Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
i6R4NsEd8t.exe

Overview

General Information

Sample Name:i6R4NsEd8t.exe
Original Sample Name:abf58920ed73ef807269982b4e62fa9a.exe
Analysis ID:1335530
MD5:abf58920ed73ef807269982b4e62fa9a
SHA1:03e66fb10269f7ba6fe0bc8200ba5685f224ac7c
SHA256:1a43ce284eeb6c62750e67cfd710109ea3461e0fdb4e3ef6df64b159e78f8fd2
Tags:exe
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
Malicious sample detected (through community Yara rule)
Yara detected Telegram RAT
Yara detected AntiVM3
Tries to steal Mail credentials (via file / registry access)
Tries to harvest and steal ftp login credentials
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Yara detected Beds Obfuscator
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
.NET source code contains very large strings
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
One or more processes crash
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Creates files inside the system directory
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Uses insecure TLS / SSL version for HTTPS connection
Contains long sleeps (>= 3 min)
May check the online IP address of the machine
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Queries disk information (often used to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

  • System is w10x64
  • i6R4NsEd8t.exe (PID: 7608 cmdline: C:\Users\user\Desktop\i6R4NsEd8t.exe MD5: ABF58920ED73EF807269982B4E62FA9A)
    • i6R4NsEd8t.exe (PID: 8164 cmdline: {path} MD5: ABF58920ED73EF807269982B4E62FA9A)
    • i6R4NsEd8t.exe (PID: 8172 cmdline: {path} MD5: ABF58920ED73EF807269982B4E62FA9A)
      • WerFault.exe (PID: 5148 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 2252 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • svchost.exe (PID: 7648 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger
{"Exfil Mode": "SMTP", "Username": "admin@evapimlogs.com", "Password": "BkKMmzZ1", "Host": "us2.smtp.mailhostbox.com", "Port": "587"}
SourceRuleDescriptionAuthorStrings
00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_BedsObfuscatorYara detected Beds ObfuscatorJoe Security
    00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x5d1a0:$a1: get_encryptedPassword
      • 0x5d174:$a2: get_encryptedUsername
      • 0x5d238:$a3: get_timePasswordChanged
      • 0x5d150:$a4: get_passwordField
      • 0x5d1b6:$a5: set_encryptedPassword
      • 0x49200:$a6: get_passwords
      • 0x5cf6c:$a7: get_logins
      • 0x48d62:$a8: GetOutlookPasswords
      • 0x2bc51:$a9: StartKeylogger
      • 0x450b1:$a10: KeyLoggerEventArgs
      • 0x44ff6:$a11: KeyLoggerEventArgsEventHandler
      • 0x2bc60:$a12: GetDataPassword
      • 0x5d057:$a13: _encryptedPassword
      • 0x29c08:$b1: ----------------S--------N--------A--------K--------E----------------
      • 0x29c63:$b1: ----------------S--------N--------A--------K--------E----------------
      • 0x29ce3:$b1: ----------------S--------N--------A--------K--------E----------------
      • 0x29d3e:$b1: ----------------S--------N--------A--------K--------E----------------
      • 0x29da2:$b1: ----------------S--------N--------A--------K--------E----------------
      • 0x29dfd:$b1: ----------------S--------N--------A--------K--------E----------------
      • 0x29e61:$b1: ----------------S--------N--------A--------K--------E----------------
      • 0x29ebc:$b1: ----------------S--------N--------A--------K--------E----------------
      00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_BedsObfuscatorYara detected Beds ObfuscatorJoe Security
        00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 16 entries
          SourceRuleDescriptionAuthorStrings
          6.2.i6R4NsEd8t.exe.400000.0.unpackJoeSecurity_BedsObfuscatorYara detected Beds ObfuscatorJoe Security
            6.2.i6R4NsEd8t.exe.400000.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
              0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpackJoeSecurity_BedsObfuscatorYara detected Beds ObfuscatorJoe Security
                0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                  6.2.i6R4NsEd8t.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x5d3a0:$a1: get_encryptedPassword
                  • 0x5d374:$a2: get_encryptedUsername
                  • 0x5d438:$a3: get_timePasswordChanged
                  • 0x5d350:$a4: get_passwordField
                  • 0x5d3b6:$a5: set_encryptedPassword
                  • 0x49400:$a6: get_passwords
                  • 0x5d16c:$a7: get_logins
                  • 0x48f62:$a8: GetOutlookPasswords
                  • 0x2be51:$a9: StartKeylogger
                  • 0x452b1:$a10: KeyLoggerEventArgs
                  • 0x451f6:$a11: KeyLoggerEventArgsEventHandler
                  • 0x2be60:$a12: GetDataPassword
                  • 0x5d257:$a13: _encryptedPassword
                  • 0x29e08:$b1: ----------------S--------N--------A--------K--------E----------------
                  • 0x29e63:$b1: ----------------S--------N--------A--------K--------E----------------
                  • 0x29ee3:$b1: ----------------S--------N--------A--------K--------E----------------
                  • 0x29f3e:$b1: ----------------S--------N--------A--------K--------E----------------
                  • 0x29fa2:$b1: ----------------S--------N--------A--------K--------E----------------
                  • 0x29ffd:$b1: ----------------S--------N--------A--------K--------E----------------
                  • 0x2a061:$b1: ----------------S--------N--------A--------K--------E----------------
                  • 0x2a0bc:$b1: ----------------S--------N--------A--------K--------E----------------
                  Click to see the 13 entries
                  No Sigma rule has matched
                  No Snort rule has matched

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "admin@evapimlogs.com", "Password": "BkKMmzZ1", "Host": "us2.smtp.mailhostbox.com", "Port": "587"}
                  Source: i6R4NsEd8t.exeReversingLabs: Detection: 76%
                  Source: i6R4NsEd8t.exeJoe Sandbox ML: detected
                  Source: i6R4NsEd8t.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.73.97:443 -> 192.168.2.5:49723 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 104.21.85.189:443 -> 192.168.2.5:49724 version: TLS 1.0
                  Source: i6R4NsEd8t.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbl> source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.pdbxX source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Configuration.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\i6R4NsEd8t.PDB source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Xml.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbs source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdbRSDS# source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Core.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: Microsoft.VisualBasic.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Windows.Forms.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb35 source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068A2000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.pdb0_ source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Web.Extensions.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: mscorlib.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: oVisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbl source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbM0C source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbb2 source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Core.pdb| source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: C:\Users\user\Desktop\i6R4NsEd8t.PDB source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Core.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: nLC:\Windows\Microsoft.VisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Windows.Forms.pdblZ source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Core.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: global trafficHTTP traffic detected: GET /xml/154.16.49.82 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/154.16.49.82 HTTP/1.1Host: ipbase.comConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
                  Source: unknownHTTPS traffic detected: 104.21.73.97:443 -> 192.168.2.5:49723 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 104.21.85.189:443 -> 192.168.2.5:49724 version: TLS 1.0
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 01 Nov 2023 15:53:30 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeAge: 0Cache-Control: public,max-age=0,must-revalidateVary: Accept-EncodingX-Nf-Request-Id: 01HE5SDZH9WVNT6XZBAGD6G2C4CF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6D0PSRGLsl4vkNE98gH3FjU6OhSqHdParN4ta0%2BNnryPYsJnTK0B%2B2peB%2F%2BbQEDrmm30BDE0iHmmG86jsDnKeDJtp6%2FywwfXmOGySBzssaoAqbxoQ6QUUCE7aMRw"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 81f54f9cff8c3b6c-IADalt-svc: h3=":443"; ma=86400
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003319000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/h
                  Source: svchost.exe, 00000001.00000002.3256219765.000001F9A9E00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: qmgr.db.1.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: qmgr.db.1.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: qmgr.db.1.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: qmgr.db.1.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: qmgr.db.1.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: svchost.exe, 00000001.00000002.3255603833.000001F9A5102000.00000004.00000020.00020000.00000000.sdmp, qmgr.db.1.drString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: qmgr.db.1.drString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003346000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://freegeoip.app
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ipbase.com
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: Amcache.hve.9.drString found in binary or memory: http://upx.sf.net
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.K
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.000000000335C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.00000000033C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app/xml/
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app/xml/154.16.49.82
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://freegeoip.app/xml/LoadCountryNameClipboard
                  Source: edb.log.1.dr, qmgr.db.1.drString found in binary or memory: https://g.live.com/odclientsettings/Prod/C:
                  Source: svchost.exe, 00000001.00000003.2004807687.000001F9A9CA0000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.drString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003364000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipbase.com
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003364000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003360000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipbase.com/xml/154.16.49.82
                  Source: qmgr.db.1.drString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe/C:
                  Source: unknownDNS traffic detected: queries for: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET /xml/154.16.49.82 HTTP/1.1Host: freegeoip.appConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/154.16.49.82 HTTP/1.1Host: ipbase.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org

                  System Summary

                  barindex
                  Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with ConfuserEx Mod Beds Protector Author: ditekSHen
                  Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with ConfuserEx Mod Beds Protector Author: ditekSHen
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables packed with ConfuserEx Mod Beds Protector Author: ditekSHen
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                  Source: i6R4NsEd8t.exe, Group.csLong String: Length: 32771
                  Source: i6R4NsEd8t.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector snort2_sid = 930019-930024, author = ditekSHen, description = Detects executables packed with ConfuserEx Mod Beds Protector, snort3_sid = 930007-930008
                  Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector snort2_sid = 930019-930024, author = ditekSHen, description = Detects executables packed with ConfuserEx Mod Beds Protector, snort3_sid = 930007-930008
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_EXE_Packed_ConfuserExMod_BedsProtector snort2_sid = 930019-930024, author = ditekSHen, description = Detects executables packed with ConfuserEx Mod Beds Protector, snort3_sid = 930007-930008
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 2252
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmpJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_00F1DA0C0_2_00F1DA0C
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D189A80_2_08D189A8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D15B400_2_08D15B40
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D10F800_2_08D10F80
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D100400_2_08D10040
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D156700_2_08D15670
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D187480_2_08D18748
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D1899B0_2_08D1899B
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D14CF50_2_08D14CF5
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D12D390_2_08D12D39
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D11E800_2_08D11E80
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D11E730_2_08D11E73
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D10F030_2_08D10F03
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D130D00_2_08D130D0
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D130C00_2_08D130C0
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D100110_2_08D10011
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D160300_2_08D16030
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D1602E0_2_08D1602E
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D172980_2_08D17298
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D172870_2_08D17287
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D132B80_2_08D132B8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D132A80_2_08D132A8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D184580_2_08D18458
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D1844B0_2_08D1844B
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D116D80_2_08D116D8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D136880_2_08D13688
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D1468D0_2_08D1468D
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D146A00_2_08D146A0
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D136790_2_08D13679
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D156600_2_08D15660
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D187430_2_08D18743
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_014609816_2_01460981
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_01468B696_2_01468B69
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_014692E06_2_014692E0
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_01465DBE6_2_01465DBE
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_014614396_2_01461439
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_014619506_2_01461950
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D020C06_2_06D020C0
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D028E06_2_06D028E0
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D010806_2_06D01080
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D018A06_2_06D018A0
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D000406_2_06D00040
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D008606_2_06D00860
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D051986_2_06D05198
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D061886_2_06D06188
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D041586_2_06D04158
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D049786_2_06D04978
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D059686_2_06D05968
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D031006_2_06D03100
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D039206_2_06D03920
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D038C06_2_06D038C0
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D040F86_2_06D040F8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D028816_2_06D02881
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D030A16_2_06D030A1
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D018416_2_06D01841
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D020636_2_06D02063
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D008016_2_06D00801
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D000076_2_06D00007
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D010216_2_06D01021
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D059B86_2_06D059B8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D061796_2_06D06179
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D049196_2_06D04919
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D051386_2_06D05138
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D372D86_2_06D372D8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D35AC86_2_06D35AC8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D37AF86_2_06D37AF8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D362986_2_06D36298
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3D6806_2_06D3D680
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D34A886_2_06D34A88
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D36AB86_2_06D36AB8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D352A86_2_06D352A8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3F2406_2_06D3F240
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D33A486_2_06D33A48
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D342686_2_06D34268
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3EA686_2_06D3EA68
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D332286_2_06D33228
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3B3D86_2_06D3B3D8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3BBF86_2_06D3BBF8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3A3986_2_06D3A398
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3ABB86_2_06D3ABB8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D393586_2_06D39358
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D39B786_2_06D39B78
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D383186_2_06D38318
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D38B386_2_06D38B38
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3CC886_2_06D3CC88
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D300406_2_06D30040
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3C4686_2_06D3C468
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D329686_2_06D32968
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D38AD86_2_06D38AD8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D392F86_2_06D392F8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D362E86_2_06D362E8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D37A986_2_06D37A98
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D382B96_2_06D382B9
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D36AA86_2_06D36AA8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3524A6_2_06D3524A
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3D6706_2_06D3D670
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D372786_2_06D37278
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D35A686_2_06D35A68
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D342096_2_06D34209
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D34A286_2_06D34A28
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3BB986_2_06D3BB98
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3C3B76_2_06D3C3B7
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3AB586_2_06D3AB58
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3B3796_2_06D3B379
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D39B196_2_06D39B19
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3A3386_2_06D3A338
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3003F6_2_06D3003F
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3CC286_2_06D3CC28
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D331C86_2_06D331C8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D339E86_2_06D339E8
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3F1916_2_06D3F191
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D3E9B86_2_06D3E9B8
                  Source: i6R4NsEd8t.exe, 00000000.00000000.2000260653.0000000000830000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGohbb.exe> vs i6R4NsEd8t.exe
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002BB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename5E4MUGS3.exe4 vs i6R4NsEd8t.exe
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2331580916.0000000005600000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameResource_Meter.dll> vs i6R4NsEd8t.exe
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2332401883.0000000008E80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs i6R4NsEd8t.exe
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename5E4MUGS3.exe4 vs i6R4NsEd8t.exe
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs i6R4NsEd8t.exe
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328064898.0000000000F2E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs i6R4NsEd8t.exe
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2399118416.0000000000466000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename5E4MUGS3.exe4 vs i6R4NsEd8t.exe
                  Source: i6R4NsEd8t.exeBinary or memory string: OriginalFilenameGohbb.exe> vs i6R4NsEd8t.exe
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dllJump to behavior
                  Source: i6R4NsEd8t.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: i6R4NsEd8t.exeReversingLabs: Detection: 76%
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeFile read: C:\Users\user\Desktop\i6R4NsEd8t.exeJump to behavior
                  Source: i6R4NsEd8t.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\i6R4NsEd8t.exe C:\Users\user\Desktop\i6R4NsEd8t.exe
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess created: C:\Users\user\Desktop\i6R4NsEd8t.exe {path}
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess created: C:\Users\user\Desktop\i6R4NsEd8t.exe {path}
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 2252
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess created: C:\Users\user\Desktop\i6R4NsEd8t.exe {path}Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess created: C:\Users\user\Desktop\i6R4NsEd8t.exe {path}Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\i6R4NsEd8t.exe.logJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\29e348f1-9d1f-4459-8727-4df06504aa56Jump to behavior
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/10@3/4
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003417000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003409000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.000000000347C000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.00000000033F9000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2401904186.00000000042E0000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.000000000346F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: i6R4NsEd8t.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess8172
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbs
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: i6R4NsEd8t.exeStatic file information: File size 1479680 > 1048576
                  Source: i6R4NsEd8t.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: i6R4NsEd8t.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbl> source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.pdbxX source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Configuration.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: \??\C:\Users\user\Desktop\i6R4NsEd8t.PDB source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: C:\Windows\Microsoft.VisualBasic.pdbpdbsic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Xml.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: f:\binaries\Intermediate\vb\microsoft.visualbasic.build.vbproj_731629843\objr\x86\Microsoft.VisualBasic.pdbs source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Xml.ni.pdbRSDS# source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Core.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: Microsoft.VisualBasic.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Windows.Forms.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: \??\C:\Windows\dll\Microsoft.VisualBasic.pdb35 source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068A2000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: System.Configuration.pdb0_ source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Web.Extensions.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: mscorlib.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: oVisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.pdbl source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\symbols\dll\Microsoft.VisualBasic.pdbM0C source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Windows\Microsoft.VisualBasic.pdbb2 source: i6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068C5000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: mscorlib.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Core.pdb| source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: C:\Users\user\Desktop\i6R4NsEd8t.PDB source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Core.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: nLC:\Windows\Microsoft.VisualBasic.pdb source: i6R4NsEd8t.exe, 00000006.00000002.2399397553.0000000000FD6000.00000004.00000010.00020000.00000000.sdmp
                  Source: Binary string: System.Windows.Forms.pdblZ source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.ni.pdb source: WERF878.tmp.dmp.9.dr
                  Source: Binary string: System.Core.ni.pdbRSDS source: WERF878.tmp.dmp.9.dr

