                                                                                                                  • Opcode Fuzzy Hash: df141ca9cc16fafd5f5995b186ee70fd585ce257882254f5d4a52b01b63cb1d2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 75D0C9362502489B8B00DBF5E84995677E9EF88A1971448A9E80DC7622E632E852DA41
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995D6B8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 863cb35d8df4ab97b6f5aff04df7bf10332f041b1d96fec7b3703b6f31716c51
                                                                                                                                                                                  • Instruction ID: 6e3ac7ec48339be556b30f3f26cb03a0f3bb1d0b33b2addaf19f6ab486049094
                                                                                                                                                                                  • Opcode Fuzzy Hash: 863cb35d8df4ab97b6f5aff04df7bf10332f041b1d96fec7b3703b6f31716c51
                                                                                                                                                                                  • Instruction Fuzzy Hash: F5E0EC351592919FC7459B68E485980BFB0EF4121471EC5D6D4485F273D664E889C744
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970A830 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f298da11a0b75e2aaf44e0e057a61aee5feca46f1fd3b6f6924088fec1f11870
                                                                                                                                                                                  • Instruction ID: 5a2861bd508fddbb7d746202505fc638aa79a0bd3d2d7c965ce65e2c4014e1f9
                                                                                                                                                                                  • Opcode Fuzzy Hash: f298da11a0b75e2aaf44e0e057a61aee5feca46f1fd3b6f6924088fec1f11870
                                                                                                                                                                                  • Instruction Fuzzy Hash: C7D0A93424C3449FC382BB28D900884FBB8BE06A1430580D2E088CFEB3E321FC20C7A6
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09705CA8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ed7fb50c1a36fc9a04ab141251fc53c4cd23b73f82918a5fb08bc6c7bda8f8c7
                                                                                                                                                                                  • Instruction ID: 54d6eb8f81424480b74141a640b4e0844ca00091bf31e693c0cd2feffd9eb0f7
                                                                                                                                                                                  • Opcode Fuzzy Hash: ed7fb50c1a36fc9a04ab141251fc53c4cd23b73f82918a5fb08bc6c7bda8f8c7
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BD0A73404438A5FCB060B68E4010987FB4EA933143009977D08ACD433C23A0487CB11
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970B902 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 39ac39bf6139882acc0a871527008ab2d2ca1a6a32d6982f6f234b5bc1b8f324
                                                                                                                                                                                  • Instruction ID: fccc3458d7def67dc43dfd4d311969fbd216674997710af363d4ec41cb9f9b4f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 39ac39bf6139882acc0a871527008ab2d2ca1a6a32d6982f6f234b5bc1b8f324
                                                                                                                                                                                  • Instruction Fuzzy Hash: E9D0223A3082A48BCB096329F4680A97FA0FFC7635310139FD84A81683CB2119078A41
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09705BC0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3ff2e0abbcb5f525fdc726ecf8fa9ccbbb32db5b2eb0ebdc279a1e8efccb5864
                                                                                                                                                                                  • Instruction ID: 25e4af7b743739150a8bf38da483af23c4ee7164a0d6fa20c75e070647bc57ef
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ff2e0abbcb5f525fdc726ecf8fa9ccbbb32db5b2eb0ebdc279a1e8efccb5864
                                                                                                                                                                                  • Instruction Fuzzy Hash: 81C0122918E2E84FC3078AB48CA61C93F709E4312035940E7E186CA0B3E08814898BA3
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970A400 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: a0187da5907b93b17fb35e0eb6d2dbdbe7d7f51a970914dbdf854fdc194f92c8
                                                                                                                                                                                  • Instruction ID: cc2c2b2208052ef1fab9336a209200a5c63f940981443fa396623866a8d89bfb
                                                                                                                                                                                  • Opcode Fuzzy Hash: a0187da5907b93b17fb35e0eb6d2dbdbe7d7f51a970914dbdf854fdc194f92c8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AD0C9341896848FC703CB65E8D58887FB09E1633532641EDD449CB6B3D3619814CB05
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09705C80 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 038bb843239797ef59cafdefd413b8c996da734204a03a3b49d02fa6244b7f97
                                                                                                                                                                                  • Instruction ID: 66025972ad006a6906a2c24783613542dec6b360ed7eba1af1985850cd4886fc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 038bb843239797ef59cafdefd413b8c996da734204a03a3b49d02fa6244b7f97
                                                                                                                                                                                  • Instruction Fuzzy Hash: F8D022305082884FCB028B2CE822089BFE0EBE2320B0405B3C489CB873D26E8813C6A1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995DF80 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: acf27cfdb1b68da990cf729cccb46557adc722af78610ffd371b453af71bca71
                                                                                                                                                                                  • Instruction ID: 857cfe7780c9e5b0f851014e78317ed0c8ae62df067ab71fb47134ada7e23f9e
                                                                                                                                                                                  • Opcode Fuzzy Hash: acf27cfdb1b68da990cf729cccb46557adc722af78610ffd371b453af71bca71
                                                                                                                                                                                  • Instruction Fuzzy Hash: BDC04C3BB000189B8B149A95FC040EC7734DAC82B2B440865ED1BE3240D62019958B90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995B874 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: bbb36e57da1f19d492b7fe0fa9e374125ae4d60cedb68ef689ef6ce259523ced
                                                                                                                                                                                  • Instruction ID: 223957cd384d012659e0b8dd14f4ed09066cf63df52e87943b5c27667b680d9d
                                                                                                                                                                                  • Opcode Fuzzy Hash: bbb36e57da1f19d492b7fe0fa9e374125ae4d60cedb68ef689ef6ce259523ced
                                                                                                                                                                                  • Instruction Fuzzy Hash: CEB092251A8240A18400AAA84980A6B9580ABB2700B40AC112B0A400E8842294659A2A
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995CA30 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5ae82ac87f1b59b33c3effc850a11ac1637f697bafb7bac4bc7030a59f10aeeb
                                                                                                                                                                                  • Instruction ID: fd85a18d0138ba5718e79c9fcb7a2680164da5697bc0fcaf20173f758edec782
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ae82ac87f1b59b33c3effc850a11ac1637f697bafb7bac4bc7030a59f10aeeb
                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EC09B5445554445D5191E5049513856751FF51554F8851EEC490095C3751D004BD7D7
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995CC91 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 34df0fa828e47d1d9ff4fa90005358f8eb85ff28238f70af3ae8c946bfd66596
                                                                                                                                                                                  • Instruction ID: 6e6a27182fb03500c2a7bd055346f916c425ae61774c91f15a8e4588c3fa4d4f
                                                                                                                                                                                  • Opcode Fuzzy Hash: 34df0fa828e47d1d9ff4fa90005358f8eb85ff28238f70af3ae8c946bfd66596
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51B012350057454ED50CAF94DDD0B89A770FFA0210FCC12FAC0001A387F95C8252E3D9
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970A840 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                                                                                                                                                                                  • Instruction ID: a0ccf6e4bed68dc0c69f5d0bbd707ad7c253f4111acce2a0e91a8f8d8fd4bd45
                                                                                                                                                                                  • Opcode Fuzzy Hash: b76679b0a354449729844e828cdbdd8dc5f87ab3334555cc76ca9f307cd6f9ad
                                                                                                                                                                                  • Instruction Fuzzy Hash: 03B092351602088F82409B68E448C00B3E8AB08A243118090E10C8B232C621F8008A40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970A410 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 071606f9ac93cf8249539b6597799d487efc42b6685d35dff925687fe447caac