                  Data Obfuscation

                  barindex
                  Source: Yara matchFile source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR
                  Source: i6R4NsEd8t.exe, TaskEightBestOil.cs.Net Code: GGGGGGGGGGGGGGGGGGGG System.Reflection.Assembly.Load(byte[])
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 0_2_08D180FB push edi; iretd 0_2_08D18102
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_01465DB2 push 90030BFFh; iretd 6_2_01465DBD
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D321CF push es; retf 6_2_06D321D0
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.6790325940372615
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Source: Yara matchFile source: 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTR
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: Yara matchFile source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7628Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\System32\svchost.exe TID: 7712Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7380Thread sleep count: 728 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -599871s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7380Thread sleep count: 1615 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -599766s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -599656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -599546s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -599438s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -599328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -599107s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -599000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -598888s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -598781s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -598672s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -598563s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exe TID: 7384Thread sleep time: -596471s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599871Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599107Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599000Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 598888Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 598781Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 598672Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 598563Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 596471Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeWindow / User API: threadDelayed 728Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeWindow / User API: threadDelayed 1615Jump to behavior
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599871Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599546Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599107Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 599000Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 598888Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 598781Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 598672Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 598563Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeThread delayed: delay time: 596471Jump to behavior
                  Source: Amcache.hve.9.drBinary or memory string: VMware
                  Source: Amcache.hve.9.drBinary or memory string: VMware Virtual USB Mouse
                  Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin
                  Source: Amcache.hve.9.drBinary or memory string: VMware, Inc.
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                  Source: Amcache.hve.9.drBinary or memory string: VMware20,1hbin@
                  Source: Amcache.hve.9.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                  Source: Amcache.hve.9.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: Amcache.hve.9.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                  Source: svchost.exe, 00000001.00000002.3256313169.000001F9A9E43000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.3256396264.000001F9A9E56000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: Amcache.hve.9.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                  Source: Amcache.hve.9.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                  Source: Amcache.hve.9.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                  Source: Amcache.hve.9.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                  Source: i6R4NsEd8t.exe, 00000006.00000002.2399868403.0000000001503000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: Amcache.hve.9.drBinary or memory string: vmci.sys
                  Source: Amcache.hve.9.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
                  Source: Amcache.hve.9.drBinary or memory string: vmci.syshbin`
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                  Source: Amcache.hve.9.drBinary or memory string: \driver\vmci,\driver\pci
                  Source: svchost.exe, 00000001.00000002.3255163176.000001F9A4829000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWP
                  Source: i6R4NsEd8t.exe, 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                  Source: Amcache.hve.9.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                  Source: Amcache.hve.9.drBinary or memory string: VMware20,1
                  Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Generation Counter
                  Source: Amcache.hve.9.drBinary or memory string: NECVMWar VMware SATA CD00
                  Source: Amcache.hve.9.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                  Source: Amcache.hve.9.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                  Source: Amcache.hve.9.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                  Source: Amcache.hve.9.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                  Source: Amcache.hve.9.drBinary or memory string: VMware PCI VMCI Bus Device
                  Source: Amcache.hve.9.drBinary or memory string: VMware VMCI Bus Device
                  Source: Amcache.hve.9.drBinary or memory string: VMware Virtual RAM
                  Source: Amcache.hve.9.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                  Source: Amcache.hve.9.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeCode function: 6_2_06D30040 LdrInitializeThunk,6_2_06D30040
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeMemory written: C:\Users\user\Desktop\i6R4NsEd8t.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess created: C:\Users\user\Desktop\i6R4NsEd8t.exe {path}Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeProcess created: C:\Users\user\Desktop\i6R4NsEd8t.exe {path}Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Users\user\Desktop\i6R4NsEd8t.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Users\user\Desktop\i6R4NsEd8t.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: Amcache.hve.9.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                  Source: Amcache.hve.9.drBinary or memory string: msmpeng.exe
                  Source: Amcache.hve.9.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                  Source: Amcache.hve.9.drBinary or memory string: MsMpEng.exe

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR
                  Source: Yara matchFile source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\i6R4NsEd8t.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: Yara matchFile source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Source: Yara matchFile source: 6.2.i6R4NsEd8t.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.i6R4NsEd8t.exe.3c1c9a0.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 7608, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR
                  Source: Yara matchFile source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: i6R4NsEd8t.exe PID: 8172, type: MEMORYSTR
                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsWindows Management Instrumentation1
                  DLL Side-Loading
                  111
                  Process Injection
                  11
                  Masquerading
                  2
                  OS Credential Dumping
                  131
                  Security Software Discovery
                  Remote Services1
                  Email Collection
                  Exfiltration Over Other Network Medium11
                  Encrypted Channel
                  Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading
                  1
                  Disable or Modify Tools
                  LSASS Memory1
                  Process Discovery
                  Remote Desktop Protocol1
                  Archive Collected Data
                  Exfiltration Over Bluetooth3
                  Ingress Tool Transfer
                  Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)41
                  Virtualization/Sandbox Evasion
                  Security Account Manager41
                  Virtualization/Sandbox Evasion
                  SMB/Windows Admin Shares2
                  Data from Local System
                  Automated Exfiltration3
                  Non-Application Layer Protocol
                  Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                  Process Injection
                  NTDS1
                  Application Window Discovery
                  Distributed Component Object ModelInput CaptureScheduled Transfer14
                  Application Layer Protocol
                  SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script2
                  Obfuscated Files or Information
                  LSA Secrets1
                  System Network Configuration Discovery
                  SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.common12
                  Software Packing
                  Cached Domain Credentials23
                  System Information Discovery
                  VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                  DLL Side-Loading
                  DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  i6R4NsEd8t.exe76%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
                  i6R4NsEd8t.exe100%Joe Sandbox ML
                  No Antivirus matches
                  No Antivirus matches
                  No Antivirus matches
                  SourceDetectionScannerLabelLink
                  http://checkip.dyndns.org/0%URL Reputationsafe
                  http://checkip.dyndns.org0%URL Reputationsafe
                  http://checkip.dyndns.com0%URL Reputationsafe
                  http://www.microsoft.K0%Avira URL Cloudsafe
                  http://crl.ver)0%Avira URL Cloudsafe
                  https://freegeoip.app/xml/0%Avira URL Cloudsafe
                  https://ipbase.com0%Avira URL Cloudsafe
                  https://freegeoip.app/xml/154.16.49.820%Avira URL Cloudsafe
                  http://freegeoip.app0%Avira URL Cloudsafe
                  https://freegeoip.app/xml/LoadCountryNameClipboard0%Avira URL Cloudsafe
                  http://ipbase.com0%Avira URL Cloudsafe
                  https://freegeoip.app0%Avira URL Cloudsafe
                  http://checkip.dyndns.org/h0%Avira URL Cloudsafe
                  https://ipbase.com/xml/154.16.49.820%Avira URL Cloudsafe
                  https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/1250%Avira URL Cloudsafe
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  ipbase.com
                  104.21.85.189
                  truefalse
                    unknown
                    freegeoip.app
                    104.21.73.97
                    truefalse
                      unknown
                      checkip.dyndns.com
                      193.122.6.168
                      truefalse
                        unknown
                        checkip.dyndns.org
                        unknown
                        unknowntrue
                          unknown
                          NameMaliciousAntivirus DetectionReputation
                          http://checkip.dyndns.org/false
                          • URL Reputation: safe
                          unknown
                          https://freegeoip.app/xml/154.16.49.82false
                          • Avira URL Cloud: safe
                          unknown
                          https://ipbase.com/xml/154.16.49.82false
                          • Avira URL Cloud: safe
                          unknown
                          NameSourceMaliciousAntivirus DetectionReputation
                          https://freegeoip.app/xml/i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://g.live.com/odclientsettings/Prod/C:edb.log.1.dr, qmgr.db.1.drfalse
                            high
                            http://checkip.dyndns.org/hi6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://ipbase.comi6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003364000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.microsoft.Ki6R4NsEd8t.exe, 00000006.00000002.2402649572.00000000068A2000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://freegeoip.appi6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://crl.ver)svchost.exe, 00000001.00000002.3256219765.000001F9A9E00000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            low
                            https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://g.live.com/odclientsettings/ProdV2.C:svchost.exe, 00000001.00000003.2004807687.000001F9A9CA0000.00000004.00000800.00020000.00000000.sdmp, edb.log.1.dr, qmgr.db.1.drfalse
                                high
                                http://upx.sf.netAmcache.hve.9.drfalse
                                  high
                                  http://checkip.dyndns.orgi6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003319000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://checkip.dyndns.comi6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003325000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  unknown
                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namei6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://freegeoip.app/xml/LoadCountryNameClipboardi6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://ipbase.comi6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003364000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://freegeoip.appi6R4NsEd8t.exe, 00000006.00000002.2400764797.0000000003346000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://answers.netlify.com/t/support-guide-i-ve-deployed-my-site-but-i-still-see-page-not-found/125i6R4NsEd8t.exe, 00000006.00000002.2400764797.00000000033C2000.00000004.00000800.00020000.00000000.sdmp, i6R4NsEd8t.exe, 00000006.00000002.2400764797.000000000335C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs
                                    IPDomainCountryFlagASNASN NameMalicious
                                    193.122.6.168
                                    checkip.dyndns.comUnited States
                                    31898ORACLE-BMC-31898USfalse
                                    104.21.85.189
                                    ipbase.comUnited States
                                    13335CLOUDFLARENETUSfalse
                                    104.21.73.97
                                    freegeoip.appUnited States
                                    13335CLOUDFLARENETUSfalse
                                    IP
                                    127.0.0.1
                                    Joe Sandbox Version:38.0.0 Ammolite
                                    Analysis ID:1335530
                                    Start date and time:2023-11-01 16:52:05 +01:00
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 5m 52s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                    Number of analysed new started processes analysed:11
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Sample file name:i6R4NsEd8t.exe
                                    renamed because original name is a hash value
                                    Original Sample Name:abf58920ed73ef807269982b4e62fa9a.exe
                                    Detection:MAL
                                    Classification:mal100.troj.spyw.evad.winEXE@7/10@3/4
                                    EGA Information:
                                    • Successful, ratio: 100%
                                    HCA Information:
                                    • Successful, ratio: 99%
                                    • Number of executed functions: 174
                                    • Number of non-executed functions: 21
                                    Cookbook Comments:
                                    • Found application associated with file extension: .exe
                                    • Exclude process from analysis (whitelisted): dllhost.exe, BackgroundTransferHost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                    • Excluded IPs from analysis (whitelisted): 23.54.68.82, 52.168.117.173
                                    • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, prod.fs.microsoft.com.akadns.net
                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                    • Report size getting too big, too many NtOpenFile calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                    • Report size getting too big, too many NtSetInformationFile calls found.
                                    • VT rate limit hit for: i6R4NsEd8t.exe
                                    TimeTypeDescription
                                    16:52:53API Interceptor2x Sleep call for process: svchost.exe modified
                                    16:53:29API Interceptor14x Sleep call for process: i6R4NsEd8t.exe modified
                                    16:53:32API Interceptor1x Sleep call for process: WerFault.exe modified
                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                    193.122.6.168Hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                    • checkip.dyndns.org/
                                    SecuriteInfo.com.Win32.KeyloggerX-gen.24670.4764.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    Hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    New_product.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    Design.bat.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    swift.txt.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    report_for_4-October-2023.exeGet hashmaliciousAgentTesla, Snake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    POkxzw7w3D.exeGet hashmaliciousAgentTesla, Snake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    payment_confirmation.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    zipsetup_(2).exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                    • checkip.dyndns.org/
                                    (13).mp4.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                    • checkip.dyndns.org/
                                    sister_live_broadcast_setup.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                    • checkip.dyndns.org/
                                    1106#U3010#U770b#U76f4#U64ad#U3011#U79d2#U770b#U7535#U89c6.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                    • checkip.dyndns.org/
                                    WALLHACK_CRACK_Roblox_by_PREDATOR.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                    • checkip.dyndns.org/
                                    43ssYWDRhs.exeGet hashmaliciousAgentTesla, Snake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    cpulock.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                    • checkip.dyndns.org/
                                    MJSEAUC.exeGet hashmaliciousAgent Tesla, AgentTeslaBrowse
                                    • checkip.dyndns.org/
                                    hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    HCAP1Wys0F.exeGet hashmaliciousSnake KeyloggerBrowse
                                    • checkip.dyndns.org/
                                    104.21.85.189rvYr7FRwkG.dllGet hashmaliciousUnknownBrowse
                                      case (426).xlsGet hashmaliciousUnknownBrowse
                                        case (61).xlsGet hashmaliciousUnknownBrowse
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          checkip.dyndns.comSwift.txt.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.247.73
                                          DEKONT_S_659332597pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.247.73
                                          34578765ST.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.6.168
                                          987654345789098765.PDF..0987PDF..exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 158.101.44.242
                                          U1su8hmVj4ourFo.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                          • 158.101.44.242
                                          hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.8.169
                                          hareketleriniz.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.247.73
                                          jxkeDCCodB.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.130.0
                                          rCIMB-Transfer_Advice-202310301849809.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.8.169
                                          Ttwsg.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.247.73
                                          hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.130.0
                                          SecuriteInfo.com.Trojan.KeyloggerNET.54.10231.6973.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.247.73
                                          Hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.6.168
                                          3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                          • 193.122.6.168
                                          SB0G28XC.bat.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 158.101.44.242
                                          CI_84394.cmd.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 158.101.44.242
                                          file.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.130.0
                                          comprobante.xlam.xlsxGet hashmaliciousRedLine, Snake Keylogger, zgRATBrowse
                                          • 132.226.8.169
                                          Ziraat_Bankas#U0131_Swift_Mesaj#U0131.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.8.169
                                          7nYkVlcnfx.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 132.226.247.73
                                          ipbase.com3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                          • 104.21.28.190
                                          7nYkVlcnfx.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 172.67.147.81
                                          bcAE21roAv.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 172.67.147.81
                                          VegaStealer_v1.bin.exeGet hashmaliciousAdes Stealer, NitroStealerBrowse
                                          • 75.2.60.5
                                          Yandex.bin.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                          • 75.2.60.5
                                          SPYGAME.bin.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                          • 75.2.60.5
                                          A6KiC17VqI.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 75.2.60.5
                                          TwB13kUEGN.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 75.2.60.5
                                          w5gL8sZU6z.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 99.83.231.61
                                          k2Bg5AlSk1.exeGet hashmaliciousMassLogger RAT, Matiex, Snake KeyloggerBrowse
                                          • 75.2.60.5
                                          vYT3XBi8du.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 99.83.231.61
                                          CJCxcYxjhF.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 99.83.231.61
                                          g95CmPy67V.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 75.2.60.5
                                          nesbiPpHpN.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 99.83.231.61
                                          M6VkStAYfV.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 99.83.231.61
                                          2yecaxS2wK.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 75.2.60.5
                                          058J3H4iEy.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 75.2.60.5
                                          jINnuKt8Yz.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 75.2.60.5
                                          XuwCD7R8y8.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                          • 99.83.231.61
                                          BOI_PAYMENT_KGA_INV._GE210228C_ADVANCE_YATANDZA.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 99.83.231.61
                                          freegeoip.app3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                          • 172.67.160.84
                                          7nYkVlcnfx.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 172.67.160.84
                                          bcAE21roAv.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 104.21.73.97
                                          VegaStealer_v1.bin.exeGet hashmaliciousAdes Stealer, NitroStealerBrowse
                                          • 104.21.73.97
                                          Yandex.bin.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                          • 172.67.160.84
                                          SPYGAME.bin.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                          • 104.21.73.97
                                          A6KiC17VqI.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.97.7
                                          TwB13kUEGN.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.96.7
                                          w5gL8sZU6z.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.97.7
                                          k2Bg5AlSk1.exeGet hashmaliciousMassLogger RAT, Matiex, Snake KeyloggerBrowse
                                          • 188.114.97.7
                                          vYT3XBi8du.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.97.7
                                          CJCxcYxjhF.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.96.7
                                          g95CmPy67V.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.97.7
                                          nesbiPpHpN.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.96.7
                                          M6VkStAYfV.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.97.7
                                          2yecaxS2wK.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.96.7
                                          058J3H4iEy.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.97.7
                                          jINnuKt8Yz.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.97.13
                                          XuwCD7R8y8.exeGet hashmalicious44Caliber Stealer, Rags StealerBrowse
                                          • 188.114.96.7
                                          BOI_PAYMENT_KGA_INV._GE210228C_ADVANCE_YATANDZA.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 188.114.97.7
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          ORACLE-BMC-31898USdb0fa4b8db0333367e9bda3ab68b8042.x86.elfGet hashmaliciousMiraiBrowse
                                          • 140.238.15.148
                                          DEKONT_S_659332597pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.130.0
                                          34578765ST.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.6.168
                                          987654345789098765.PDF..0987PDF..exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 158.101.44.242
                                          U1su8hmVj4ourFo.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                          • 158.101.44.242
                                          x86.elfGet hashmaliciousMiraiBrowse
                                          • 140.238.74.96
                                          jxkeDCCodB.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.130.0
                                          hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.130.0
                                          https://objectstorage.ap-tokyo-1.oraclecloud.com/n/hmsipaas/b/bucket-20221028-1146/o/bigrulesserver%20(1).htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 134.70.80.3
                                          Hesaphareketi-01.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.6.168
                                          3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                          • 193.122.6.168
                                          SB0G28XC.bat.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 158.101.44.242
                                          CI_84394.cmd.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 158.101.44.242
                                          file.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 193.122.130.0
                                          https://updateapponplaystore.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                          • 193.122.128.135
                                          https://netflix-membership-bd.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                          • 193.122.130.38
                                          https://shabdndjwinn.blogspot.com/?m=1Get hashmaliciousHTMLPhisherBrowse
                                          • 193.122.130.38
                                          https://watchnownetflix.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                          • 150.136.156.92
                                          https://freefireenewgames.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                          • 193.122.130.38
                                          https://netflixaccountloginpage.blogspot.com/Get hashmaliciousHTMLPhisherBrowse
                                          • 150.136.156.92
                                          CLOUDFLARENETUSPayment.zipGet hashmaliciousUnknownBrowse
                                          • 104.17.24.14
                                          https://r20.rs6.net/tn.jsp?f=001fnceSdmaaNUV8eetNpehU13V_dlSdoIQLlSufkjJkyQiliqH1cIB0BjsFPuQdFat3HilYNkCYbPtxcvJ8VOMI_mlwpez1RwkL9XLAWIUDo6hyO0cRWP0TJshPtbPNOe0wiOb9xrLFJ324D_FnHBMJoIOENtEryYM&c=&ch=&__=/asdf/c2thbWlraUBvZnNvcHRpY3MuY29tGet hashmaliciousHTMLPhisherBrowse
                                          • 104.17.2.184
                                          3ELyo8UQlH.exeGet hashmaliciousRemCom RemoteAdmin, Mimikatz, MetasploitBrowse
                                          • 1.1.1.200
                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                          • 104.21.51.36
                                          COI Document.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 1.1.1.1
                                          https://linktr.ee/AfflictionKoroughptionGet hashmaliciousUnknownBrowse
                                          • 104.16.125.175
                                          https://utaidemand.rientinebi.ru/s7ycv474z3Get hashmaliciousHTMLPhisherBrowse
                                          • 104.17.3.184
                                          strakonaj2.1.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                          • 23.227.38.74
                                          Nota_de_credito.exeGet hashmaliciousAgentTeslaBrowse
                                          • 162.159.136.232
                                          ORDER_00.docGet hashmaliciousAgentTeslaBrowse
                                          • 172.67.132.61
                                          3AysenL2d0.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.89.158
                                          https://handelsfastigheter.se/mainpageGet hashmaliciousUnknownBrowse
                                          • 104.18.10.207
                                          https://scnv.io/HbWt?qr=1Get hashmaliciousHTMLPhisherBrowse
                                          • 172.64.130.9
                                          https://scnv.io/HbWt?qr=1Get hashmaliciousHTMLPhisherBrowse
                                          • 104.17.25.14
                                          http://f8jwrl1wgxp7-1321712386.cos.ap-bangkok.myqcloud.com/f8jwrl1wgxp7.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 104.18.10.207
                                          file.exeGet hashmaliciousDjvu, SmokeLoaderBrowse
                                          • 172.67.169.68
                                          documentosdhl080869.htaGet hashmaliciouszgRATBrowse
                                          • 104.21.83.102
                                          https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=zoom-meeting.top/scJF1SSXVzFB/zFBa2scJF17067/HkeS73tjSSXV1331248624633021?HkeS73tjSSXV1331248624633021=Yy5iYWtrZXJAbWVkaXJldmEubmw=Get hashmaliciousHTMLPhisherBrowse
                                          • 104.17.25.14
                                          PO_No._UVG-06-2023-24_1.docGet hashmaliciousFormBookBrowse
                                          • 104.21.70.74
                                          brDCbRvOac.exeGet hashmaliciousLummaC StealerBrowse
                                          • 172.67.151.218
                                          CLOUDFLARENETUSPayment.zipGet hashmaliciousUnknownBrowse
                                          • 104.17.24.14
                                          https://r20.rs6.net/tn.jsp?f=001fnceSdmaaNUV8eetNpehU13V_dlSdoIQLlSufkjJkyQiliqH1cIB0BjsFPuQdFat3HilYNkCYbPtxcvJ8VOMI_mlwpez1RwkL9XLAWIUDo6hyO0cRWP0TJshPtbPNOe0wiOb9xrLFJ324D_FnHBMJoIOENtEryYM&c=&ch=&__=/asdf/c2thbWlraUBvZnNvcHRpY3MuY29tGet hashmaliciousHTMLPhisherBrowse
                                          • 104.17.2.184
                                          3ELyo8UQlH.exeGet hashmaliciousRemCom RemoteAdmin, Mimikatz, MetasploitBrowse
                                          • 1.1.1.200
                                          file.exeGet hashmaliciousLummaC StealerBrowse
                                          • 104.21.51.36
                                          COI Document.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 1.1.1.1
                                          https://linktr.ee/AfflictionKoroughptionGet hashmaliciousUnknownBrowse
                                          • 104.16.125.175
                                          https://utaidemand.rientinebi.ru/s7ycv474z3Get hashmaliciousHTMLPhisherBrowse
                                          • 104.17.3.184
                                          strakonaj2.1.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                          • 23.227.38.74
                                          Nota_de_credito.exeGet hashmaliciousAgentTeslaBrowse
                                          • 162.159.136.232
                                          ORDER_00.docGet hashmaliciousAgentTeslaBrowse
                                          • 172.67.132.61
                                          3AysenL2d0.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.89.158
                                          https://handelsfastigheter.se/mainpageGet hashmaliciousUnknownBrowse
                                          • 104.18.10.207
                                          https://scnv.io/HbWt?qr=1Get hashmaliciousHTMLPhisherBrowse
                                          • 172.64.130.9
                                          https://scnv.io/HbWt?qr=1Get hashmaliciousHTMLPhisherBrowse
                                          • 104.17.25.14
                                          http://f8jwrl1wgxp7-1321712386.cos.ap-bangkok.myqcloud.com/f8jwrl1wgxp7.htmlGet hashmaliciousHTMLPhisherBrowse
                                          • 104.18.10.207
                                          file.exeGet hashmaliciousDjvu, SmokeLoaderBrowse
                                          • 172.67.169.68
                                          documentosdhl080869.htaGet hashmaliciouszgRATBrowse
                                          • 104.21.83.102
                                          https://tap-rt-prod1-t.campaign.adobe.com/r/?id=h9ecb88b,c1e96b3,69fe0fb&p1=zoom-meeting.top/scJF1SSXVzFB/zFBa2scJF17067/HkeS73tjSSXV1331248624633021?HkeS73tjSSXV1331248624633021=Yy5iYWtrZXJAbWVkaXJldmEubmw=Get hashmaliciousHTMLPhisherBrowse
                                          • 104.17.25.14
                                          PO_No._UVG-06-2023-24_1.docGet hashmaliciousFormBookBrowse
                                          • 104.21.70.74
                                          brDCbRvOac.exeGet hashmaliciousLummaC StealerBrowse
                                          • 172.67.151.218
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          54328bd36c14bd82ddaa0c04b25ed9adPAYMENT_RECEIPT_STAN100699.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          PAYMENT_RECEIPT_STAN100699.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          U1su8hmVj4ourFo.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          3vj5tYFb6a.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          r9yoXOkPES.exeGet hashmaliciousNjratBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          61BAN1qUS5.exeGet hashmaliciousNjratBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          file.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          Checkeur netflix validator by crips.exeGet hashmaliciousLimeRATBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          New_Order_(2).jsGet hashmaliciousPXRECVOWEIWOEI Stealer, zgRATBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          ify.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          https://docs.google.com/presentation/d/1mPihsFJvaYn8yxmafo1fNbuOr1nDfR-m05559wjl-9k/pubGet hashmaliciousUnknownBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          lK3sh4b3ds.exeGet hashmaliciousAgniane StealerBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          7nYkVlcnfx.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          bcAE21roAv.exeGet hashmaliciousSnake KeyloggerBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          #U043f#U0440#U043e#U0432#U0435#U0440#U0430_#U0431#U043b#U043e#U043a#U043d#U043e#U0442#U0430.scr.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          file.exeGet hashmaliciousXFiles StealerBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          AS9Dqsivqk.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          AS9Dqsivqk.exeGet hashmaliciousUnknownBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          Invoices.scr.exeGet hashmaliciousAveMariaBrowse
                                          • 104.21.85.189
                                          • 104.21.73.97
                                          No context
                                          Process:C:\Windows\System32\svchost.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1310720
                                          Entropy (8bit):0.8296354601436112
                                          Encrypted:false
                                          SSDEEP:1536:gJhkM9gB0CnCm0CQ0CESJPB9JbJQfvcso0l1T4MfzzTi1FjIIXYvjbglQdmHDug7:gJjJGtpTq2yv1AuNZRY3diu8iBVqF1
                                          MD5:C4F883C7658200BC3D4613A26468E345
                                          SHA1:00B95121E4A42447DA1841F9F47734102812CEC5
                                          SHA-256:A85F026649BEEE659999037D33E6FCD0E53544590DF8CFDD4F5BA9547E114CFD
                                          SHA-512:92836A68D8570BC17641EE4149690D7A0E47EBF54D0B1714B8592902F33393F74FC3D12A3DFE4D9220505D351994991CA5B3F20B790CBEE27EDE51E870FC2DC1
                                          Malicious:false
                                          Reputation:low
                                          Preview:...M........@..@.-...{5..;...{..........<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@......................4..........E.[.rXrX.#.........`h.................h.5.......3.....X\...;...{..................C.:.\.P.r.o.g.r.a.m.D.a.t.a.\.M.i.c.r.o.s.o.f.t.\.N.e.t.w.o.r.k.\.D.o.w.n.l.o.a.d.e.r.\.q.m.g.r...d.b....................................................................................................................................................................
                                          Process:C:\Windows\System32\svchost.exe
                                          File Type:Extensible storage engine DataBase, version 0x620, checksum 0x956b63a7, page size 16384, DirtyShutdown, Windows version 10.0
                                          Category:dropped
                                          Size (bytes):1310720
                                          Entropy (8bit):0.6585526714811997
                                          Encrypted:false
                                          SSDEEP:1536:pSB2ESB2SSjlK/rv5rO1T1B0CZSJRYkr3g16P92UPkLk+kAwI/0uzn10M1Dn/di6:paza9v5hYe92UOHDnAPZ4PZf9h/9h
                                          MD5:7F3560DDBE6874B7880D9B01B71D3D2F
                                          SHA1:8FC56FB6C067B3F10C1AA02E0E68306106659FAA
                                          SHA-256:8463E59F5AE037DC328D6133941B1B78B027BB71EC71D0E35DF95E8CC4AA15AB
                                          SHA-512:0960206010A8F0B8FCB1B3E544C0C83C7FC2435249E465D12D5A907720E1179520C47E43FAB6E736BFBBC64B2519D1EB0EEA0F0C112B5449BD5568C7536724C3
                                          Malicious:false
                                          Reputation:low
                                          Preview:.kc.... ...............X\...;...{......................0.z..........{..54...{..h.|.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........-...{5..............................................................................................................................................................................................2...{......................................54...{..................d..54...{...........................#......h.|.....................................................................................................................................................................................................................................................................................................................................................
                                          Process:C:\Windows\System32\svchost.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):16384
                                          Entropy (8bit):0.08117207856799535
                                          Encrypted:false
                                          SSDEEP:3:itiyYenMneQtGuAJkhvekl1c/hollrekGltll/SPj:icyznQtrxlwaJe3l
                                          MD5:522CAEE6D1243EA1AC07D3A35D5421FE
                                          SHA1:B8DDD24C73D5F476ADED6E073EEA7341B6CB2EED
                                          SHA-256:87C720C4B25F20539D0141FF96708FA7D041E87E650DC70C7E92F8D3545FCF3D
                                          SHA-512:4C5150C37EAE99330DEFDDF68E0F80940B0E03FFC335A70700A198D20C0E0A91C72D618CB59D8FDC89251ED17B142917E7FC46AAC034370C5BED8718400B19CD
                                          Malicious:false
                                          Reputation:low
                                          Preview:$........................................;...{..54...{.......{...............{.......{...XL......{...................d..54...{..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):65536
                                          Entropy (8bit):1.157946392613508
                                          Encrypted:false
                                          SSDEEP:192:kqErhAUf0BU/qa6ce36qZzuiFeZ24IO8t:7ErhA/BU/qarVqZzuiFeY4IO8t
                                          MD5:81CCE7AE339DF305D2101F71D75CE4B2
                                          SHA1:3B50652A5059070235D7019FD0C5D26721E3DA51
                                          SHA-256:2A9B688CA2538D3E6FB23406BCC0D90726839E09FA96D87ADC5FD687E1619A9E
                                          SHA-512:A058ACFF5856C2075EB52478E4D159887592860C849B7C2A5BC9DDA4EF07AB4B52C8E231727D895A16589135A3E8B0545A4C2C2F59111E97E0F2607A220BDE59
                                          Malicious:false
                                          Reputation:low
                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.4.3.3.2.7.6.1.0.8.5.5.2.9.3.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.4.3.3.2.7.6.1.1.5.8.9.5.7.1.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.3.2.d.4.9.6.b.f.-.b.8.b.2.-.4.9.0.8.-.b.1.c.4.-.7.a.6.8.7.0.8.9.f.5.5.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.7.5.9.d.5.1.d.e.-.1.4.2.b.-.4.e.4.9.-.9.1.1.7.-.e.7.1.2.8.7.a.6.3.3.0.e.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.i.6.R.4.N.s.E.d.8.t...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.G.o.h.b.b...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.f.e.c.-.0.0.0.1.-.0.0.1.4.-.b.a.c.3.-.8.4.8.c.d.b.0.c.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.1.b.c.c.6.2.c.0.4.e.6.d.1.4.6.8.f.3.a.2.a.3.7.9.1.f.7.a.f.3.8.a.0.0.0.0.0.0.0.0.!.0.0.0.0.0.3.e.6.6.f.b.1.0.2.6.9.f.7.b.a.6.f.e.0.b.c.8.2.0.0.b.a.5.6.8.5.f.2.2.4.a.c.7.
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Mini DuMP crash report, 15 streams, Wed Nov 1 15:53:31 2023, 0x1205a4 type
                                          Category:dropped
                                          Size (bytes):325235
                                          Entropy (8bit):3.5093750745271177
                                          Encrypted:false
                                          SSDEEP:3072:3xKc4uEqDyXLTgHhfhSr2Mm2wTu+Ckau6:3xKc46y7TgHhpSMDTE
                                          MD5:6DB95439DD4191F18ADB0B3805BF5556
                                          SHA1:383FD6C339A5FCF726ED3A533B2CBB06D90372CB
                                          SHA-256:110E6C6B28B046B267E377921DC80C0BFBBBAA402E6727453E7E85FF2255A7C4
                                          SHA-512:D0FD9ED2B91377E84D848988E6EA1191FC63AE0AA7527863EF9C64B5695FC347F66672FE4A9DDFAB8B06412FEC6D8647EAD66996D9A3517DF059F919E208BFC7
                                          Malicious:false
                                          Reputation:low
                                          Preview:MDMP..a..... .......{tBe........................<...........<...T)......T)...e..........`.......8...........T...........0X..C............)..........|+..............................................................................eJ.......,......GenuineIntel............T...........utBe.............................0..................W... .E.u.r.o.p.e. .S.t.a.n.d.a.r.d. .T.i.m.e.......................................W... .E.u.r.o.p.e. .S.u.m.m.e.r. .T.i.m.e...........................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):6388
                                          Entropy (8bit):3.7158802881211246
                                          Encrypted:false
                                          SSDEEP:96:RSIU6o7wVetbUX6SU6QYZODQE/+GYgaM4Up89bw7sfmwm:R6l7wVeJUX6SxQYZi5prp89bw7sfmwm
                                          MD5:AA944EF0DB60B9F138BBBC865C2AFFFD
                                          SHA1:CCC763F59E24391BC5B3FE025D187A1966F3484E
                                          SHA-256:F45AFC0333E859647B7CB9BAB4890151DEF188E8C1A2B4F05EBBC98FF36B096E
                                          SHA-512:B59F11652F2964B4397BF8ACB2ADB5A3B528707C2DD0C92A70905617CBBE742D00E4544C2DE5A740BA11C0866986F87F3A1F3C652BA25E7C26F07CD3443879EA
                                          Malicious:false
                                          Reputation:low
                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.8.1.7.2.<./.P.i.
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4743
                                          Entropy (8bit):4.460175218929769
                                          Encrypted:false
                                          SSDEEP:48:cvIwWl8zsuJg77aI9SVWpW8VYeYm8M4Jo3FY+q8vH9hojevA3d:uIjfkI7ck7ViJPKdhojevA3d
                                          MD5:382B82C14AB808B9E41320FE75B4FCF4
                                          SHA1:04F70964BDE186514172E7625616F1ADB0F14955
                                          SHA-256:B34DABD002F417F8AE6088EC8D4D3216B4C71A7E31D71793350D5C6E21F55F70
                                          SHA-512:51A6DDB706D68A2E40D5DDE5B433F7C14ABC7C3CBACDEB3434A03A825CB9A3E7F628E32BA55921145F84133E8525F0B77BC8520580C269DCE821ED11FC1990A3
                                          Malicious:false
                                          Reputation:low
                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="42176" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096
                                          Process:C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1216
                                          Entropy (8bit):5.34331486778365
                                          Encrypted:false
                                          SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                          MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                          SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                          SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                          SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                          Process:C:\Windows\System32\svchost.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):55
                                          Entropy (8bit):4.306461250274409
                                          Encrypted:false
                                          SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                          MD5:DCA83F08D448911A14C22EBCACC5AD57
                                          SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                          SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                          SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                          Malicious:false
                                          Reputation:high, very likely benign file
                                          Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:MS Windows registry file, NT/2000 or above
                                          Category:dropped
                                          Size (bytes):1835008
                                          Entropy (8bit):4.421673843139367
                                          Encrypted:false
                                          SSDEEP:6144:7Svfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNt0uhiTw:mvloTMW+EZMM6DFyH03w
                                          MD5:CA3924A2685EB7899F37B059AF040C2D
                                          SHA1:6486B8D3EB67590DC31B52198963C3BE01361723
                                          SHA-256:82C26C8BD6562EA07D4187D51A57A1B56954F4D677FC4486793578CE0EB59561
                                          SHA-512:D8214A0430A0862CAF03D2D089C6C5A57337978A25EA79F8EB6425B10F2DC738CF98BB643108BF13100170F9FAD6E64514AC26ED25C71D235C46DBA73F6CCDE2
                                          Malicious:false
                                          Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmN...................................................................................................................................................................................................................................................................................................................................................3..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):7.457476723060471
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                          • Win32 Executable (generic) a (10002005/4) 49.78%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          • DOS Executable Generic (2002/1) 0.01%
                                          File name:i6R4NsEd8t.exe
                                          File size:1'479'680 bytes
                                          MD5:abf58920ed73ef807269982b4e62fa9a
                                          SHA1:03e66fb10269f7ba6fe0bc8200ba5685f224ac7c
                                          SHA256:1a43ce284eeb6c62750e67cfd710109ea3461e0fdb4e3ef6df64b159e78f8fd2
                                          SHA512:c67e36cd7934a0bd4c4b14909f66d8b1349a21f1286ccc719ecbe14e4cdaaad0874e9c4bd9b8799806c1a26b4ad40fd0c9249c880b0aad015be184a3dda97411
                                          SSDEEP:24576:qrEb2grO4+yKPoJHZ6gLl2FNY0wxOSkMoXwwaP7d3BFMukWMG+gcXh6dvrBV1ge+:+Eb2FyKI5wNVwxJk7XvTG+g+h6dvrBVy
                                          TLSH:4C65AE3658650A77C07841BFE72CBB08DEFEEA61B250DC2A4952E8D74D2365218CDE1F
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...:}.`..............0.............B.... ........@.. .......................@............@................................
                                          Icon Hash:00928e8e8686b000
                                          Entrypoint:0x4ce142
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x60F77D3A [Wed Jul 21 01:49:46 2021 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xce0f00x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xd00000x5e4.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xd20000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000xcc1480xcc200False0.8401523270055113data7.6790325940372615IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0xd00000x5e40x600False0.43359375data4.193888751190473IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xd20000xc0x200False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                          RT_VERSION0xd00900x352data0.4329411764705882
                                          RT_MANIFEST0xd03f40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                          DLLImport
                                          mscoree.dll_CorExeMain
                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 1, 2023 16:53:26.715693951 CET4972280192.168.2.5193.122.6.168
                                          Nov 1, 2023 16:53:26.897005081 CET8049722193.122.6.168192.168.2.5
                                          Nov 1, 2023 16:53:26.897109985 CET4972280192.168.2.5193.122.6.168
                                          Nov 1, 2023 16:53:26.897414923 CET4972280192.168.2.5193.122.6.168
                                          Nov 1, 2023 16:53:27.078500986 CET8049722193.122.6.168192.168.2.5
                                          Nov 1, 2023 16:53:29.080828905 CET8049722193.122.6.168192.168.2.5
                                          Nov 1, 2023 16:53:29.088793993 CET4972280192.168.2.5193.122.6.168
                                          Nov 1, 2023 16:53:29.271455050 CET8049722193.122.6.168192.168.2.5
                                          Nov 1, 2023 16:53:29.272257090 CET8049722193.122.6.168192.168.2.5
                                          Nov 1, 2023 16:53:29.325731993 CET4972280192.168.2.5193.122.6.168
                                          Nov 1, 2023 16:53:29.446691990 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:29.446728945 CET44349723104.21.73.97192.168.2.5
                                          Nov 1, 2023 16:53:29.446796894 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:29.457293034 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:29.457309008 CET44349723104.21.73.97192.168.2.5
                                          Nov 1, 2023 16:53:29.667676926 CET44349723104.21.73.97192.168.2.5
                                          Nov 1, 2023 16:53:29.667972088 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:29.673921108 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:29.673981905 CET44349723104.21.73.97192.168.2.5
                                          Nov 1, 2023 16:53:29.674659967 CET44349723104.21.73.97192.168.2.5
                                          Nov 1, 2023 16:53:29.716285944 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:29.774976969 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:29.818450928 CET44349723104.21.73.97192.168.2.5
                                          Nov 1, 2023 16:53:29.894278049 CET44349723104.21.73.97192.168.2.5
                                          Nov 1, 2023 16:53:29.894417048 CET44349723104.21.73.97192.168.2.5
                                          Nov 1, 2023 16:53:29.894536018 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:29.906059027 CET49723443192.168.2.5104.21.73.97
                                          Nov 1, 2023 16:53:30.031054974 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.031094074 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.031162977 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.031958103 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.031975985 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.244407892 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.244656086 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.246649981 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.246664047 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.247152090 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.254317045 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.294466019 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.505621910 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.505753994 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.505832911 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.505866051 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.505929947 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.506006956 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.506025076 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.506058931 CET44349724104.21.85.189192.168.2.5
                                          Nov 1, 2023 16:53:30.506122112 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:30.512404919 CET49724443192.168.2.5104.21.85.189
                                          Nov 1, 2023 16:53:33.903656006 CET4972280192.168.2.5193.122.6.168
                                          TimestampSource PortDest PortSource IPDest IP
                                          Nov 1, 2023 16:53:26.612356901 CET5687953192.168.2.51.1.1.1
                                          Nov 1, 2023 16:53:26.706348896 CET53568791.1.1.1192.168.2.5
                                          Nov 1, 2023 16:53:29.351965904 CET5872453192.168.2.51.1.1.1
                                          Nov 1, 2023 16:53:29.445179939 CET53587241.1.1.1192.168.2.5
                                          Nov 1, 2023 16:53:29.909960032 CET6357553192.168.2.51.1.1.1
                                          Nov 1, 2023 16:53:30.008852959 CET53635751.1.1.1192.168.2.5
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Nov 1, 2023 16:53:26.612356901 CET192.168.2.51.1.1.10xf89aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:29.351965904 CET192.168.2.51.1.1.10x194bStandard query (0)freegeoip.appA (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:29.909960032 CET192.168.2.51.1.1.10xd002Standard query (0)ipbase.comA (IP address)IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Nov 1, 2023 16:53:26.706348896 CET1.1.1.1192.168.2.50xf89aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                          Nov 1, 2023 16:53:26.706348896 CET1.1.1.1192.168.2.50xf89aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:26.706348896 CET1.1.1.1192.168.2.50xf89aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:26.706348896 CET1.1.1.1192.168.2.50xf89aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:26.706348896 CET1.1.1.1192.168.2.50xf89aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:26.706348896 CET1.1.1.1192.168.2.50xf89aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:29.445179939 CET1.1.1.1192.168.2.50x194bNo error (0)freegeoip.app104.21.73.97A (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:29.445179939 CET1.1.1.1192.168.2.50x194bNo error (0)freegeoip.app172.67.160.84A (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:30.008852959 CET1.1.1.1192.168.2.50xd002No error (0)ipbase.com104.21.85.189A (IP address)IN (0x0001)false
                                          Nov 1, 2023 16:53:30.008852959 CET1.1.1.1192.168.2.50xd002No error (0)ipbase.com172.67.209.71A (IP address)IN (0x0001)false
                                          • freegeoip.app
                                          • ipbase.com
                                          • checkip.dyndns.org
                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.549723104.21.73.97443C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          TimestampkBytes transferredDirectionData