                                                                                                                                                                                  • Instruction ID: 8a77fed616b47a4429056de24ea6752656ed7f869c61f96983e84a7b1b2b211a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 071606f9ac93cf8249539b6597799d487efc42b6685d35dff925687fe447caac
                                                                                                                                                                                  • Instruction Fuzzy Hash: 74B092341506088F82009B58E448C4473E8AB08A253114090E1088B232C621FC408A40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09705CB8 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6023ee60d89a620fca87f7ab44f912faa008db9e1e8908111c342b43f8bc2178
                                                                                                                                                                                  • Instruction ID: a91972ea4d0e20d0beb80a65c0f3e6fd7701637b8a44abad5d56fdf9f5da0915
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6023ee60d89a620fca87f7ab44f912faa008db9e1e8908111c342b43f8bc2178
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EB0127404060E4FCA406794F505504771DE5443047405620A00E4A626EA6B7C4A4696
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0995E3BB Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2f29952d46fbf2e2478c1101239c01d1898f33b44327b7da0fb2c325f192c6e3
                                                                                                                                                                                  • Instruction ID: 14b1534cd4760bb1ce9810b82dfdd259657982a3838ac96d16a575ef118bfae1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f29952d46fbf2e2478c1101239c01d1898f33b44327b7da0fb2c325f192c6e3
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CA022A32B0000C3B000A0208C02A02020002F8B3A3B0E8220B02822E2C8A8E033832B
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 0970A885 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2282e3a2c1b221d41082e778d823c6b375816a9b522633b354e10694a8b38dc3
                                                                                                                                                                                  • Instruction ID: afb52aa8c576ae5ec2387ebc088aad772f42aa9799e3e1ad9efc02b029a53134
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2282e3a2c1b221d41082e778d823c6b375816a9b522633b354e10694a8b38dc3
                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 097094F3 Relevance: .0, Instructions: 4COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e0a162ae3b7b3bc7b1c83455d8cdc3e0464eae19c522ce3686c021e93e858f2b
                                                                                                                                                                                  • Instruction ID: 6ed575f2fea90348cdd15eb71a8d75a9bee7b32a016f68b21ea90264ad35d5a3
                                                                                                                                                                                  • Opcode Fuzzy Hash: e0a162ae3b7b3bc7b1c83455d8cdc3e0464eae19c522ce3686c021e93e858f2b
                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                  Function 09725108 Relevance: 5.4, Strings: 4, Instructions: 444COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1789179206.0000000009720000.00000040.00000800.00020000.00000000.sdmp, Offset: 09720000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9720000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: 0oAp$DqAp$PH^q$Z~I
                                                                                                                                                                                  • API String ID: 0-3777926045
                                                                                                                                                                                  • Opcode ID: 59bd997c7468f79e1404949098fe1f4769d13050dbabc62b88d0f81649ab2def
                                                                                                                                                                                  • Instruction ID: 05c419c78511f9b9231586a4781c5e5dea65c27bcfc5efdbd4f7690e5eaf460e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 59bd997c7468f79e1404949098fe1f4769d13050dbabc62b88d0f81649ab2def
                                                                                                                                                                                  • Instruction Fuzzy Hash: F4024B74B10214CFDB54EF78D954A6EB7B2EF88304F208469E40AEB3A4DF759C468B91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 097081A8 Relevance: .5, Instructions: 479COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1788806494.0000000009700000.00000040.00000800.00020000.00000000.sdmp, Offset: 09700000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9700000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 78ccb6c5ae7bad9c479daf86919e5fec2ee795f8575a6d92dd9a02f245033376
                                                                                                                                                                                  • Instruction ID: a76c39d29ca00d7055a9719f6c7bb5e0b1ba0d4ba1afc66e55faf17aeb2cb8ad
                                                                                                                                                                                  • Opcode Fuzzy Hash: 78ccb6c5ae7bad9c479daf86919e5fec2ee795f8575a6d92dd9a02f245033376
                                                                                                                                                                                  • Instruction Fuzzy Hash: EF128D71A00701CFC725CF69C590A9ABBF2FFC4320F048669E45A8B7A5D731E949CB91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09720C00 Relevance: .5, Instructions: 470COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1789179206.0000000009720000.00000040.00000800.00020000.00000000.sdmp, Offset: 09720000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9720000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 59fa25f4f9b3d572297ebd050fffddbf1f77365ba4c839e03d633a7c9211c286
                                                                                                                                                                                  • Instruction ID: 769f87979d42a2282ab91bbf327f8b691c7952e88fe08224fdef2033cd1ab52b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 59fa25f4f9b3d572297ebd050fffddbf1f77365ba4c839e03d633a7c9211c286
                                                                                                                                                                                  • Instruction Fuzzy Hash: 15123731A04229CFCB29DF65C584BADBBB2FF89304F5480A9E8099B265DB31DD85CF51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09723FE8 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1789179206.0000000009720000.00000040.00000800.00020000.00000000.sdmp, Offset: 09720000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9720000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e64179c9494e46c8814d4817481a25b889a29a0b27956a690a2bbb1facf41214
                                                                                                                                                                                  • Instruction ID: 976e68c3599474b08d9f81c14fe12c827f1cf43d51ff5456d98820ae45322dbb
                                                                                                                                                                                  • Opcode Fuzzy Hash: e64179c9494e46c8814d4817481a25b889a29a0b27956a690a2bbb1facf41214
                                                                                                                                                                                  • Instruction Fuzzy Hash: 23E18D71A102158FEB08DF69C944BAEBBF2FF88300F158569E409DB3A5DB75D885CB90
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 052D3DD1 Relevance: .3, Instructions: 267COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1783651115.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_52d0000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: e414d74b9237f27ee761119751c26e19936af4e72828bc1d816ebed2c7d56a00
                                                                                                                                                                                  • Instruction ID: 25b2981999453f41cfab76c343e6e3dfb5c9fa316689ecdc31261319ac701ceb
                                                                                                                                                                                  • Opcode Fuzzy Hash: e414d74b9237f27ee761119751c26e19936af4e72828bc1d816ebed2c7d56a00
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CD1F93182075A8ADB14EB64D990A9DB771FFE5300F60C79AD04A37261EF706AC9CB81
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 052D3DE0 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1783651115.00000000052D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052D0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_52d0000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 8c743bfac9830efb5291f0822a954a3eb393faba285591e770cccea4297ead1e
                                                                                                                                                                                  • Instruction ID: 4eda91a0d682f0966990dce5a0bde793782e151fa0b1ebfe3688eb7598e14998
                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c743bfac9830efb5291f0822a954a3eb393faba285591e770cccea4297ead1e
                                                                                                                                                                                  • Instruction Fuzzy Hash: E5D1F93182075A8ACB14EB64D990A9DF7B1FFE5300F60C79AD04A37261EF706AC9CB41
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099550E7 Relevance: 9.2, Strings: 7, Instructions: 464COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (_^q$(_^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                  • API String ID: 0-2667574237