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.549724104.21.85.189443C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          TimestampkBytes transferredDirectionData


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.549722193.122.6.16880C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          TimestampkBytes transferredDirectionData
                                          Nov 1, 2023 16:53:26.897414923 CET53OUTGET / HTTP/1.1
                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                          Host: checkip.dyndns.org
                                          Connection: Keep-Alive
                                          Nov 1, 2023 16:53:29.080828905 CET53INHTTP/1.1 200 OK
                                          Date: Wed, 01 Nov 2023 15:53:28 GMT
                                          Content-Type: text/html
                                          Content-Length: 104
                                          Connection: keep-alive
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 34 39 2e 38 32 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.49.82</body></html>
                                          Nov 1, 2023 16:53:29.088793993 CET53OUTGET / HTTP/1.1
                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                          Host: checkip.dyndns.org
                                          Nov 1, 2023 16:53:29.272257090 CET54INHTTP/1.1 200 OK
                                          Date: Wed, 01 Nov 2023 15:53:29 GMT
                                          Content-Type: text/html
                                          Content-Length: 104
                                          Connection: keep-alive
                                          Cache-Control: no-cache
                                          Pragma: no-cache
                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 31 35 34 2e 31 36 2e 34 39 2e 38 32 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                          Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 154.16.49.82</body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.549723104.21.73.97443C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          TimestampkBytes transferredDirectionData
                                          2023-11-01 15:53:29 UTC0OUTGET /xml/154.16.49.82 HTTP/1.1
                                          Host: freegeoip.app
                                          Connection: Keep-Alive
                                          2023-11-01 15:53:29 UTC0INHTTP/1.1 301 Moved Permanently
                                          Date: Wed, 01 Nov 2023 15:53:29 GMT
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Cache-Control: max-age=3600
                                          Expires: Wed, 01 Nov 2023 16:53:29 GMT
                                          Location: https://ipbase.com/xml/154.16.49.82
                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rtWIvTC2P4bPyIz%2F5AUI1gAB8TTWLyouvAct5bqN%2BrDe0rhrbJJKKh6K6mqbCxRT9o61o8oEwMJHmM9ybZbGhd00Cj9KUuynjR%2F5GaDaS4WBBpbuu6x1EPwz2USpEYdx"}],"group":"cf-nel","max_age":604800}
                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                          Server: cloudflare
                                          CF-RAY: 81f54f996a3f3b62-IAD
                                          alt-svc: h3=":443"; ma=86400
                                          2023-11-01 15:53:29 UTC0INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.549724104.21.85.189443C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          TimestampkBytes transferredDirectionData
                                          2023-11-01 15:53:30 UTC0OUTGET /xml/154.16.49.82 HTTP/1.1
                                          Host: ipbase.com
                                          Connection: Keep-Alive
                                          2023-11-01 15:53:30 UTC0INHTTP/1.1 404 Not Found
                                          Date: Wed, 01 Nov 2023 15:53:30 GMT
                                          Content-Type: text/html; charset=utf-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Age: 0
                                          Cache-Control: public,max-age=0,must-revalidate
                                          Vary: Accept-Encoding
                                          X-Nf-Request-Id: 01HE5SDZH9WVNT6XZBAGD6G2C4
                                          CF-Cache-Status: DYNAMIC
                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6D0PSRGLsl4vkNE98gH3FjU6OhSqHdParN4ta0%2BNnryPYsJnTK0B%2B2peB%2F%2BbQEDrmm30BDE0iHmmG86jsDnKeDJtp6%2FywwfXmOGySBzssaoAqbxoQ6QUUCE7aMRw"}],"group":"cf-nel","max_age":604800}
                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                          Server: cloudflare
                                          CF-RAY: 81f54f9cff8c3b6c-IAD
                                          alt-svc: h3=":443"; ma=86400
                                          2023-11-01 15:53:30 UTC1INData Raw: 63 30 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 6e 6f 22 3e 0a 0a 20 20 20 20 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d
                                          Data Ascii: c0a<!DOCTYPE html><html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no"> <title>Page Not Found</title> <link href='https://fonts.googleapis.com
                                          2023-11-01 15:53:30 UTC2INData Raw: 30 3b 0a 20 20 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 32 70 78 3b 0a 20 20 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 32 34 70 78 3b 0a 20 20 20 20 7d 0a 0a 20 20 20 20 2e 6d 61 69 6e 20 7b 0a 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 72 65 6c 61 74 69 76 65 3b 0a 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 66 6c 65 78 3b 0a 20 20 20 20 20 20 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 63 6f 6c 75 6d 6e 3b 0a 20 20 20 20 20 20 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 20 20 68 65 69 67 68 74 3a 20 31 30 30 76 68 3b 0a 20 20 20 20 20 20 77 69 64 74 68 3a 20 31 30 30 76 77 3b 0a 20 20 20 20 7d 0a 0a 20 20
                                          Data Ascii: 0; font-size: 22px; line-height: 24px; } .main { position: relative; display: flex; flex-direction: column; align-items: center; justify-content: center; height: 100vh; width: 100vw; }
                                          2023-11-01 15:53:30 UTC3INData Raw: 33 36 2c 34 2e 30 39 33 37 30 38 30 33 20 4c 38 2e 35 35 38 30 39 35 31 37 2c 37 2e 34 33 32 39 34 39 35 33 20 43 38 2e 32 33 35 33 31 34 35 39 2c 37 2e 37 34 36 31 31 32 39 38 20 38 2e 32 33 35 33 31 34 35 39 2c 38 2e 32 35 33 38 38 37 33 36 20 38 2e 35 35 38 30 39 35 31 37 2c 38 2e 35 36 36 39 33 37 36 39 20 4c 31 32 2c 31 31 2e 39 30 36 32 39 32 31 20 4c 39 2e 38 34 31 38 37 38 37 31 2c 31 34 20 4c 34 2e 32 34 32 30 38 35 34 34 2c 38 2e 35 36 36 39 33 37 35 31 20 43 33 2e 39 31 39 33 30 34 38 35 2c 38 2e 32 35 33 38 38 37 31 39 20 33 2e 39 31 39 33 30 34 38 35 2c 37 2e 37 34 36 31 31 32 38 31 20 34 2e 32 34 32 30 38 35 34 34 2c 37 2e 34 33 32 39 34 39 33 36 20 4c 39 2e 38 34 31 39 39 35 33 31 2c 32 20 4c 31 31 2e 39 39 39 38 38 33 36 2c 34 2e 30 39 33
                                          Data Ascii: 36,4.09370803 L8.55809517,7.43294953 C8.23531459,7.74611298 8.23531459,8.25388736 8.55809517,8.56693769 L12,11.9062921 L9.84187871,14 L4.24208544,8.56693751 C3.91930485,8.25388719 3.91930485,7.74611281 4.24208544,7.43294936 L9.84199531,2 L11.9998836,4.093
                                          2023-11-01 15:53:30 UTC4INData Raw: 30 0d 0a 0d 0a
                                          Data Ascii: 0


                                          Click to jump to process

                                          Click to jump to process

                                          Click to dive into process behavior distribution

                                          Click to jump to process

                                          Target ID:0
                                          Start time:16:52:52
                                          Start date:01/11/2023
                                          Path:C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          Imagebase:0x760000
                                          File size:1'479'680 bytes
                                          MD5 hash:ABF58920ED73EF807269982B4E62FA9A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: JoeSecurity_BedsObfuscator, Description: Yara detected Beds Obfuscator, Source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2329621509.0000000003BB9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.2328536977.0000000002C18000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          Reputation:low
                                          Has exited:true