                                                                                                                                                                                  • Opcode ID: 4bc13fdcc5c916674af7484803b85a9e25eea0668dafade3c295f68e078cdad9
                                                                                                                                                                                  • Instruction ID: ebad99a9d17fa9e63c984e1c4ee902daa600639166ce337488199aba59c0c798
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4bc13fdcc5c916674af7484803b85a9e25eea0668dafade3c295f68e078cdad9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 45221970A40208DFEB55EFB8D850B9DBBB6FF99300F1085AAD005AB264DB35AD46CF51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099550E8 Relevance: 9.2, Strings: 7, Instructions: 464COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (_^q$(_^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                  • API String ID: 0-2667574237
                                                                                                                                                                                  • Opcode ID: dd5f4af091e602fd84723abca78b7a0d9b9450d31e004639acceb24bad5aadfb
                                                                                                                                                                                  • Instruction ID: 82dd2e7fe39ba930f67a646aa6cbba023d1acbed2ec6a5cd069c26861aadde35
                                                                                                                                                                                  • Opcode Fuzzy Hash: dd5f4af091e602fd84723abca78b7a0d9b9450d31e004639acceb24bad5aadfb
                                                                                                                                                                                  • Instruction Fuzzy Hash: D1221970A40208DFEB55EFB8D850B9DBBB6FF99300F1085AAD005AB264DB35AD46CF51
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 099548F9 Relevance: 6.5, Strings: 5, Instructions: 277COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (_^q$(_^q$$^q$$^q$$^q
                                                                                                                                                                                  • API String ID: 0-142850551
                                                                                                                                                                                  • Opcode ID: 95bcb862bc417a667805b188bea57cccea919e69da2bf49c0a99442271779837
                                                                                                                                                                                  • Instruction ID: 804285cc06819ae3098e488a830434a775dde6909a36fa33395d1b285fb94258
                                                                                                                                                                                  • Opcode Fuzzy Hash: 95bcb862bc417a667805b188bea57cccea919e69da2bf49c0a99442271779837
                                                                                                                                                                                  • Instruction Fuzzy Hash: 72C13EB0A402089FEB45DFB9D950A9DBBB2FF98700F10896AD015AB364DF35AD46CF50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 09954908 Relevance: 6.5, Strings: 5, Instructions: 273COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000001.00000002.1790021765.0000000009950000.00000040.00000800.00020000.00000000.sdmp, Offset: 09950000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_1_2_9950000_VLAD SANELI.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: (_^q$(_^q$$^q$$^q$$^q
                                                                                                                                                                                  • API String ID: 0-142850551
                                                                                                                                                                                  • Opcode ID: be1184967fc5bee4aaaf4417502428916e67b433f2fb3a9b91007cffe21a8d69
                                                                                                                                                                                  • Instruction ID: ad093dc9ba9412c9c7e40c8e9bf9aab05031f33835f33f90fc8270ddb540b96e
                                                                                                                                                                                  • Opcode Fuzzy Hash: be1184967fc5bee4aaaf4417502428916e67b433f2fb3a9b91007cffe21a8d69
                                                                                                                                                                                  • Instruction Fuzzy Hash: BEC14FB0A402089FDB45DFB9D950A9DBBB6FF98700F10892AD015AB364DF35AD46CF50
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                  Function 00007FFD9B8B0818 Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Strings
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID: _
                                                                                                                                                                                  • API String ID: 0-701932520
                                                                                                                                                                                  • Opcode ID: e5a89e312876b693f2f33807bdfc01f81a275b33c29fe5c19f82a2c0ace15c9c
                                                                                                                                                                                  • Instruction ID: 34053f55f4029e63cee5aba3c0cd9b065ba9286c0c301016326269648d50c84c
                                                                                                                                                                                  • Opcode Fuzzy Hash: e5a89e312876b693f2f33807bdfc01f81a275b33c29fe5c19f82a2c0ace15c9c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 27113A92E1F6DA9BF73227F50C661A87FA0FF66600F5A40B6C099450F3DD18A714CAC1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B08B5 Relevance: .3, Instructions: 323COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5709dbbc827903a8493915bee5626b3075b682066ed8e8c7eb603c72e6d671e0
                                                                                                                                                                                  • Instruction ID: 531d1fa17a97b95362d3058e33ae34a2593856f1ff628446c59de930620daea0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5709dbbc827903a8493915bee5626b3075b682066ed8e8c7eb603c72e6d671e0
                                                                                                                                                                                  • Instruction Fuzzy Hash: E0B1B431A0E6C94FE756DBB888756E9BFB0EF4A310F0804EED099DB1A3DA192546C741
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B6219 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f8b8d064eaaa5d0f250ce75841315f63fb6bbaf1b008c28fed5c631509417298
                                                                                                                                                                                  • Instruction ID: f45a0fa8f522db1e74386265c70df0cb972230c95a1f08ff270317dfcf7b7c4d
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8b8d064eaaa5d0f250ce75841315f63fb6bbaf1b008c28fed5c631509417298
                                                                                                                                                                                  • Instruction Fuzzy Hash: A781F530A0899D8FDB94EF68C894BAAB7A1FF59301F4505E4A44DD72A6CA74ED81CF40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B0BED Relevance: .2, Instructions: 213COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 165b6521dda7d2d4ab81b418f913e87d48140c968fa51020867c9deb1d35ba2b
                                                                                                                                                                                  • Instruction ID: 63200132bb1344eb939d5a498584eac104eb8982518d7a2dee7d6b395590b742
                                                                                                                                                                                  • Opcode Fuzzy Hash: 165b6521dda7d2d4ab81b418f913e87d48140c968fa51020867c9deb1d35ba2b
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C71A130E19A5D8FDB55EBA8C465AEDBBB0FF49311F5400BED04DD72A6CA386941CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B627E Relevance: .2, Instructions: 210COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 77c5e8d50a4e2024376ea71f4611d5e0b3d3ae301a1a16044716d77933b72564
                                                                                                                                                                                  • Instruction ID: c368c1f88b9f647b9991ac423e607afa590f27f0a4b10e1dc29b0a4b1669dbce
                                                                                                                                                                                  • Opcode Fuzzy Hash: 77c5e8d50a4e2024376ea71f4611d5e0b3d3ae301a1a16044716d77933b72564
                                                                                                                                                                                  • Instruction Fuzzy Hash: 41711830A09A9D8FDB94EF58C855A9AB7B1FF59300F4505E4D41DD72A2CA74ED808F40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BB1B8 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 580c78ff078e4dff133421579298c8639ae8370ce9d87e43bcfa486bd0f932b1
                                                                                                                                                                                  • Instruction ID: 83c0ac5d02019c6793b6e854d22fe21c78ea72437cd12d902d60e851ec10d631
                                                                                                                                                                                  • Opcode Fuzzy Hash: 580c78ff078e4dff133421579298c8639ae8370ce9d87e43bcfa486bd0f932b1
                                                                                                                                                                                  • Instruction Fuzzy Hash: CC711632A0D7C94FE71A8B3898656A43FE1EF5A310F0941FFC449CB1E7D929550AC791
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B628F Relevance: .2, Instructions: 200COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 43ad6f74c65f4533ca6159edd28736df93cdd976382fcf190c03fc4530bac59d
                                                                                                                                                                                  • Instruction ID: ebf1b419bcdf94466d4eb9c9eb0cfd0552ba5dd1454e70bdec16b446b1c10925
                                                                                                                                                                                  • Opcode Fuzzy Hash: 43ad6f74c65f4533ca6159edd28736df93cdd976382fcf190c03fc4530bac59d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D71D23061899D8FDB94EF68C894B9AB7B1FF59301F4509E4A44DE7266CA74ED80CF40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B33B5 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 65bdb5c89e1190cbe80e93019f44ca360e134d8a018393efeed2f5a89a81e2f5
                                                                                                                                                                                  • Instruction ID: 72f175ae9ee4eb383dba11913deb457197511a8d63525ecc5616eb0cb22800ff
                                                                                                                                                                                  • Opcode Fuzzy Hash: 65bdb5c89e1190cbe80e93019f44ca360e134d8a018393efeed2f5a89a81e2f5
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C611071A1995D4FDB98EB58C8A4BE9B7B1FF58304F0041FAD41DD31A6DE34AD828B40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B4465 Relevance: .2, Instructions: 178COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ab2460879b12b83ad183c74de18517ccbb468989b96149f8c42fc65d97b5e56a
                                                                                                                                                                                  • Instruction ID: 05ab79c6ad26f039b6dc2364bacdc1cfb2da4a66759c479c5d372c0f58600292
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab2460879b12b83ad183c74de18517ccbb468989b96149f8c42fc65d97b5e56a
                                                                                                                                                                                  • Instruction Fuzzy Hash: DC61F230A0995D8FDBA8EF18C899AE8B3B1FF59300F5141E9D44DD76A1CE71AA85CF40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B04A8 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 087867a338f00ec70d5d4bec272e8bf631b1ca17af6f9946e5adbecc6853a6d0
                                                                                                                                                                                  • Instruction ID: 85be67d0f7a6d5f7a84b96981b25e306927ced5a49237e074cf719079733ce4a
                                                                                                                                                                                  • Opcode Fuzzy Hash: 087867a338f00ec70d5d4bec272e8bf631b1ca17af6f9946e5adbecc6853a6d0
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E512A70A1891C9FDF94EBA8D855AEDBBF1FF68310F050169E00DE72A5CA34A841CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B13C9 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d1da4edc92327b674764bb566589d195fb992f01a0817172a73f3755fb876a16
                                                                                                                                                                                  • Instruction ID: 0730abf6c9f23e17e9259607a296f8da60a7b0a65e7f066b017d63e6fbb6a1ce
                                                                                                                                                                                  • Opcode Fuzzy Hash: d1da4edc92327b674764bb566589d195fb992f01a0817172a73f3755fb876a16
                                                                                                                                                                                  • Instruction Fuzzy Hash: 91419070A1995C9FDF94EBA8C464AEC7BF1FF59310F050179D00DE72A2CA34A842CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B4E2A Relevance: .1, Instructions: 140COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 388b958a74859090d6587190d9fd0e7fa8032ebac1840206c7b904d4e97db5f2
                                                                                                                                                                                  • Instruction ID: 619680c5d3d6a61ef26fc1241a6c32c3229927827d9a8afa7e4e26615b3139c5
                                                                                                                                                                                  • Opcode Fuzzy Hash: 388b958a74859090d6587190d9fd0e7fa8032ebac1840206c7b904d4e97db5f2
                                                                                                                                                                                  • Instruction Fuzzy Hash: D651C330A09A5D8FDBA4EF18C895FE8B7B1FF59300F4540EA904DDB661CA71AA85CF40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BB433 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ee647123b509da40d93c618a5ba95084f5a995a6b1b0f64972f0883a282883ca
                                                                                                                                                                                  • Instruction ID: a461e214b09e9c2d0d01255686522c3e83dac6eac2234dca80a207bd9961e8af
                                                                                                                                                                                  • Opcode Fuzzy Hash: ee647123b509da40d93c618a5ba95084f5a995a6b1b0f64972f0883a282883ca
                                                                                                                                                                                  • Instruction Fuzzy Hash: F341F432F1855A8FD72CDF28C455969B396FBA8300F16467AD40ACB2B5DE34ED418BC1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B953F Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 61a114f6413b9f6bd823ad5361bffbaa0c6d02f8aa85de0565832d209bcd28cd
                                                                                                                                                                                  • Instruction ID: bd3c4ab8375b61ac78ba251f946fe7b3be9c895d43296b37c1950c25e2e0fabc
                                                                                                                                                                                  • Opcode Fuzzy Hash: 61a114f6413b9f6bd823ad5361bffbaa0c6d02f8aa85de0565832d209bcd28cd
                                                                                                                                                                                  • Instruction Fuzzy Hash: 55313031A0D69D0FD72CDF744C29A767BE6EB86300F15827FD49AC71E2DE6499028781
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B2098 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 29c5e79ab6ffcb9633426f8b50dd40c90d4ecddc6cde59dc036c7073e8414efa
                                                                                                                                                                                  • Instruction ID: 28a87625057b8a803a7d56bdd3e11cbf22f0d5fec2193d99ae63c7afde792ea1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 29c5e79ab6ffcb9633426f8b50dd40c90d4ecddc6cde59dc036c7073e8414efa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 51313F72B0C51D0FEB6CDE68881AAB677E6E7C6311F21423ED15BC31A1EE60A90346C1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B93FC Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 124e4fd59a87f9f87311e306843a2670387c5548d701e718fdb04a14c9ca68e2
                                                                                                                                                                                  • Instruction ID: a43aeb74f59edbf87ed05d40f3374e5b304845831bf0dc961fcb195f2773b69b
                                                                                                                                                                                  • Opcode Fuzzy Hash: 124e4fd59a87f9f87311e306843a2670387c5548d701e718fdb04a14c9ca68e2
                                                                                                                                                                                  • Instruction Fuzzy Hash: B541D37254E6C14FD3068B74986A6907FB1EF57324B1A41EFC085CF2A3D62D950BC752
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B3C28 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f916241180d06d3df8ea15051624c367af2779376c2eb306c551e1d299cfeb4f
                                                                                                                                                                                  • Instruction ID: 4b17b87c03e5dc29afbf78396ba1c435758ef1f6543927312dbc3ad02e5db0bf
                                                                                                                                                                                  • Opcode Fuzzy Hash: f916241180d06d3df8ea15051624c367af2779376c2eb306c551e1d299cfeb4f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D41E430A09A5C8FDB99EF18C8A5BE9B7A1FF59300F1040E9944DD7292CA75AA81CF40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B8DD0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 51ab6ad7c9572905e62b31c2951e0a3fe4476eace99242f1695d2bca472ac834
                                                                                                                                                                                  • Instruction ID: 1da04f29510747a4726688c0f476b7eb23bd786e0938eb4ca4b892e7cf18897c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 51ab6ad7c9572905e62b31c2951e0a3fe4476eace99242f1695d2bca472ac834
                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A21052220E7C90FE31A567898646B53FA69B87320F0A01FBD485CB2F7DC595C078752
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B15B5 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2230aa707b3bc13a49d0f85372e934013157d51ac15ce77e65e2eb6a2c70f789