                                          Target ID:1
                                          Start time:16:52:53
                                          Start date:01/11/2023
                                          Path:C:\Windows\System32\svchost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                          Imagebase:0x7ff7e52b0000
                                          File size:55'320 bytes
                                          MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high
                                          Has exited:false

                                          Target ID:5
                                          Start time:16:53:25
                                          Start date:01/11/2023
                                          Path:C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          Wow64 process (32bit):false
                                          Commandline:{path}
                                          Imagebase:0x2a0000
                                          File size:1'479'680 bytes
                                          MD5 hash:ABF58920ED73EF807269982B4E62FA9A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:low
                                          Has exited:true

                                          Target ID:6
                                          Start time:16:53:25
                                          Start date:01/11/2023
                                          Path:C:\Users\user\Desktop\i6R4NsEd8t.exe
                                          Wow64 process (32bit):true
                                          Commandline:{path}
                                          Imagebase:0xd70000
                                          File size:1'479'680 bytes
                                          MD5 hash:ABF58920ED73EF807269982B4E62FA9A
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: JoeSecurity_BedsObfuscator, Description: Yara detected Beds Obfuscator, Source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.2399118416.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000006.00000002.2400764797.0000000003251000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                          Reputation:low
                                          Has exited:true

                                          Target ID:9
                                          Start time:16:53:30
                                          Start date:01/11/2023
                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 2252
                                          Imagebase:0x840000
                                          File size:483'680 bytes
                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Reputation:high
                                          Has exited:true

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:10.5%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:17.1%
                                            Total number of Nodes:175
                                            Total number of Limit Nodes:13
                                            execution_graph 22241 8d1a780 22242 8d1a90b 22241->22242 22243 8d1a7a6 22241->22243 22243->22242 22246 8d1aa00 PostMessageW 22243->22246 22248 8d1a9f8 PostMessageW 22243->22248 22247 8d1aa6c 22246->22247 22247->22243 22249 8d1aa6c 22248->22249 22249->22243 22250 f1d360 DuplicateHandle 22251 f1d3f6 22250->22251 22069 8d17d55 22074 8d183a3 22069->22074 22080 8d183e8 22069->22080 22085 8d183f8 22069->22085 22070 8d17d61 22075 8d183aa 22074->22075 22076 8d1841a 22074->22076 22075->22070 22090 8d18743 22076->22090 22107 8d18748 22076->22107 22077 8d18438 22077->22070 22081 8d18415 22080->22081 22083 8d18743 12 API calls 22081->22083 22084 8d18748 12 API calls 22081->22084 22082 8d18438 22082->22070 22083->22082 22084->22082 22086 8d18415 22085->22086 22088 8d18743 12 API calls 22086->22088 22089 8d18748 12 API calls 22086->22089 22087 8d18438 22087->22070 22088->22087 22089->22087 22092 8d1876f 22090->22092 22091 8d1885d 22091->22077 22092->22091 22124 8d18c11 22092->22124 22129 8d1978a 22092->22129 22133 8d1946a 22092->22133 22137 8d189a8 22092->22137 22142 8d18d07 22092->22142 22146 8d19a25 22092->22146 22151 8d18bc5 22092->22151 22156 8d18c62 22092->22156 22161 8d18fa2 22092->22161 22166 8d18cc0 22092->22166 22170 8d19b1f 22092->22170 22174 8d1899b 22092->22174 22179 8d19a36 22092->22179 22184 8d198f0 22092->22184 22109 8d1876f 22107->22109 22108 8d1885d 22108->22077 22109->22108 22110 8d18c11 2 API calls 22109->22110 22111 8d198f0 2 API calls 22109->22111 22112 8d19a36 2 API calls 22109->22112 22113 8d1899b 2 API calls 22109->22113 22114 8d19b1f 2 API calls 22109->22114 22115 8d18cc0 2 API calls 22109->22115 22116 8d18fa2 2 API calls 22109->22116 22117 8d18c62 2 API calls 22109->22117 22118 8d18bc5 2 API calls 22109->22118 22119 8d19a25 2 API calls 22109->22119 22120 8d18d07 2 API calls 22109->22120 22121 8d189a8 2 API calls 22109->22121 22122 8d1946a 2 API calls 22109->22122 22123 8d1978a 2 API calls 22109->22123 22110->22109 22111->22109 22112->22109 22113->22109 22114->22109 22115->22109 22116->22109 22117->22109 22118->22109 22119->22109 22120->22109 22121->22109 22122->22109 22123->22109 22126 8d18a20 22124->22126 22125 8d18bbf 22125->22092 22126->22125 22188 8d19e5f 22126->22188 22192 8d19e68 22126->22192 22196 8d1a521 22129->22196 22200 8d1a528 22129->22200 22130 8d197a4 22135 8d1a521 WriteProcessMemory 22133->22135 22136 8d1a528 WriteProcessMemory 22133->22136 22134 8d19482 22135->22134 22136->22134 22138 8d189db 22137->22138 22139 8d18bbf 22138->22139 22140 8d19e68 CreateProcessW 22138->22140 22141 8d19e5f CreateProcessW 22138->22141 22139->22092 22140->22138 22141->22138 22204 8d1a1d1 22142->22204 22208 8d1a1d8 22142->22208 22143 8d18d18 22147 8d19a62 22146->22147 22148 8d19a29 22146->22148 22148->22147 22212 8d1a360 22148->22212 22215 8d1a368 22148->22215 22152 8d18a20 22151->22152 22153 8d18bbf 22152->22153 22154 8d19e68 CreateProcessW 22152->22154 22155 8d19e5f CreateProcessW 22152->22155 22153->22092 22154->22152 22155->22152 22157 8d18a20 22156->22157 22158 8d18bbf 22157->22158 22159 8d19e68 CreateProcessW 22157->22159 22160 8d19e5f CreateProcessW 22157->22160 22158->22092 22159->22157 22160->22157 22162 8d18fa8 22161->22162 22218 8d1a6e0 22162->22218 22221 8d1a6d8 22162->22221 22163 8d18ff3 22163->22092 22168 8d1a1d1 Wow64SetThreadContext 22166->22168 22169 8d1a1d8 Wow64SetThreadContext 22166->22169 22167 8d18cd1 22168->22167 22169->22167 22225 8d1a291 22170->22225 22228 8d1a298 22170->22228 22171 8d19b37 22175 8d189db 22174->22175 22176 8d18bbf 22175->22176 22177 8d19e68 CreateProcessW 22175->22177 22178 8d19e5f CreateProcessW 22175->22178 22176->22092 22177->22175 22178->22175 22180 8d19a3c 22179->22180 22182 8d1a360 VirtualAllocEx 22180->22182 22183 8d1a368 VirtualAllocEx 22180->22183 22181 8d19a62 22182->22181 22183->22181 22186 8d1a521 WriteProcessMemory 22184->22186 22187 8d1a528 WriteProcessMemory 22184->22187 22185 8d19914 22186->22185 22187->22185 22189 8d19ee7 CreateProcessW 22188->22189 22191 8d19fd0 22189->22191 22193 8d19ee7 CreateProcessW 22192->22193 22195 8d19fd0 22193->22195 22197 8d1a573 WriteProcessMemory 22196->22197 22199 8d1a5c4 22197->22199 22199->22130 22201 8d1a573 WriteProcessMemory 22200->22201 22203 8d1a5c4 22201->22203 22203->22130 22205 8d1a220 Wow64SetThreadContext 22204->22205 22207 8d1a25e 22205->22207 22207->22143 22210 8d1a220 Wow64SetThreadContext 22208->22210 22211 8d1a25e 22210->22211 22211->22143 22213 8d1a3ab VirtualAllocEx 22212->22213 22214 8d1a3e2 22213->22214 22214->22147 22216 8d1a3ab VirtualAllocEx 22215->22216 22217 8d1a3e2 22216->22217 22217->22147 22219 8d1a721 ResumeThread 22218->22219 22220 8d1a74e 22219->22220 22220->22163 22222 8d1a6e0 ResumeThread 22221->22222 22224 8d1a74e 22222->22224 22224->22163 22226 8d1a2e3 ReadProcessMemory 22225->22226 22227 8d1a326 22226->22227 22227->22171 22229 8d1a2e3 ReadProcessMemory 22228->22229 22230 8d1a326 22229->22230 22230->22171 22231 f1d118 22232 f1d15e GetCurrentProcess 22231->22232 22234 f1d1b0 GetCurrentThread 22232->22234 22235 f1d1a9 22232->22235 22236 f1d1e6 22234->22236 22237 f1d1ed GetCurrentProcess 22234->22237 22235->22234 22236->22237 22240 f1d223 22237->22240 22238 f1d24b GetCurrentThreadId 22239 f1d27c 22238->22239 22240->22238 22252 f14668 22253 f1467a 22252->22253 22254 f14686 22253->22254 22256 f14779 22253->22256 22257 f1479d 22256->22257 22261 f14877 22257->22261 22265 f14888 22257->22265 22263 f14888 22261->22263 22262 f1498c 22262->22262 22263->22262 22269 f14524 22263->22269 22267 f148af 22265->22267 22266 f1498c 22266->22266 22267->22266 22268 f14524 CreateActCtxA 22267->22268 22268->22266 22270 f15d18 CreateActCtxA 22269->22270 22272 f15ddb 22270->22272 22273 f1ac68 22276 f1ad4f 22273->22276 22274 f1ac77 22277 f1ad71 22276->22277 22278 f1ad94 22276->22278 22277->22278 22284 f1b3e9 22277->22284 22288 f1b3f8 22277->22288 22278->22274 22279 f1ad8c 22279->22278 22280 f1af98 GetModuleHandleW 22279->22280 22281 f1afc5 22280->22281 22281->22274 22285 f1b40c 22284->22285 22286 f1b431 22285->22286 22292 f1afe8 22285->22292 22286->22279 22290 f1b40c 22288->22290 22289 f1b431 22289->22279 22290->22289 22291 f1afe8 LoadLibraryExW 22290->22291 22291->22289 22294 f1b5d8 LoadLibraryExW 22292->22294 22295 f1b651 22294->22295 22295->22286