                                                                                                                                                                                  • Instruction ID: 2765985bae823d345952c868ed444d5b05d544a588b8e3517dcf3d93ab715da8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2230aa707b3bc13a49d0f85372e934013157d51ac15ce77e65e2eb6a2c70f789
                                                                                                                                                                                  • Instruction Fuzzy Hash: 68310A3091D28D4FCB16DF64D8619F97BF0EF0A310F0900BAD059D71A2CA386A55CBE1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B1A1D Relevance: .1, Instructions: 91COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4d197e3e31fe37d2a2e021403583e2c9b7f54e18d501c0e812c38e9516036346
                                                                                                                                                                                  • Instruction ID: e514c274970cbae5b50ffbabdf101445c5363864c8b64d08619bbc85145910a0
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d197e3e31fe37d2a2e021403583e2c9b7f54e18d501c0e812c38e9516036346
                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F31B531A18A8E4FDB99EF58D8606EEB7B1FF58310F0401B6D019D71EADE34A941CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B3537 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 08dfddfaf62dfd408108b57263c9d994522600f6d493f3bdb6d7294dbd4b6e38
                                                                                                                                                                                  • Instruction ID: 475688ebebc7d8c185530e686186af2ea85c0b8ab4ef82a99a88f9777d71b132
                                                                                                                                                                                  • Opcode Fuzzy Hash: 08dfddfaf62dfd408108b57263c9d994522600f6d493f3bdb6d7294dbd4b6e38
                                                                                                                                                                                  • Instruction Fuzzy Hash: A6313A34A08A5C8FDB94EB18C898FA9B7F1FB69301F5544EA944DE7261CA71AD85CF00
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B130D Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: da6bf8d023f24afbfc6453e5809e56401ad315c9dbda7678edf261b8f288f41a
                                                                                                                                                                                  • Instruction ID: 83d7c36f9a4008ab65601daec7599775bf3115f3c7950007b456a00b1a5a9f08
                                                                                                                                                                                  • Opcode Fuzzy Hash: da6bf8d023f24afbfc6453e5809e56401ad315c9dbda7678edf261b8f288f41a
                                                                                                                                                                                  • Instruction Fuzzy Hash: BA21373194D29E4FDB52AFB498215EA3FB0EF49310F0900BBE058D75D2DA2C5696CBD1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B78E8 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: cf496b3c5dd2e3f71b5447a40dc6179381e01d3c5c30d96d9b0a2cac45fbb55e
                                                                                                                                                                                  • Instruction ID: 20167914369c415facc93ba28cae3ea4084cfef8f702da100b9718a4f260d696
                                                                                                                                                                                  • Opcode Fuzzy Hash: cf496b3c5dd2e3f71b5447a40dc6179381e01d3c5c30d96d9b0a2cac45fbb55e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 14213822A0E3DA0FD71AD7784CA05A07B61DF57310B0A02FBC444CB1F7EA18A916C782
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B04A0 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2fe0c777091e2a1c5ed048519bc1d00e5354ebf39ebf04e19b10f6cad4dcdabe
                                                                                                                                                                                  • Instruction ID: efdc7bac1a5cdf674f048684af497352dfeb630b61548be4ea0831a3b5403c77
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fe0c777091e2a1c5ed048519bc1d00e5354ebf39ebf04e19b10f6cad4dcdabe
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C211B30A1861D8FDF98EF58C855AEEB7F1FF59310F050169E419E7290CB34A950CB91
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BB534 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d8d5dbbe4af79e2d23c1172f0c7bb81f6f16388acfb2bba55047ad80f788beb3
                                                                                                                                                                                  • Instruction ID: 6e46f22efd56a74386857d4e6616816ff181e5b58ebec075595792d4556a211c
                                                                                                                                                                                  • Opcode Fuzzy Hash: d8d5dbbe4af79e2d23c1172f0c7bb81f6f16388acfb2bba55047ad80f788beb3
                                                                                                                                                                                  • Instruction Fuzzy Hash: E0119471A1C6498FC76CDF18C055969B3E5FBA8301F45467ED54ACB260DA30D9418BC1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B5420 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 2df2c159d30ca01eb4419290565f7d71573c4d2bbd780bbcde1bf94bb3d96ffa
                                                                                                                                                                                  • Instruction ID: 16fd7b79c15a4782b6a9817826d63d67e8a7c1351baef8f70eb9550ca73a8972
                                                                                                                                                                                  • Opcode Fuzzy Hash: 2df2c159d30ca01eb4419290565f7d71573c4d2bbd780bbcde1bf94bb3d96ffa
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7611F570609A598FCB98DF2CC899AE8B7E1EF59300F4500E9E44DDB262CA71ED85CB00
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B75AF Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 474eafbd085fe7e274792b1315889ddb4a4c580ee0a52c197b39bcdb6ef7ceee
                                                                                                                                                                                  • Instruction ID: 6443806933f6774cc11cf4dc870c8e1d987421c034e8486472a8cc1bbb410984
                                                                                                                                                                                  • Opcode Fuzzy Hash: 474eafbd085fe7e274792b1315889ddb4a4c580ee0a52c197b39bcdb6ef7ceee
                                                                                                                                                                                  • Instruction Fuzzy Hash: 00117875B0D3098FE334CBB484955BAB7D1EF49314F1246BDC049872A1EA39A6068FC2
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B04B0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6ba1c02765ee930641beced890266db05b014d23cb0a40301f9c0af01254a28a
                                                                                                                                                                                  • Instruction ID: f7a4084dd2c990eb590708b8a346cfb2fe51bcc8f69dd16dea9cd79285c65099
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ba1c02765ee930641beced890266db05b014d23cb0a40301f9c0af01254a28a
                                                                                                                                                                                  • Instruction Fuzzy Hash: CD116D32E1891E8FDB54EFA8D8156FFB7B0FB98315F00003AE519E2294DA39A554CBD0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B199A Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 6973506a437066afe798d6eb80315510bda94c362564af809dc3beef8129ede6
                                                                                                                                                                                  • Instruction ID: d9e228cf9b58aa8b0c62bb044c468f831bdb00d4f94d5c6ebcc7132b3881f240
                                                                                                                                                                                  • Opcode Fuzzy Hash: 6973506a437066afe798d6eb80315510bda94c362564af809dc3beef8129ede6
                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E115230A2599E8FDB94EF68C8546F9B7A0FF58340F40057AD419C71A6DF30A6958B40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B0B6D Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3f19d88694c6d9e3614dfac0cba559e0f581464b99ad7fbdb9ede6bcd30d4290
                                                                                                                                                                                  • Instruction ID: dea85640fad4c87497356001228fc4200ad0c11d2666ceb144287cd0cdfc2163
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f19d88694c6d9e3614dfac0cba559e0f581464b99ad7fbdb9ede6bcd30d4290
                                                                                                                                                                                  • Instruction Fuzzy Hash: F6012F3094E68A5FDB51AB7088A4AFA7BA0EF4A304F4549FAE41CC60E3DF386654C700
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B799F Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: b6741e06089b73848d06c45186f92fc874e78c3e80f75c5cd85aa1bbf5dc9bf1
                                                                                                                                                                                  • Instruction ID: 238fd842c907e62100eeb4ca88c621800d4c497e6f2435fcfe064c86d26006cc
                                                                                                                                                                                  • Opcode Fuzzy Hash: b6741e06089b73848d06c45186f92fc874e78c3e80f75c5cd85aa1bbf5dc9bf1