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 338 8d15670-8d15695 339 8d15697 338->339 340 8d1569c-8d156cb 338->340 339->340 341 8d156cc 340->341 342 8d156d3-8d156ef 341->342 343 8d156f1 342->343 344 8d156f8-8d156f9 342->344 343->341 343->344 345 8d15992-8d159a4 343->345 346 8d15957-8d1595d 343->346 347 8d15837-8d15844 343->347 348 8d15798-8d157ab 343->348 349 8d156fe-8d15707 343->349 350 8d158c1-8d158ca 343->350 351 8d15922-8d15952 343->351 352 8d158a5-8d158bc 343->352 353 8d159c5-8d159ce 343->353 354 8d15809-8d15816 343->354 355 8d159a9-8d159c0 343->355 356 8d158eb-8d158ef 343->356 357 8d158cf-8d158e6 343->357 344->353 345->342 362 8d15973-8d1597e 346->362 367 8d15846 347->367 368 8d1584b-8d15851 347->368 358 8d157b2-8d157b9 348->358 359 8d157ad 348->359 363 8d15709 349->363 364 8d1570e-8d1571f 349->364 350->342 351->342 352->342 365 8d15818 354->365 366 8d1581d-8d15832 354->366 355->342 360 8d158f1-8d15900 356->360 361 8d15902-8d15909 356->361 357->342 369 8d157c0-8d157d0 358->369 370 8d157bb 358->370 359->358 378 8d15910-8d1591d 360->378 361->378 374 8d15980 362->374 375 8d15985-8d1598d 362->375 363->364 376 8d15721 364->376 377 8d15726-8d15732 364->377 365->366 366->342 367->368 371 8d15853 368->371 372 8d15858-8d15874 368->372 397 8d157d3 call 8d15ae9 369->397 398 8d157d3 call 8d15af8 369->398 370->369 371->372 381 8d15876 372->381 382 8d1587b-8d158a0 372->382 374->375 375->342 376->377 379 8d15734 377->379 380 8d15739-8d15745 377->380 378->342 379->380 383 8d15747 380->383 384 8d1574c-8d15772 380->384 381->382 382->342 383->384 390 8d15774 384->390 391 8d15779-8d1577b 384->391 388 8d157d9-8d15804 388->342 390->391 393 8d15781-8d15793 391->393 394 8d1595f-8d15969 391->394 393->342 395 8d15970 394->395 396 8d1596b 394->396 395->362 396->395 397->388 398->388
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: e-Ce$e-Ce$e-Ce$t[9
                                            • API String ID: 0-4282503930
                                            • Opcode ID: a7892916bf0e5d84d3fc8df9b9ff106f41f258afe7c9dd77477e14c789df17a3
                                            • Instruction ID: 29f04fe187dffb695bc78cb21d512f37c82753f1a0920a0ad14e66f270f95a6f
                                            • Opcode Fuzzy Hash: a7892916bf0e5d84d3fc8df9b9ff106f41f258afe7c9dd77477e14c789df17a3
                                            • Instruction Fuzzy Hash: 45A11474E05219DBCF04CFA9E5816DEBBF2BF88351F24D62AD404AB315E7389942CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 399 8d15660-8d15695 400 8d15697 399->400 401 8d1569c-8d156cb 399->401 400->401 402 8d156cc 401->402 403 8d156d3-8d156ef 402->403 404 8d156f1 403->404 405 8d156f8-8d156f9 403->405 404->402 404->405 406 8d15992-8d159a4 404->406 407 8d15957-8d1595d 404->407 408 8d15837-8d15844 404->408 409 8d15798-8d157ab 404->409 410 8d156fe-8d15707 404->410 411 8d158c1-8d158ca 404->411 412 8d15922-8d15952 404->412 413 8d158a5-8d158bc 404->413 414 8d159c5-8d159ce 404->414 415 8d15809-8d15816 404->415 416 8d159a9-8d159c0 404->416 417 8d158eb-8d158ef 404->417 418 8d158cf-8d158e6 404->418 405->414 406->403 423 8d15973-8d1597e 407->423 428 8d15846 408->428 429 8d1584b-8d15851 408->429 419 8d157b2-8d157b9 409->419 420 8d157ad 409->420 424 8d15709 410->424 425 8d1570e-8d1571f 410->425 411->403 412->403 413->403 426 8d15818 415->426 427 8d1581d-8d15832 415->427 416->403 421 8d158f1-8d15900 417->421 422 8d15902-8d15909 417->422 418->403 430 8d157c0-8d157d0 419->430 431 8d157bb 419->431 420->419 439 8d15910-8d1591d 421->439 422->439 435 8d15980 423->435 436 8d15985-8d1598d 423->436 424->425 437 8d15721 425->437 438 8d15726-8d15732 425->438 426->427 427->403 428->429 432 8d15853 429->432 433 8d15858-8d15874 429->433 458 8d157d3 call 8d15ae9 430->458 459 8d157d3 call 8d15af8 430->459 431->430 432->433 442 8d15876 433->442 443 8d1587b-8d158a0 433->443 435->436 436->403 437->438 440 8d15734 438->440 441 8d15739-8d15745 438->441 439->403 440->441 444 8d15747 441->444 445 8d1574c-8d15772 441->445 442->443 443->403 444->445 451 8d15774 445->451 452 8d15779-8d1577b 445->452 449 8d157d9-8d15804 449->403 451->452 454 8d15781-8d15793 452->454 455 8d1595f-8d15969 452->455 454->403 456 8d15970 455->456 457 8d1596b 455->457 456->423 457->456 458->449 459->449
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: e-Ce$e-Ce$e-Ce$t[9
                                            • API String ID: 0-4282503930
                                            • Opcode ID: 42ff819e96fb0ad2529f49d6924aa349cf19c625c07d5a3b3d1d761562af4d5c
                                            • Instruction ID: ce01cde67a98e204dc51b05f7da3f63d668c52b9cfe0f702960e1299e8a98d81
                                            • Opcode Fuzzy Hash: 42ff819e96fb0ad2529f49d6924aa349cf19c625c07d5a3b3d1d761562af4d5c
                                            • Instruction Fuzzy Hash: B2A13474E05219DBCF04CFA9E9815DEBBF2BF88351F249626D404AB315D7389A42CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 789 8d18748-8d1876d 790 8d18774-8d1879b 789->790 791 8d1876f 789->791 792 8d1879c 790->792 791->790 793 8d187a3-8d187bf 792->793 794 8d187c1 793->794 795 8d187c8-8d187c9 793->795 794->792 796 8d18911-8d18924 794->796 797 8d18874-8d1887d 794->797 798 8d188d6-8d188dd 794->798 799 8d18899-8d188aa 794->799 800 8d1885d-8d1885e 794->800 801 8d18940-8d18945 794->801 802 8d18863-8d1886f 794->802 803 8d18882-8d18894 794->803 804 8d188e2 794->804 805 8d18926-8d1893e 794->805 806 8d187e9-8d18809 794->806 807 8d1880b-8d18813 794->807 808 8d187ce-8d187e7 794->808 795->798 795->808 813 8d188e9-8d18905 796->813 797->793 798->804 812 8d18947-8d1894e 798->812 810 8d188bd-8d188c4 799->810 811 8d188ac-8d188bb 799->811 809 8d18950-8d18959 800->809 801->812 802->793 803->793 804->813 805->813 806->793 822 8d18816 call 8d18c11 807->822 823 8d18816 call 8d198f0 807->823 824 8d18816 call 8d18ef2 807->824 825 8d18816 call 8d19bb6 807->825 826 8d18816 call 8d19a36 807->826 827 8d18816 call 8d1899b 807->827 828 8d18816 call 8d19b1f 807->828 829 8d18816 call 8d1935f 807->829 830 8d18816 call 8d18cc0 807->830 831 8d18816 call 8d18fa2 807->831 832 8d18816 call 8d18c62 807->832 833 8d18816 call 8d18bc5 807->833 834 8d18816 call 8d19a25 807->834 835 8d18816 call 8d18d07 807->835 836 8d18816 call 8d189a8 807->836 837 8d18816 call 8d1946a 807->837 838 8d18816 call 8d1978a 807->838 808->793 818 8d188cb-8d188d1 810->818 811->818 812->809 815 8d18907 813->815 816 8d1890e-8d1890f 813->816 814 8d1881c-8d1882a 819 8d1883d-8d18844 814->819 820 8d1882c-8d1883b 814->820 815->796 815->801 815->804 815->805 816->796 816->801 818->793 821 8d1884b-8d18858 819->821 820->821 821->793 822->814 823->814 824->814 825->814 826->814 827->814 828->814 829->814 830->814 831->814 832->814 833->814 834->814 835->814 836->814 837->814 838->814
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ($(
                                            • API String ID: 0-222463766
                                            • Opcode ID: 39ea192e6922a54686f440d39d3cef8bd4c04b92f1db81896bacf38aee139ce8
                                            • Instruction ID: dde9e3c416d82b6c4c6ff7664726930a542ff08dbd14dd344c60b235e88a9590
                                            • Opcode Fuzzy Hash: 39ea192e6922a54686f440d39d3cef8bd4c04b92f1db81896bacf38aee139ce8
                                            • Instruction Fuzzy Hash: C75167B0D1A208EFCF04CFA5E9806EDFBB2EF89352F14962AE042B7254D7748941DB14
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 839 8d18743-8d1876d 840 8d18774-8d1879b 839->840 841 8d1876f 839->841 842 8d1879c 840->842 841->840 843 8d187a3-8d187bf 842->843 844 8d187c1 843->844 845 8d187c8-8d187c9 843->845 844->842 846 8d18911-8d18924 844->846 847 8d18874-8d1887d 844->847 848 8d188d6-8d188dd 844->848 849 8d18899-8d188aa 844->849 850 8d1885d-8d1885e 844->850 851 8d18940-8d18945 844->851 852 8d18863-8d1886f 844->852 853 8d18882-8d18894 844->853 854 8d188e2 844->854 855 8d18926-8d1893e 844->855 856 8d187e9-8d18809 844->856 857 8d1880b-8d18813 844->857 858 8d187ce-8d187e7 844->858 845->848 845->858 863 8d188e9-8d18905 846->863 847->843 848->854 862 8d18947-8d1894e 848->862 860 8d188bd-8d188c4 849->860 861 8d188ac-8d188bb 849->861 859 8d18950-8d18959 850->859 851->862 852->843 853->843 854->863 855->863 856->843 872 8d18816 call 8d18c11 857->872 873 8d18816 call 8d198f0 857->873 874 8d18816 call 8d18ef2 857->874 875 8d18816 call 8d19bb6 857->875 876 8d18816 call 8d19a36 857->876 877 8d18816 call 8d1899b 857->877 878 8d18816 call 8d19b1f 857->878 879 8d18816 call 8d1935f 857->879 880 8d18816 call 8d18cc0 857->880 881 8d18816 call 8d18fa2 857->881 882 8d18816 call 8d18c62 857->882 883 8d18816 call 8d18bc5 857->883 884 8d18816 call 8d19a25 857->884 885 8d18816 call 8d18d07 857->885 886 8d18816 call 8d189a8 857->886 887 8d18816 call 8d1946a 857->887 888 8d18816 call 8d1978a 857->888 858->843 868 8d188cb-8d188d1 860->868 861->868 862->859 865 8d18907 863->865 866 8d1890e-8d1890f 863->866 864 8d1881c-8d1882a 869 8d1883d-8d18844 864->869 870 8d1882c-8d1883b 864->870 865->846 865->851 865->854 865->855 866->846 866->851 868->843 871 8d1884b-8d18858 869->871 870->871 871->843 872->864 873->864 874->864 875->864 876->864 877->864 878->864 879->864 880->864 881->864 882->864 883->864 884->864 885->864 886->864 887->864 888->864
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ($(
                                            • API String ID: 0-222463766
                                            • Opcode ID: f0ac312c4e5219c8b70952c0b5d054f83c55449140210e843a5d3f39d1cf1f50
                                            • Instruction ID: 1d76a64cca646a6c896e88b6d9a7510c6dca7f59acb21cb179da6029194ea4b2
                                            • Opcode Fuzzy Hash: f0ac312c4e5219c8b70952c0b5d054f83c55449140210e843a5d3f39d1cf1f50
                                            • Instruction Fuzzy Hash: 0D5177B0E16208EFCF04CFA5E9806EDFBB2EF89352F14A62AE051B7254D7749941DB14
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1015 8d15b40-8d15b50 1016 8d15b52 1015->1016 1017 8d15b57-8d15b63 1015->1017 1018 8d15c83-8d15c8d 1016->1018 1020 8d15b65 1017->1020 1021 8d15b6a-8d15b7f 1017->1021 1020->1018 1024 8d15c93-8d15cd4 1021->1024 1025 8d15b85-8d15b90 1021->1025 1042 8d15cdb-8d15d82 1024->1042 1028 8d15b96-8d15b9d 1025->1028 1029 8d15c8e 1025->1029 1031 8d15bca-8d15bd5 1028->1031 1032 8d15b9f-8d15bb6 1028->1032 1029->1024 1036 8d15be2-8d15bec 1031->1036 1037 8d15bd7-8d15bdf 1031->1037 1032->1042 1043 8d15bbc-8d15bbf 1032->1043 1044 8d15bf2-8d15bfc 1036->1044 1045 8d15c76-8d15c7b 1036->1045 1037->1036 1072 8d15d84 1042->1072 1073 8d15d89-8d15da9 1042->1073 1043->1029 1047 8d15bc5-8d15bc8 1043->1047 1044->1029 1052 8d15c02-8d15c1e 1044->1052 1045->1018 1047->1031 1047->1032 1057 8d15c20 1052->1057 1058 8d15c22-8d15c25 1052->1058 1057->1018 1059 8d15c27-8d15c2a 1058->1059 1060 8d15c2c-8d15c2f 1058->1060 1062 8d15c32-8d15c40 1059->1062 1060->1062 1062->1029 1066 8d15c42-8d15c49 1062->1066 1066->1018 1067 8d15c4b-8d15c51 1066->1067 1067->1029 1069 8d15c53-8d15c58 1067->1069 1069->1029 1070 8d15c5a-8d15c6d 1069->1070 1070->1029 1076 8d15c6f-8d15c72 1070->1076 1072->1073 1075 8d15daa 1073->1075 1077 8d15db1-8d15dcd 1075->1077 1076->1067 1078 8d15c74 1076->1078 1079 8d15dd6-8d15dd7 1077->1079 1080 8d15dcf 1077->1080 1078->1018 1082 8d15f93-8d15f9c 1079->1082 1080->1075 1080->1079 1081 8d15e20-8d15e29 1080->1081 1080->1082 1083 8d15ec3-8d15ed0 1080->1083 1084 8d15df5-8d15e02 1080->1084 1085 8d15f54-8d15f67 1080->1085 1086 8d15e64-8d15e6d 1080->1086 1087 8d15f37-8d15f4f 1080->1087 1088 8d15e2b-8d15e2f 1080->1088 1089 8d15e4d-8d15e5f 1080->1089 1090 8d15ddc-8d15df3 1080->1090 1081->1077 1091 8d15ed2 1083->1091 1092 8d15ed7-8d15ede 1083->1092 1097 8d15e04 1084->1097 1098 8d15e09-8d15e1e 1084->1098 1099 8d15f69-8d15f78 1085->1099 1100 8d15f7a-8d15f81 1085->1100 1095 8d15e74-8d15e97 1086->1095 1096 8d15e6f 1086->1096 1087->1077 1093 8d15e31 1088->1093 1094 8d15e36-8d15e48 1088->1094 1089->1077 1090->1077 1091->1092 1102 8d15ee0 1092->1102 1103 8d15ee5-8d15eec 1092->1103 1093->1094 1094->1077 1104 8d15e99 1095->1104 1105 8d15e9e-8d15ebe 1095->1105 1096->1095 1097->1098 1098->1077 1101 8d15f88-8d15f8e 1099->1101 1100->1101 1101->1077 1102->1103 1106 8d15ef3-8d15f14 1103->1106 1107 8d15eee 1103->1107 1104->1105 1105->1077 1109 8d15f1f-8d15f32 1106->1109 1107->1106 1109->1077
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: L^*K
                                            • API String ID: 0-415330067
                                            • Opcode ID: ea9abae1097d4d40af1bca4b59a6d84902497188631e139da6b03683f5280574
                                            • Instruction ID: c5464fb3d1d54f4755ca1fd088f8700bc5f0202d19878445acad9c96080ab719
                                            • Opcode Fuzzy Hash: ea9abae1097d4d40af1bca4b59a6d84902497188631e139da6b03683f5280574
                                            • Instruction Fuzzy Hash: 74D18B70E0020ADFCF04DFB9E5456AEBBF2AFC8351F148669D405A7355DB389A428BA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 84a527f02495c23293fb2ad7070a0562fc1fe789704193b3abcc344e103f9c28
                                            • Instruction ID: 851933b91adaa039aec6d95f73dfe7298e2affe604a5d75a9082afd591c55c0b
                                            • Opcode Fuzzy Hash: 84a527f02495c23293fb2ad7070a0562fc1fe789704193b3abcc344e103f9c28
                                            • Instruction Fuzzy Hash: A0E15974D1460AEFCB04CF99D4868AEFBB2FF89341B159665D405EB254CB34DA82CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2ed3d0c84b620f94e8de2d97939f04d54ae1e1e3c93bc96c03707d1e95531ad6
                                            • Instruction ID: a6a6246b653eab007ba0590e1b22d0342db273938b5056e5fba20f14a495a478
                                            • Opcode Fuzzy Hash: 2ed3d0c84b620f94e8de2d97939f04d54ae1e1e3c93bc96c03707d1e95531ad6
                                            • Instruction Fuzzy Hash: A5D12574D5520AEFCF04CF99D4858AEFBB2FF88341B149629D505AB214DB34EA82CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5d50d6c1d916936c4ef58d47d4a07048a6185a98306155b323c2eed01b3e9cfc
                                            • Instruction ID: fe0789df05f98b6695486e6bc59e58e6ebf4353ff75a7ce14da6dd5b16bd5208
                                            • Opcode Fuzzy Hash: 5d50d6c1d916936c4ef58d47d4a07048a6185a98306155b323c2eed01b3e9cfc
                                            • Instruction Fuzzy Hash: DE811875E45229DFDB24CF66D844BD9BBB6FF88300F1082EAD509A7254EB749A81CF40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c4729ce97ba7a338e1f927cf6a9b0f5392b6f28b98b02f0a50f9539c6726ac0a
                                            • Instruction ID: 8af856b368bbabb78950ea29f220f1fb906fb7019ef0beaa0e0373fc67cf1088
                                            • Opcode Fuzzy Hash: c4729ce97ba7a338e1f927cf6a9b0f5392b6f28b98b02f0a50f9539c6726ac0a
                                            • Instruction Fuzzy Hash: 3B514D71E5161A9FDB28CF66C8447D9BBB2BF88300F14C2EAD508A7254EB705AC1DF40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 600ce0feffac4c4aa719541aa85066166a072ab001e0370636300195718fabe8
                                            • Instruction ID: a55de835c5fe6944334ab550e3fec0ee43a69c36087988ac4a8c64cee8c4b54c
                                            • Opcode Fuzzy Hash: 600ce0feffac4c4aa719541aa85066166a072ab001e0370636300195718fabe8
                                            • Instruction Fuzzy Hash: 55415874A05209EFCF09CFA9D58099EFBF2EF89240F28D6A9D515AB365D634DA01CB00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 41fe05eaa6b81c88b91c56a58f3488637945de43aa4284b4081c3cadf63d7c9a
                                            • Instruction ID: 04793fec30eb99a9c4d50fd88507c8d49d3d9e4c328a5a3ce3309b6ff1acb1b5
                                            • Opcode Fuzzy Hash: 41fe05eaa6b81c88b91c56a58f3488637945de43aa4284b4081c3cadf63d7c9a
                                            • Instruction Fuzzy Hash: B8312D70E056589FDB19CFA6C8516CEBFB3AFC5300F18C1AAE444AB265DA340A89CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1fe87b90ec9768f4061491fb894535995978999e888f2c9d16173d66aa515e76
                                            • Instruction ID: abef7b89fe51743eabd3d36096563c4c6a81c51ba211179672156cfa2819437e
                                            • Opcode Fuzzy Hash: 1fe87b90ec9768f4061491fb894535995978999e888f2c9d16173d66aa515e76
                                            • Instruction Fuzzy Hash: 7221F571E006189BDB18CFABD8446DEFBB3AFC8311F14C16AE409AA254DB745A86CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 294 f1d109-f1d1a7 GetCurrentProcess 298 f1d1b0-f1d1e4 GetCurrentThread 294->298 299 f1d1a9-f1d1af 294->299 300 f1d1e6-f1d1ec 298->300 301 f1d1ed-f1d221 GetCurrentProcess 298->301 299->298 300->301 302 f1d223-f1d229 301->302 303 f1d22a-f1d245 call f1d2e8 301->303 302->303 307 f1d24b-f1d27a GetCurrentThreadId 303->307 308 f1d283-f1d2e5 307->308 309 f1d27c-f1d282 307->309 309->308
                                            APIs
                                            • GetCurrentProcess.KERNEL32 ref: 00F1D196
                                            • GetCurrentThread.KERNEL32 ref: 00F1D1D3
                                            • GetCurrentProcess.KERNEL32 ref: 00F1D210
                                            • GetCurrentThreadId.KERNEL32 ref: 00F1D269
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: Current$ProcessThread
                                            • String ID:
                                            • API String ID: 2063062207-0
                                            • Opcode ID: ee1aab9ac87cf4b34c3892e6c9916c20ed4c9335d4127e6f56c25f6b97be51db