                                                                                                                                                                                  • Instruction Fuzzy Hash: 40014C32B0AB4A0FEB5DEB3448549657753EB5935070446BEC016C72F6ED28FA018B80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BA248 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 674439a506d334c421cdbefa1b0597966a4761a9bca3a4148e2f9aae01eee961
                                                                                                                                                                                  • Instruction ID: d7935a006b3e7910ef446ac7220a68ef8954c80512dac229361bd584421edc32
                                                                                                                                                                                  • Opcode Fuzzy Hash: 674439a506d334c421cdbefa1b0597966a4761a9bca3a4148e2f9aae01eee961
                                                                                                                                                                                  • Instruction Fuzzy Hash: B4F05931B0A85E1BC7159278995059837E3EBD4760B058372C000CB2E9DC7C6A9A87C1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B98DF Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 03591379d60004751c737c4edd18be4990b2b1d1a02bc7eeb73b2017bd78969c
                                                                                                                                                                                  • Instruction ID: b0d7b33f49b111565d84b54cdf35d4c799d99133b8b3852295090a8c08a0d84c
                                                                                                                                                                                  • Opcode Fuzzy Hash: 03591379d60004751c737c4edd18be4990b2b1d1a02bc7eeb73b2017bd78969c
                                                                                                                                                                                  • Instruction Fuzzy Hash: E4011230B295198AEB689B6DC55537D72D2EB8C300F60443DE04FC32EED939B8415645
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B9673 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 48c5810b6db8e8448f08984fb53b06053a01b021a4a9f4ad2ff9ced093fd67cc
                                                                                                                                                                                  • Instruction ID: c44d823ef9a8775e031b1008c47d4fcb08d658a1e79ee6840de7ed332df92707
                                                                                                                                                                                  • Opcode Fuzzy Hash: 48c5810b6db8e8448f08984fb53b06053a01b021a4a9f4ad2ff9ced093fd67cc
                                                                                                                                                                                  • Instruction Fuzzy Hash: D5F0F631B1414A4BDF1CEB6884AA47D77EBE789700B35913DD443CB2E6DD3465424985
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B6F92 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 4940ef5d19a0abebefca07d8aedc29ee233004c14dcc7fd2641342f26bbb9b35
                                                                                                                                                                                  • Instruction ID: 9911d6f97211062729517ce1622cf5cd401a26989854826718874df350d88133
                                                                                                                                                                                  • Opcode Fuzzy Hash: 4940ef5d19a0abebefca07d8aedc29ee233004c14dcc7fd2641342f26bbb9b35
                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F0E03274D2290BE61CAA6CA861068B247D7C9720B52C23ED44BC72EAEC29564745C0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B3335 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 085d316aa687ba265412deda20eed70390687607284da8999b75b32901f8c0d9
                                                                                                                                                                                  • Instruction ID: e1ae4a43b14a02aeedc300f43d33c9bc03a4eec35a592c9269a94b7be5b7da80
                                                                                                                                                                                  • Opcode Fuzzy Hash: 085d316aa687ba265412deda20eed70390687607284da8999b75b32901f8c0d9
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E01D032A1865E8FE7A4DB28C8507D9B3D1FB5C300F0001BA841DC31E5DE346E81CB80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B1187 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f94eb240f99a89b196edc6adf615c0f217d314e283efc520a17879d3683c4d5e
                                                                                                                                                                                  • Instruction ID: fe15d42efb3ce30fe40b5e781a8b6d8b0de15de3f075586e5a50b9c5c552752c
                                                                                                                                                                                  • Opcode Fuzzy Hash: f94eb240f99a89b196edc6adf615c0f217d314e283efc520a17879d3683c4d5e
                                                                                                                                                                                  • Instruction Fuzzy Hash: C901A431E28A2D8EDF94EB98D895AFCB7B1FB58305F10017AD00DE72A1CB3865808B41
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B39AB Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 3caf26270dfd58c4815a415ca6ae948c54daefab63af4b156e8f67248d2c7223
                                                                                                                                                                                  • Instruction ID: c632216f0d9594be2750a3590ff7fa7d7cb759bc07a3b24cbfdfbaa3d33c6f67
                                                                                                                                                                                  • Opcode Fuzzy Hash: 3caf26270dfd58c4815a415ca6ae948c54daefab63af4b156e8f67248d2c7223
                                                                                                                                                                                  • Instruction Fuzzy Hash: C501D634A1991D8FDBA9EB18C8A0B98B3A1EF59305F1500EA901DE72A1DA34AD85CF40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B394B Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 720f8253b67b17da952ff7ce6ec2218ef132254bdfe0c2491396ab6eae1272d8
                                                                                                                                                                                  • Instruction ID: ad486c3c116d5ca44bccc654b8851c68cf0eb96c637272d415981d874df365d2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 720f8253b67b17da952ff7ce6ec2218ef132254bdfe0c2491396ab6eae1272d8
                                                                                                                                                                                  • Instruction Fuzzy Hash: B5014F34A1992D8FDBA4EB58C855BA8B3B0FF58301F4100FA941DE7161CB30AD85CF80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B3942 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 16abf9b44cb95cdfd210a37d1b585a083d96045df96f6327a767dcd5aa81177f
                                                                                                                                                                                  • Instruction ID: 3138f81db0d512ea2eb9c8d417e2ecabad60522f37a307c113f456cb5da5d9c7
                                                                                                                                                                                  • Opcode Fuzzy Hash: 16abf9b44cb95cdfd210a37d1b585a083d96045df96f6327a767dcd5aa81177f
                                                                                                                                                                                  • Instruction Fuzzy Hash: 3601E434A19A1D8FDBA5EB18C4A5B98B3B0FF19304F0500EA940DEB261DB34AE85CF40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B8F09 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: fd3d3243b6c8ad78c6133943c05a7f7f77ee06d1f30492d5246653a9128d0127
                                                                                                                                                                                  • Instruction ID: 31ce806fa728b1fc61a67336eb4581519a5eda2f7440d96f157dcde7a284fe33
                                                                                                                                                                                  • Opcode Fuzzy Hash: fd3d3243b6c8ad78c6133943c05a7f7f77ee06d1f30492d5246653a9128d0127
                                                                                                                                                                                  • Instruction Fuzzy Hash: D3F054313049098FEB5CEF69C9D89693396E7983017524579D40ACB2F9DD74E9018B80
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BADC8 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 458efda14915b929e9f031831506592ed814373cc46bca923267ab35fce229ae
                                                                                                                                                                                  • Instruction ID: a053bcf29dd57c67bb7b8d4e097a9a6e0a2870684508723ea068e6bf30cc52f1
                                                                                                                                                                                  • Opcode Fuzzy Hash: 458efda14915b929e9f031831506592ed814373cc46bca923267ab35fce229ae
                                                                                                                                                                                  • Instruction Fuzzy Hash: E4F0EC71A0EB8A5FE71F777454305757943FF55200F2508BDD419872E6EC3DA9064700
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B9082 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d720e6eac25b5bdb0a9eeb8aa408b0e8c2e68bd1f5177259a93b516fb76dcc9e
                                                                                                                                                                                  • Instruction ID: 8740f839d9722c190789ed13e1ef38a40d2dd15a4d6302f5c34ef50d901ae16e