                                            • Instruction ID: 6b55e0a25fa6e1e3eb2e5237be4afd285334460afc76920605961c11a4c7671d
                                            • Opcode Fuzzy Hash: ee1aab9ac87cf4b34c3892e6c9916c20ed4c9335d4127e6f56c25f6b97be51db
                                            • Instruction Fuzzy Hash: D85166B09002498FDB04DFA9DA48BEEBFF1FF48314F248469E019A7261D7789984CF65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 316 f1d118-f1d1a7 GetCurrentProcess 320 f1d1b0-f1d1e4 GetCurrentThread 316->320 321 f1d1a9-f1d1af 316->321 322 f1d1e6-f1d1ec 320->322 323 f1d1ed-f1d221 GetCurrentProcess 320->323 321->320 322->323 324 f1d223-f1d229 323->324 325 f1d22a-f1d245 call f1d2e8 323->325 324->325 329 f1d24b-f1d27a GetCurrentThreadId 325->329 330 f1d283-f1d2e5 329->330 331 f1d27c-f1d282 329->331 331->330
                                            APIs
                                            • GetCurrentProcess.KERNEL32 ref: 00F1D196
                                            • GetCurrentThread.KERNEL32 ref: 00F1D1D3
                                            • GetCurrentProcess.KERNEL32 ref: 00F1D210
                                            • GetCurrentThreadId.KERNEL32 ref: 00F1D269
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: Current$ProcessThread
                                            • String ID:
                                            • API String ID: 2063062207-0
                                            • Opcode ID: a45a53b24bae98070bb6272b939052f110535a3e41735a1aa3b60aaaa2ca3fb9
                                            • Instruction ID: 8fea74f5bdcbe3469e9690b97278369e88ac36f4c29428c9ad91bdb5a595f7b0
                                            • Opcode Fuzzy Hash: a45a53b24bae98070bb6272b939052f110535a3e41735a1aa3b60aaaa2ca3fb9
                                            • Instruction Fuzzy Hash: 395167B09002499FDB04DFA9D548BDEBFF1FF88314F208469E419A7260D7789984CF65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 889 f1ad4f-f1ad6f 890 f1ad71-f1ad7e call f19cb0 889->890 891 f1ad9b-f1ad9f 889->891 896 f1ad80 890->896 897 f1ad94 890->897 892 f1ada1 891->892 893 f1adb3-f1adf4 891->893 898 f1adab 892->898 900 f1ae01-f1ae0f 893->900 901 f1adf6-f1adfe 893->901 947 f1ad86 call f1b3e9 896->947 948 f1ad86 call f1b3f8 896->948 897->891 898->893 903 f1ae11-f1ae16 900->903 904 f1ae33-f1ae35 900->904 901->900 902 f1ad8c-f1ad8e 902->897 907 f1aed0-f1aee7 902->907 905 f1ae21 903->905 906 f1ae18-f1ae1f call f19cbc 903->906 908 f1ae38-f1ae3f 904->908 910 f1ae23-f1ae31 905->910 906->910 922 f1aee9-f1af48 907->922 911 f1ae41-f1ae49 908->911 912 f1ae4c-f1ae53 908->912 910->908 911->912 914 f1ae60-f1ae62 call f19ccc 912->914 915 f1ae55-f1ae5d 912->915 918 f1ae67-f1ae69 914->918 915->914 920 f1ae76-f1ae7b 918->920 921 f1ae6b-f1ae73 918->921 923 f1ae99-f1aea6 920->923 924 f1ae7d-f1ae84 920->924 921->920 940 f1af4a-f1af90 922->940 931 f1aec9-f1aecf 923->931 932 f1aea8-f1aec6 923->932 924->923 925 f1ae86-f1ae96 call f19cdc call f19cec 924->925 925->923 932->931 942 f1af92-f1af95 940->942 943 f1af98-f1afc3 GetModuleHandleW 940->943 942->943 944 f1afc5-f1afcb 943->944 945 f1afcc-f1afe0 943->945 944->945 947->902 948->902
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00F1AFB6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: 4c244fd0833564fbd9401ea61217c054fc54dca6519270a23fe9778ffe6177f9
                                            • Instruction ID: ff7f1996a1b85ecdd4dd957d7a7936cb796a9da3df48abb07674cf5cf817659c
                                            • Opcode Fuzzy Hash: 4c244fd0833564fbd9401ea61217c054fc54dca6519270a23fe9778ffe6177f9
                                            • Instruction Fuzzy Hash: 2B8144B0A00B058FD724DF6AD55579ABBF1FF88310F00892DE48AD7A50DB74E986CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 949 8d19e5f-8d19ef3 951 8d19ef5-8d19efb 949->951 952 8d19efe-8d19f05 949->952 951->952 953 8d19f10-8d19f26 952->953 954 8d19f07-8d19f0d 952->954 955 8d19f31-8d19fce CreateProcessW 953->955 956 8d19f28-8d19f2e 953->956 954->953 958 8d19fd0-8d19fd6 955->958 959 8d19fd7-8d1a04b 955->959 956->955 958->959 967 8d1a05d-8d1a064 959->967 968 8d1a04d-8d1a053 959->968 969 8d1a066-8d1a075 967->969 970 8d1a07b 967->970 968->967 969->970 972 8d1a07c 970->972 972->972
                                            APIs
                                            • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 08D19FBB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: 733667f08142a07dc4d51109c6e91a1075873eef1bfc9d4c04460a82aa0ec5dd
                                            • Instruction ID: f37ebb1619750141e5433ed62d790bffdf5a4bb2d8bc1d0934ba02b28c6b1ccc
                                            • Opcode Fuzzy Hash: 733667f08142a07dc4d51109c6e91a1075873eef1bfc9d4c04460a82aa0ec5dd
                                            • Instruction Fuzzy Hash: 2D5117B1D01319EFDB64CF99C990BDDBBB1BF48300F14819AE408A7214CB355A89CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 973 8d19e68-8d19ef3 975 8d19ef5-8d19efb 973->975 976 8d19efe-8d19f05 973->976 975->976 977 8d19f10-8d19f26 976->977 978 8d19f07-8d19f0d 976->978 979 8d19f31-8d19fce CreateProcessW 977->979 980 8d19f28-8d19f2e 977->980 978->977 982 8d19fd0-8d19fd6 979->982 983 8d19fd7-8d1a04b 979->983 980->979 982->983 991 8d1a05d-8d1a064 983->991 992 8d1a04d-8d1a053 983->992 993 8d1a066-8d1a075 991->993 994 8d1a07b 991->994 992->991 993->994 996 8d1a07c 994->996 996->996
                                            APIs
                                            • CreateProcessW.KERNELBASE(?,?,00000009,?,?,?,?,?,?,?), ref: 08D19FBB
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: CreateProcess
                                            • String ID:
                                            • API String ID: 963392458-0
                                            • Opcode ID: c3b0eda1ff834b758eed83374c7bcccab8e7919a0f1b0679cf22d1d42e7d3d12
                                            • Instruction ID: 62a0437cc12927b1edb06b836aacf9ba4ee7e2b61d7b4479aa9dcd49ea1d34ee
                                            • Opcode Fuzzy Hash: c3b0eda1ff834b758eed83374c7bcccab8e7919a0f1b0679cf22d1d42e7d3d12
                                            • Instruction Fuzzy Hash: 14510671901319EFDF64CF99C850BDDBBB5BF48300F10819AE808A7214CB759A89CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 997 f15ccf-f15ce9 999 f15cf5-f15dd9 CreateActCtxA 997->999 1001 f15de2-f15e3c 999->1001 1002 f15ddb-f15de1 999->1002 1009 f15e4b-f15e4f 1001->1009 1010 f15e3e-f15e41 1001->1010 1002->1001 1011 f15e51-f15e5d 1009->1011 1012 f15e60 1009->1012 1010->1009 1011->1012 1014 f15e61 1012->1014 1014->1014
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 00F15DC9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: f3a40ab266fb2d40926dfef4452772a6db74597314e269ed1311779283930f1e
                                            • Instruction ID: 3b7d2a1ad0ef22f23427c010c62e3c1b4da8f29c1a59bab3eb774b654fd6e37f
                                            • Opcode Fuzzy Hash: f3a40ab266fb2d40926dfef4452772a6db74597314e269ed1311779283930f1e
                                            • Instruction Fuzzy Hash: F84143B1C04759CFDB25CFA9C894BCDBBB1BF89304F14806AC048AB261DB75598ACF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1110 f14524-f15dd9 CreateActCtxA 1113 f15de2-f15e3c 1110->1113 1114 f15ddb-f15de1 1110->1114 1121 f15e4b-f15e4f 1113->1121 1122 f15e3e-f15e41 1113->1122 1114->1113 1123 f15e51-f15e5d 1121->1123 1124 f15e60 1121->1124 1122->1121 1123->1124 1126 f15e61 1124->1126 1126->1126
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 00F15DC9
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: bd41e8d2ab5ecf8b2468975d0dd59a0dd976836bbe56b2531971e491e46015fe
                                            • Instruction ID: 9070a022e2c1d4337e9476109786d1573d0681d8395e35522abcd97958931d43
                                            • Opcode Fuzzy Hash: bd41e8d2ab5ecf8b2468975d0dd59a0dd976836bbe56b2531971e491e46015fe
                                            • Instruction Fuzzy Hash: 7941E0B0C00719CBDB24DFA9C884BDDBBB5FF88704F20846AD409AB255DB756986DF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 08D1A5B5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: 99996286a70c46f3aca17ab7318cbed9a12eecf066c3c91907da358727802608
                                            • Instruction ID: ce4d0e7f20356e775d96295c8ae4f1b651adb4c2ceea305218cbac7533db6c99
                                            • Opcode Fuzzy Hash: 99996286a70c46f3aca17ab7318cbed9a12eecf066c3c91907da358727802608
                                            • Instruction Fuzzy Hash: 002120B1901219DFDB10CF9AD985BDEBBF5FF48310F10842AE918A3250D378A940CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 08D1A5B5
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: MemoryProcessWrite
                                            • String ID:
                                            • API String ID: 3559483778-0
                                            • Opcode ID: c099f68d1dd83d6c20c01b45071751ed7214c3af06378ac257653498bc880f9a
                                            • Instruction ID: 24988c253ef8b1e962ff7916aab54a66fa7b5f42cfd833b8a71ccfa5c112f76b
                                            • Opcode Fuzzy Hash: c099f68d1dd83d6c20c01b45071751ed7214c3af06378ac257653498bc880f9a
                                            • Instruction Fuzzy Hash: 8F2112B1901259DFDB10CF9AD885BDEBBF5FF48310F10842AE918A7350D378A940CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F1D3E7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 5801cc799144118a0e4f947a526b3a29e9440addb4a870c856d6d91f9e2445fc
                                            • Instruction ID: 796881a8eda0cabc4d46d0afa6b520e46f538d1dd9500e9b39251086188009bf
                                            • Opcode Fuzzy Hash: 5801cc799144118a0e4f947a526b3a29e9440addb4a870c856d6d91f9e2445fc
                                            • Instruction Fuzzy Hash: BC21E3B5D002099FDB10CF99D584AEEBBF5FB48310F14841AE918A3350C378AA50CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00F1D3E7
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: 301418b72af0a0d3b23a72d4f630715199496b17acadcff5295aaec7594db84c
                                            • Instruction ID: d6c7231ad5ede93d266438d538e7c83247c32699546a3b641426e989ab201d9b
                                            • Opcode Fuzzy Hash: 301418b72af0a0d3b23a72d4f630715199496b17acadcff5295aaec7594db84c
                                            • Instruction Fuzzy Hash: 2021C4B5D002499FDB10CF9AD584ADEBBF9FB48310F14841AE918A3350D378A954DFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 08D1A317
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: 749d16f37323dd1815b54c91c276d90af23237f75ab73975f0521020a190815a
                                            • Instruction ID: 1f2c78a3f1da2b61553e224ff8c8c81b871013bdafc93e0f6c7adb94c8b58379
                                            • Opcode Fuzzy Hash: 749d16f37323dd1815b54c91c276d90af23237f75ab73975f0521020a190815a
                                            • Instruction Fuzzy Hash: D221F0B5901259DFCB10CF9AD984BDEBBF5FF48310F10842AE918A3250D378A554CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 08D1A24F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: ec944592732b28e5f6e5cf265d29413ff05934d49c1682b4a6b4027aacdd0cb0
                                            • Instruction ID: 71cc3ca8246e16d296c94fb17dd7c514df0287fc1c5460d6c65cadfe592cd299
                                            • Opcode Fuzzy Hash: ec944592732b28e5f6e5cf265d29413ff05934d49c1682b4a6b4027aacdd0cb0
                                            • Instruction Fuzzy Hash: 3B2124B1D002199FDB00CFAAC585BEEFBF4BF48310F10812AD818B3240D378A9448FA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 08D1A317
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: MemoryProcessRead
                                            • String ID:
                                            • API String ID: 1726664587-0
                                            • Opcode ID: fd7258d2f7f7405d21e04c436a9acfbc3620180a77e9241bb9b22a1b7ee0e18a
                                            • Instruction ID: 56b98d83c72e8b1d406dcb3e614207da1d890d5db46a749b2c23abd95215fb80
                                            • Opcode Fuzzy Hash: fd7258d2f7f7405d21e04c436a9acfbc3620180a77e9241bb9b22a1b7ee0e18a
                                            • Instruction Fuzzy Hash: B221DEB59012599FCB10DF9AD884ADEBBF4FF49310F10842AE918A3250D378A954CBA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 08D1A24F
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: ContextThreadWow64
                                            • String ID:
                                            • API String ID: 983334009-0
                                            • Opcode ID: d76e861c5e8f944d2288d6e637098abe3f029a7854c681e0932a19a5c469e415
                                            • Instruction ID: 614e38395201fe96f684aadd4e21678daa0090c796b9dee10d7726681f2ee54e
                                            • Opcode Fuzzy Hash: d76e861c5e8f944d2288d6e637098abe3f029a7854c681e0932a19a5c469e415
                                            • Instruction Fuzzy Hash: 4321F4B1D012199FCB00DF9AD585BAEFBF4BF49310F10812AD818A3240D378A9448FA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F1B431,00000800,00000000,00000000), ref: 00F1B642
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 49426afc2467eca992f26bb23f69f36308f15add0bdb5fb52c101d2855944f76
                                            • Instruction ID: c0d77f147e572d391612483a9209c2a5b1fbdb8552ff43a2eaa711bac521aec1
                                            • Opcode Fuzzy Hash: 49426afc2467eca992f26bb23f69f36308f15add0bdb5fb52c101d2855944f76
                                            • Instruction Fuzzy Hash: C41114B6D00348CFDB10DF9AD444ADEFBF5EB58310F14846AD519A7210C779A944CFA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00F1B431,00000800,00000000,00000000), ref: 00F1B642
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: f2b67b61c547fdcb4a15acc81f72ec2556be47f39ec7f8487634483f9a569144
                                            • Instruction ID: d4bf61c502dad7d5cb40f02cedd655635d4de68010aed0f2f7f04df586d127d5
                                            • Opcode Fuzzy Hash: f2b67b61c547fdcb4a15acc81f72ec2556be47f39ec7f8487634483f9a569144
                                            • Instruction Fuzzy Hash: E71112B6C002498FDB10CF9AD844ADEFBF4FB98320F14846AE519A7200C779A945CFA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 08D1A3D3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: bd7d40ca0a7e6dcf4f1d08671bca25ab1b84f756678b81c8e159cedc06bc211e
                                            • Instruction ID: 5b5a7782ec9cd858beea953ebc20a9f9e41b6c6818012481cb6a3cbb83f9bc1c
                                            • Opcode Fuzzy Hash: bd7d40ca0a7e6dcf4f1d08671bca25ab1b84f756678b81c8e159cedc06bc211e
                                            • Instruction Fuzzy Hash: 771102B6800258DFCB10DF99D984BDEBBF4FF48310F10841AEA18A7250D379A950CFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 08D1A3D3
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: c05c5314f55bbb92622313aec23c9b49bd2a2766b23a3d29601e34ccc1e1dd04
                                            • Instruction ID: eb6568d9179c6d524cfc7ec34fac21d48272ec0969d3b2e8ad475c2fa2839791
                                            • Opcode Fuzzy Hash: c05c5314f55bbb92622313aec23c9b49bd2a2766b23a3d29601e34ccc1e1dd04
                                            • Instruction Fuzzy Hash: 4811D2B59002599FCB10DF9AD884BDEBBF4FF49320F108419E518A7250C379A954CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • PostMessageW.USER32(?,?,?,?), ref: 08D1AA5D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: e81af07375e8e3df640d5e71cefc7e75b90205729e1d84684fc91edd5d65ea77
                                            • Instruction ID: a34bcb156eba417cae16e9dfb14395c07a75df67edc4f76789fa39ea808e6e0d
                                            • Opcode Fuzzy Hash: e81af07375e8e3df640d5e71cefc7e75b90205729e1d84684fc91edd5d65ea77
                                            • Instruction Fuzzy Hash: 9311F2B5800219DFDB10DF9AD589BDEBBF8EF48314F20841AE958A3200C379A944CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: 16a32ae2c6f37c78e8c955472b286ed223696f60cc177dcd06c9f2c403900f7f
                                            • Instruction ID: 9ffaaefe57ea31d582067d7c33c8bcd7dfa754bb21e4d9621776075c86402b8d
                                            • Opcode Fuzzy Hash: 16a32ae2c6f37c78e8c955472b286ed223696f60cc177dcd06c9f2c403900f7f
                                            • Instruction Fuzzy Hash: 8F1133B58003499FCB10DF9AD484BDEFBF8EF49310F20841AD518A3210D378A940CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 00F1AFB6
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: 64e84112a893371cbf9e3799289a149fd599d532e4178c1baf0fbb872dab6efc
                                            • Instruction ID: 1b2967ee46e5cbd33819e811b0fcfc2e9ede7efe4d54ea6813542ca264af83d3
                                            • Opcode Fuzzy Hash: 64e84112a893371cbf9e3799289a149fd599d532e4178c1baf0fbb872dab6efc
                                            • Instruction Fuzzy Hash: 5C11DFB5C002498FCB10DF9AD444ADEFBF4AB89324F10841AD919A7250C379A545CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            • PostMessageW.USER32(?,?,?,?), ref: 08D1AA5D
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: MessagePost
                                            • String ID:
                                            • API String ID: 410705778-0
                                            • Opcode ID: 84b5c283330273346b72a92e2900565f77984c1cfbc0535f32d222a1717e01b4