                                                                                                                                                                                  • Opcode Fuzzy Hash: d720e6eac25b5bdb0a9eeb8aa408b0e8c2e68bd1f5177259a93b516fb76dcc9e
                                                                                                                                                                                  • Instruction Fuzzy Hash: 80E0923170D50E0FE768EF78D565B6972C2EB88200F164179800DC72B2CD28A95B8B82
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B8731 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1b00f5f96f9388faef1d42f749a40f70b2217571485f593bdb9e0658f37d52cc
                                                                                                                                                                                  • Instruction ID: 9d48f46001d62eea7f434762372864bf05c3ccd4f8e1097ab75ea94b757ee7d2
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b00f5f96f9388faef1d42f749a40f70b2217571485f593bdb9e0658f37d52cc
                                                                                                                                                                                  • Instruction Fuzzy Hash: B6E0265230EA8A5EEA9863B804FA2A08BD2EF69160B0843F99099870A3CC1D18038300
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B7618 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f64bd357b39aa45afa6faa737777f2b71d1fc0bdaf552c32c6d5fe3cd9faf159
                                                                                                                                                                                  • Instruction ID: 085af5218573df29592ff925f8a3e513b17511c14db0e5ed409487b52ce231e5
                                                                                                                                                                                  • Opcode Fuzzy Hash: f64bd357b39aa45afa6faa737777f2b71d1fc0bdaf552c32c6d5fe3cd9faf159
                                                                                                                                                                                  • Instruction Fuzzy Hash: BCE04F15B0EB5F0BE6B99AAC14A023D54838FC8600F5940BAD009C36E7ED289D025781
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B86CE Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1a4f6890a4cf35478e9cf734c1d0292b6a31fc1a528d072f0cf7ef686ca3c367
                                                                                                                                                                                  • Instruction ID: 2996603d088b79843690c8f623671d8aba9e1d9f92d6fface05acf6e8a14454e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a4f6890a4cf35478e9cf734c1d0292b6a31fc1a528d072f0cf7ef686ca3c367
                                                                                                                                                                                  • Instruction Fuzzy Hash: 00E08610A0E6C55FD7292BB004B50B66FF09F1E21075904F9C0DA4B8B3D40D69179745
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B9006 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9a9a436b42127c573461851cf90f01a8b71727a1b2b264c0ec598a3630c53997
                                                                                                                                                                                  • Instruction ID: 24aaf9981cc4d643e0744a28f6bc805fb2f444eefc3f2c1646073a80730914a8
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a9a436b42127c573461851cf90f01a8b71727a1b2b264c0ec598a3630c53997
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DE0863050E7954FE32E977444755657F529F8620071A40FEC0998F1B7C82D5407D611
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B928F Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: df7e6f97b91309f3031f98c3ecbc201cf84fe8e3088220e2b4827b622576706d
                                                                                                                                                                                  • Instruction ID: a4a3a0c60a6603387a2874b97d485be42c85a021f870f9a7e6a3eda63a921ac4
                                                                                                                                                                                  • Opcode Fuzzy Hash: df7e6f97b91309f3031f98c3ecbc201cf84fe8e3088220e2b4827b622576706d
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8DE012712086488FD76CDF18C095B5AB3E2FBA8300F12096ED08ACB264CA70EC01CB86
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BB5D6 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 00e25c93900f021705669388203a732db2fd48937e4ae8f8eb5ac8fc508a53e8
                                                                                                                                                                                  • Instruction ID: 3608dfe95e4f156429f8d5f2e092c3a813525bb4060a7a9b4f74405c6bef9698
                                                                                                                                                                                  • Opcode Fuzzy Hash: 00e25c93900f021705669388203a732db2fd48937e4ae8f8eb5ac8fc508a53e8
                                                                                                                                                                                  • Instruction Fuzzy Hash: 4FE01D327186588FC7B8DF08C055E59B7D1FF94300F45495ED08DDB260CA719D408781
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B999B Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 67cbcb1ac992b57ee713753bbdf688e7da9e62f30d28fa1fd7543350cdebb950
                                                                                                                                                                                  • Instruction ID: c217b6e0be52897effb29a8a60d88d02e5cce24def20d8542224ea826c66b774
                                                                                                                                                                                  • Opcode Fuzzy Hash: 67cbcb1ac992b57ee713753bbdf688e7da9e62f30d28fa1fd7543350cdebb950
                                                                                                                                                                                  • Instruction Fuzzy Hash: 54E0E630E1470D4BDB1CDBE8C4DA46DBBF2EF4D701F21402AC0069B255CA3464418A81
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B70B2 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 952b422e7a283a99b2e9a958124127ff51f4b4c972b15b643fb0274a79f0a191
                                                                                                                                                                                  • Instruction ID: 162cb267263b99510516a5307e455f17e460b68532c6bf24d816ed4369f8b873
                                                                                                                                                                                  • Opcode Fuzzy Hash: 952b422e7a283a99b2e9a958124127ff51f4b4c972b15b643fb0274a79f0a191
                                                                                                                                                                                  • Instruction Fuzzy Hash: 09D01710F6C91E0EE79CBAA42425AA97081DB58300F1190BA890FC72DBEC1959060680
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B8F79 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: aa44edf99c74db4538b2a88a929d4f81e4d68fa8e0ff1a6cd360192a1637b5ff
                                                                                                                                                                                  • Instruction ID: 1f0b9d6d0be1b5a4037c735854f2520830c80a9056e992441d45f9a528056014
                                                                                                                                                                                  • Opcode Fuzzy Hash: aa44edf99c74db4538b2a88a929d4f81e4d68fa8e0ff1a6cd360192a1637b5ff
                                                                                                                                                                                  • Instruction Fuzzy Hash: B1E05B71108A85CFD75CDF18C085E59B3E1FB94300F114579E049CF270C670E8068B45
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B87AF Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 53705d7a9caf5a5f50ed793d63bbc4ce0e614e47c4763fae1555cc3bef1991a2
                                                                                                                                                                                  • Instruction ID: 58614cec44375ec1915996c94540f6e10eb2848c29e4a7893ae0de94a3f3210e
                                                                                                                                                                                  • Opcode Fuzzy Hash: 53705d7a9caf5a5f50ed793d63bbc4ce0e614e47c4763fae1555cc3bef1991a2
                                                                                                                                                                                  • Instruction Fuzzy Hash: 75D012316097098FD31CDF74C15442676E1BF9C204B01867ED18A8B271DA38D5058E40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B9361 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: ab2ea182975bfbce71eec139f7f10f9b51aa6ca90a51998d453e0cc9e9e3e2ed
                                                                                                                                                                                  • Instruction ID: 627d5ea8054dca1f3b44f97d5401459e57e15b506f8030958dbe693788e75b90
                                                                                                                                                                                  • Opcode Fuzzy Hash: ab2ea182975bfbce71eec139f7f10f9b51aa6ca90a51998d453e0cc9e9e3e2ed
                                                                                                                                                                                  • Instruction Fuzzy Hash: 7CD0A73110D7458FD328DB6480452ABB392FFC4300F11493ED1858B2A1CB75E5078B82
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BA777 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9dcee32124fe2b26618382d8ed833090e085562cdfb6b2684b5e6e3a4ffc252c
                                                                                                                                                                                  • Instruction ID: 8ba6c478f97e37d707c486a107fce8e059de85b2803291d55b1bb264e07f86dd
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dcee32124fe2b26618382d8ed833090e085562cdfb6b2684b5e6e3a4ffc252c
                                                                                                                                                                                  • Instruction Fuzzy Hash: 71D01235A0F61AEAD3211770842552432A16F09311F2A08B6D4894B1B2DE7DD5018AC6
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B9799 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 9c6043b3fa74b89a0149864f67c6373e516f515ca189bbb581d499e61a8d11d4
                                                                                                                                                                                  • Instruction ID: 205ceae07e04e0dddd4c21d31f57a2fd5c8e78dd6caa969e1fe689153f6984ad
                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c6043b3fa74b89a0149864f67c6373e516f515ca189bbb581d499e61a8d11d4
                                                                                                                                                                                  • Instruction Fuzzy Hash: F5C01220F2864447E7086AAC845917C77E1DB48705F100079E406C72DAED2468820586
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BB464 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 5ad7efb9158a15310da602f2a68a9168e6ecf8c0fd135d367770ae3ef34df3b0
                                                                                                                                                                                  • Instruction ID: dc56460bd9e086d6fa18aa535c74d8b77a23a95dfe8ac0a2d9afb5faf1c4dca4
                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ad7efb9158a15310da602f2a68a9168e6ecf8c0fd135d367770ae3ef34df3b0
                                                                                                                                                                                  • Instruction Fuzzy Hash: FED0C932B05458CFCB58DE58C0D4A653692EB7C304B1600B9D80DCF2B5DA62AC04CB40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B7296 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 246cde90a061579c142c8b22620360875e9df17b1050dd91f65c992677b38647
                                                                                                                                                                                  • Instruction ID: 0363a90bbf534fc1b56b504869112b2acfad122f843529823d9e58dc48a46f51
                                                                                                                                                                                  • Opcode Fuzzy Hash: 246cde90a061579c142c8b22620360875e9df17b1050dd91f65c992677b38647
                                                                                                                                                                                  • Instruction Fuzzy Hash: 65C01234A0951D8FD76CAAB040612A931056B4D301F11907D890E8A693DD6495058F40
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B9859 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: f8db16c770e449c414999c89a7cb0982c4e2639e07f51c3cc1a68fd909e5a62d
                                                                                                                                                                                  • Instruction ID: b289368d3598fef53221d250f8477960fa806130e5b94de48c1eb1a463f227a8
                                                                                                                                                                                  • Opcode Fuzzy Hash: f8db16c770e449c414999c89a7cb0982c4e2639e07f51c3cc1a68fd909e5a62d
                                                                                                                                                                                  • Instruction Fuzzy Hash: B9C01230A1435C8AD718CB98C5EA57CF7F3EB98300F10416AD00557195EB3829058680
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B8FAB Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1507376bcc462adbdeb160a2a08b0f34410dd1766b590f925d4e639ca2d8ccac
                                                                                                                                                                                  • Instruction ID: e4059f0db6badabb5048473d06ee342ee3b3b66736885d0b578f0d84da6bd3ef
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1507376bcc462adbdeb160a2a08b0f34410dd1766b590f925d4e639ca2d8ccac
                                                                                                                                                                                  • Instruction Fuzzy Hash: 17C08C326097268BE33C9F728470175B6437FCC304F62843DC01E4B1A6CC39A002EA10
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B7339 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: d29253f6b3c687d344ea286c560e6b302d8043ae86fbfccfaa6e9ec31b79f213
                                                                                                                                                                                  • Instruction ID: db47d0003f114d2d3f1a7c1c4117565279c6b0714894ab228ffc8bcb7e347ff4
                                                                                                                                                                                  • Opcode Fuzzy Hash: d29253f6b3c687d344ea286c560e6b302d8043ae86fbfccfaa6e9ec31b79f213
                                                                                                                                                                                  • Instruction Fuzzy Hash: 65B09B01B4D51E4FD51CBFF0143513D6445171DA01F61603F550B461E3DC1855041D81
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B714F Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: dffc129e093777c358fd894be14c684ab5b114e7540fe5a5580c30232ff06592
                                                                                                                                                                                  • Instruction ID: e2bc76dd65a1e7517dfa6e01062925627cc7595ee1313d6f6686ed23dc81f85f
                                                                                                                                                                                  • Opcode Fuzzy Hash: dffc129e093777c358fd894be14c684ab5b114e7540fe5a5580c30232ff06592
                                                                                                                                                                                  • Instruction Fuzzy Hash: A1B09201B5DA2E8FEA3CBEF0453723D640A0B59601F52643E864B862E3DC1C99002AC1
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8B90C8 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: eafc865ebae3e1b0536a2d57fa9a6c480216c3d23a55c73b7dce3c9da6bc0d25
                                                                                                                                                                                  • Instruction ID: 5fefa75f89756cb6371b29bc41f78e5167dc545d8edc0cadd0f3b72b08437d62
                                                                                                                                                                                  • Opcode Fuzzy Hash: eafc865ebae3e1b0536a2d57fa9a6c480216c3d23a55c73b7dce3c9da6bc0d25
                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FB09B1570911B06F72C79B5547563D044347D5300B16943ED106862E5CD6A55075552
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BB7DA Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 1611d19cf487ec4f35d8ac0be94424f56edc47fad92c374782698ce3745c7ddf
                                                                                                                                                                                  • Instruction ID: 1a1e9716f0e763a2d91925906d383170413d685cf53eb4fe5281890e57887548
                                                                                                                                                                                  • Opcode Fuzzy Hash: 1611d19cf487ec4f35d8ac0be94424f56edc47fad92c374782698ce3745c7ddf
                                                                                                                                                                                  • Instruction Fuzzy Hash: B5C08C22B0912647E3249EF08961028685A4B88248B131236980A871F2CC286A000681
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                  Function 00007FFD9B8BB77B Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                  • Source File: 00000002.00000002.3000105158.00007FFD9B8B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8B0000, based on PE: false
                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                  • Snapshot File: hcaresult_2_2_7ffd9b8b0000_WINChamsBPCrack.jbxd
                                                                                                                                                                                  Similarity
                                                                                                                                                                                  • API ID:
                                                                                                                                                                                  • String ID:
                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                  • Opcode ID: 71f064ac07187531094ee6f76b682f02706c3b02c0a9aa643cfb0ce5700afc99
                                                                                                                                                                                  • Instruction ID: bfb67055bb901868864444fb0c620cc5579c8a96a18e33e147986cffaeea0d97
                                                                                                                                                                                  • Opcode Fuzzy Hash: 71f064ac07187531094ee6f76b682f02706c3b02c0a9aa643cfb0ce5700afc99
                                                                                                                                                                                  • Instruction Fuzzy Hash: 75B01223F0E437C3E63C1DF60432039488E0B08292F27003ED80E1B1E38C496A000CC0
                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                  Uniqueness Score: -1.00%