                                            • Instruction ID: 35641399a791df26e383f657182e5449f5b6adc7c70ace2d245dd346297b1194
                                            • Opcode Fuzzy Hash: 84b5c283330273346b72a92e2900565f77984c1cfbc0535f32d222a1717e01b4
                                            • Instruction Fuzzy Hash: 9111D3B58003599FDB10DF9AD585BDEFBF8FB48354F10841AD518A7210C379A944CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: ResumeThread
                                            • String ID:
                                            • API String ID: 947044025-0
                                            • Opcode ID: 0b72484266b069729b295977a86578ee6457f07f37b876e9959d193404113980
                                            • Instruction ID: 8747d44b0d36a0c640d04333cc59cd7aa66244d9133c95a688388b0e944cf9ad
                                            • Opcode Fuzzy Hash: 0b72484266b069729b295977a86578ee6457f07f37b876e9959d193404113980
                                            • Instruction Fuzzy Hash: 211112B58002598FCB10DF9AD484BDEFBF8EF49324F20841AD518A3250C378A944CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2327721087.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e1d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5669cea6744306332a4e1f8d04d357425f0c00af23ee062a1132631352c34929
                                            • Instruction ID: d334f0c5e839ad17fec7d9ebb42b6a6c1d55a6b59d482b02d67591676a8c52c2
                                            • Opcode Fuzzy Hash: 5669cea6744306332a4e1f8d04d357425f0c00af23ee062a1132631352c34929
                                            • Instruction Fuzzy Hash: 39216771108204DFDB05DF14DDC0FA6BF65FB98324F20C569E90A5B256C33AE896CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2327871245.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e3d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fcd75a9258e49f37d1349243ba32a43b778570d2c82d27ae968326d541a41308
                                            • Instruction ID: 8a3c3c8759e8a893fe4defbdeec3f0adae0e783e99fcacfa181030c158f6c61b
                                            • Opcode Fuzzy Hash: fcd75a9258e49f37d1349243ba32a43b778570d2c82d27ae968326d541a41308
                                            • Instruction Fuzzy Hash: 09210771508204DFDB05DF64E9C8F26BF65FB84318F20C56DE9495B266C33AD816CA61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2327871245.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e3d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 916a51cfdcca381bb3c00463780a241ed0fc2d350a6e3a2d4bd23062e25f8975
                                            • Instruction ID: 43f0e2c324dcd42f9188fc553e2b73e0f39d4a1c0551ef660a4465f7a5336f7e
                                            • Opcode Fuzzy Hash: 916a51cfdcca381bb3c00463780a241ed0fc2d350a6e3a2d4bd23062e25f8975
                                            • Instruction Fuzzy Hash: AD21F571508204DFCB19DF24E9C8B16BF66FB84714F20C569D9495B296C33AD807CE61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2327871245.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e3d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5f8eff7d9b774f67b6fd983c29a8c1e80127ef526ea10c94d850777462891b37
                                            • Instruction ID: d905e3ad4b2ca580aee0a3b6c744ea9b8eb50eede2625314d7f30922603eb1fe
                                            • Opcode Fuzzy Hash: 5f8eff7d9b774f67b6fd983c29a8c1e80127ef526ea10c94d850777462891b37
                                            • Instruction Fuzzy Hash: 5A21807550D3808FCB06CF24D994715BF72EB46314F28C5EAD8498F2A7C33A980ACB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2327721087.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e1d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction ID: 5142dc5ba9c4785a21d87ee9e04ae2cf35dfd5f2b7d2dbe19e0a9832ee134d89
                                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction Fuzzy Hash: 27112672404240CFCB16CF00D9C4B56BF71FB98324F24C6A9D9090B256C33AE89ACBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2327871245.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e3d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction ID: 844eb9ab8aab8aa3b748d1dc7c6e436e079a8c121a5052b496075a652a52f98d
                                            • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                            • Instruction Fuzzy Hash: 8011BE75508240DFCB02CF50D9C4B16BF61FB84318F24C6A9D8494B266C33AD81ACB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2327721087.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e1d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3c6d55aeef8b0e2a9a6ceaae6a5fd08a36d3d93c87d1d6ec1fc06b2d748ae92d
                                            • Instruction ID: e441f31b1c13f424bcbdd3884778b5c096328cb29e5d92980996efac5df126ec
                                            • Opcode Fuzzy Hash: 3c6d55aeef8b0e2a9a6ceaae6a5fd08a36d3d93c87d1d6ec1fc06b2d748ae92d
                                            • Instruction Fuzzy Hash: DA01F7310083409AE7209A15CD84BE7BF9CEF45324F18C52BED091A2C6D2799880CAB1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2327721087.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_e1d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0b54ff9873bdbf59112f08235cf8e57c7e3b0d00f1124b3a310eefe659e07dc3
                                            • Instruction ID: 6d8b36d1ba6e6dc75d1d59211a66fab418af2286cb54580a06eaa326d6760340
                                            • Opcode Fuzzy Hash: 0b54ff9873bdbf59112f08235cf8e57c7e3b0d00f1124b3a310eefe659e07dc3
                                            • Instruction Fuzzy Hash: 50F062714093449AE7109E16CD88BA2FF98EF95738F18C45BED485B286C2799C44CAB5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: M' $M' $M' $bS
                                            • API String ID: 0-2596881727
                                            • Opcode ID: 907d38691efe8641458acaa95eedd375c980c0c1933fbe34269125d7ee87398f
                                            • Instruction ID: 3f1159016294fc15e57ebe03019c3837d95990e028290acad666a62e103d4adc
                                            • Opcode Fuzzy Hash: 907d38691efe8641458acaa95eedd375c980c0c1933fbe34269125d7ee87398f
                                            • Instruction Fuzzy Hash: 6E811974E10219DFDF14CFA9E981A9EFBB2BF88310F1481A9D509A7355DB309A81CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: M' $M' $M' $bS
                                            • API String ID: 0-2596881727
                                            • Opcode ID: 56f222fe36d89717bae885b039b6216007822e6c921118bcae5ee7b377b73b6d
                                            • Instruction ID: 6bd7732ded177e633a5670cc6db518da397eb82eab848b18fae4e24cfd4d6290
                                            • Opcode Fuzzy Hash: 56f222fe36d89717bae885b039b6216007822e6c921118bcae5ee7b377b73b6d
                                            • Instruction Fuzzy Hash: 5F711974E10219DFDF54CFA9E981B9EBBB2BF88300F1491AAD509A7355DB309A818F11
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: _j/I
                                            • API String ID: 0-3933622087
                                            • Opcode ID: a11c8dd15000e3959e2a2910cddb2b0662b88ee5070f5265eec3fc844f190455
                                            • Instruction ID: 5e9060109d0d3e2a16ebc6a24f4af63832d0d58052fbbba3f78b4a3a5cdf5a91
                                            • Opcode Fuzzy Hash: a11c8dd15000e3959e2a2910cddb2b0662b88ee5070f5265eec3fc844f190455
                                            • Instruction Fuzzy Hash: 14711574E15219DBCF08CFAAE5814AEFBB2FF89351F10952AD416EB314DB3499029F90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: _j/I
                                            • API String ID: 0-3933622087
                                            • Opcode ID: 0bd474416ac0b6fc2862f7119d09102fdade0ffc2905754aafb4e782fe6f23d4
                                            • Instruction ID: 10829384b948ac6cbeefd698ce502e6eedfaf6c0b661546b23e13131ef8abd46
                                            • Opcode Fuzzy Hash: 0bd474416ac0b6fc2862f7119d09102fdade0ffc2905754aafb4e782fe6f23d4
                                            • Instruction Fuzzy Hash: FE71F474E15219DBCF08CFAAD9814AEFBB2FF89351F10912AD516EB314DB3499029F90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %L;
                                            • API String ID: 0-3688780284
                                            • Opcode ID: 41382c056fcab2acd62bd5680f9c068030332bd4ce30679b7b61b96a7a4fc08b
                                            • Instruction ID: 11d5406ade11de9547c7bc4fb4933c26439390a1a4162fe3cc4d553db651e84d
                                            • Opcode Fuzzy Hash: 41382c056fcab2acd62bd5680f9c068030332bd4ce30679b7b61b96a7a4fc08b
                                            • Instruction Fuzzy Hash: 3361E0B4E046099FCF08CFAAD9849DEFBF2EF89251F24912AD415B7314D7349A428F64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: %L;
                                            • API String ID: 0-3688780284
                                            • Opcode ID: 9880ede558b7351fc65333e4eaa2f4582f2f681b6d771b735e5aff4743ae949a
                                            • Instruction ID: 7fb578eca4cbc5e18aae67f9a3fb30dbe905e48af61642a4227eb02ba75b6449
                                            • Opcode Fuzzy Hash: 9880ede558b7351fc65333e4eaa2f4582f2f681b6d771b735e5aff4743ae949a
                                            • Instruction Fuzzy Hash: A061F2B4E056099FCB08CFA9C9809DEFBF2EF89251F24952AD405B7314D7349A428F64
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: F9
                                            • API String ID: 0-1501937292
                                            • Opcode ID: 5cfa39c58d25991d8a9bb67ae40d20aac50b451ebd13b1daca0db7a962a07b44
                                            • Instruction ID: 84b1799a586c7add547449b9400ba67a71e7cae16e203239f9b17a3e9d5eb0c8
                                            • Opcode Fuzzy Hash: 5cfa39c58d25991d8a9bb67ae40d20aac50b451ebd13b1daca0db7a962a07b44
                                            • Instruction Fuzzy Hash: 7A5134B0E0520AAFCF04CFA9D4816EEFBF2BF89341F14852AD454A7254D7359A42CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2328045916.0000000000F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_f10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c41dffe8161114dec4cd564dba58c37929a0578bee2d9e5727b6e0d869329cd2
                                            • Instruction ID: 4206689f1ef26a65eba1e23f5e3f7b8751948b305d548f5f285458735c939d34
                                            • Opcode Fuzzy Hash: c41dffe8161114dec4cd564dba58c37929a0578bee2d9e5727b6e0d869329cd2
                                            • Instruction Fuzzy Hash: 7FA17C32E002098FCF05DFB5D8405DEB7B2FF84300B15457AE905AB266DB79E99ADB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea29c9f55f1e5780bdff45389976b24088e32e66cc78cd44444ec9dfc3bbc864
                                            • Instruction ID: 10dca92156adbad3b06bf08cb9b6513d2d7a65fb3f98b46680a973616623021f
                                            • Opcode Fuzzy Hash: ea29c9f55f1e5780bdff45389976b24088e32e66cc78cd44444ec9dfc3bbc864
                                            • Instruction Fuzzy Hash: 23810174E10219DFCB04CFA9D98499EFBF2FF88351F14965AE518AB224D334AA42CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e4d399843b260de2310cccacb63061f2d22e6f1b22df608869b77df65996a19
                                            • Instruction ID: 8c45ae099d88911f36cfac72bed9c7b8149fcaa6f848e8b4554f0a206e059210
                                            • Opcode Fuzzy Hash: 9e4d399843b260de2310cccacb63061f2d22e6f1b22df608869b77df65996a19
                                            • Instruction Fuzzy Hash: 77810234E15219DFCB04CFA9D98499EFBF2FF89351F14956AE418AB224D330AA42CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c3dfbc7def259f9ddfa36f6b2f251974939902f8eb9ab83b4fce27fc3d3c0b28
                                            • Instruction ID: 3509049acf856c20c5b2f2da6650c9c57456e0fcebd32b85357de08921fed8d1
                                            • Opcode Fuzzy Hash: c3dfbc7def259f9ddfa36f6b2f251974939902f8eb9ab83b4fce27fc3d3c0b28
                                            • Instruction Fuzzy Hash: AE41E7B4E04609EFCF48CFAAD4405AEFBF2AF88241F24C56AD415A7354D7389A518F54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 16d94e49f1e331dc71437ae6c3fe8d9a37744c829f90ccce79ef153d55e160ef
                                            • Instruction ID: 76d117ecb04fabe6895c4a2dc6b9083f6e1649414d1b136d980b713f347c299d
                                            • Opcode Fuzzy Hash: 16d94e49f1e331dc71437ae6c3fe8d9a37744c829f90ccce79ef153d55e160ef
                                            • Instruction Fuzzy Hash: A141E6B0E00209EFCF48CFAAD4805AEFBF2AF88341F24C56AD515A7314D7389A558F54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 68de3ea850f70b08dafc5ba15b47cdca1b7763378d3088c2f85e979a9cf1acc0
                                            • Instruction ID: 47a1482daf13a7994f0697c87139b97fac138716b65fd5965f75b3bf814fd57a
                                            • Opcode Fuzzy Hash: 68de3ea850f70b08dafc5ba15b47cdca1b7763378d3088c2f85e979a9cf1acc0
                                            • Instruction Fuzzy Hash: DB31AD71D05A54DFDB1ACF26C80219ABFB3AF86300F4AC1AAD445AB261D7310952CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2672a0bb3320c467e52b304418d00a284f3f20231eda019924bb60bfb14e8d9a
                                            • Instruction ID: b4b15431946756ce712c74a949fc2b52b98a3848dcd1f48cdd520cd30dc19d67
                                            • Opcode Fuzzy Hash: 2672a0bb3320c467e52b304418d00a284f3f20231eda019924bb60bfb14e8d9a
                                            • Instruction Fuzzy Hash: 71314C75E122199FDB18CFAAD9406DEFBF3AF89311F14C16AE408A7264D7304A41CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 617b697021be76bcd774995d6c559c8aaac37cb82ea54435c5ec8a5729b3b0ed
                                            • Instruction ID: 4cf30c50a03e5581783e77ed5b0d6f38d769a835e56a49725184793c4852f2b1
                                            • Opcode Fuzzy Hash: 617b697021be76bcd774995d6c559c8aaac37cb82ea54435c5ec8a5729b3b0ed
                                            • Instruction Fuzzy Hash: 64314771E112199FDB08CFAAD9406DEFBF7AFC9351F24C16AE408A7264D7309A41CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d562d6096241c0cbc34b3a38eebea7f2e724dddd1c74b2c230019ac3d04ff079
                                            • Instruction ID: 203942f3018d7ba16b88fa08473eb4cdfef7e71b5e6276e65dce9ce680627083
                                            • Opcode Fuzzy Hash: d562d6096241c0cbc34b3a38eebea7f2e724dddd1c74b2c230019ac3d04ff079
                                            • Instruction Fuzzy Hash: 6A113870E112189BEB08CFAAD9406DEFBF7AFC8210F14C16AD408A7224DB304A068F90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52e6374ca004b5092570a51aecb35efeacea9aac942bde8357a6c51503b8909f
                                            • Instruction ID: e241144e55294bfb9cbecec4ec80043a416b6f8bf4472625505fa6f175e6b7fb
                                            • Opcode Fuzzy Hash: 52e6374ca004b5092570a51aecb35efeacea9aac942bde8357a6c51503b8909f
                                            • Instruction Fuzzy Hash: 07219DB0E112199FEB08CF6AD94569EFBF3AFC8200F14C16AD408B7265EB304A428F51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eba834ae77df99a883883a6983336cf93c3085b6e766fa0664a4f14f08aaa979
                                            • Instruction ID: 1f7e05f11dce935f4032760142266df536e2560effdf75ccf02a5717a7a2f78c
                                            • Opcode Fuzzy Hash: eba834ae77df99a883883a6983336cf93c3085b6e766fa0664a4f14f08aaa979
                                            • Instruction Fuzzy Hash: 4711DDB1E106189BEB1CCFABD84069EFAF7BFC8201F14C17AC908A6218EB3405568F55
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.2332119585.0000000008D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 08D10000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_8d10000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2827b28816fa85c413387026be83ba276f8adcb5833e7d7cb26057c3d39901b9
                                            • Instruction ID: e827a0edb569e0eed038f448fd5939c80705b576b9b6021357da5a161d8b5542
                                            • Opcode Fuzzy Hash: 2827b28816fa85c413387026be83ba276f8adcb5833e7d7cb26057c3d39901b9
                                            • Instruction Fuzzy Hash: 4521EDB1E116149BEB1CCF6B984469EFAF3BFC8200F18C17AC418A6258EB3405568F51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Execution Graph

                                            Execution Coverage:13.2%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:100%
                                            Total number of Nodes:4
                                            Total number of Limit Nodes:1
                                            execution_graph 30711 6d30040 30713 6d3006a 30711->30713 30712 6d3195e 30713->30712 30714 6d30915 LdrInitializeThunk 30713->30714 30714->30713
                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402911919.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d30000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Y
                                            • API String ID: 2994545307-3233089245
                                            • Opcode ID: 7a0fb691405c137959cf6dafa0723c65f35cb562711c7f1ddf0d7e6bf6bcfa70
                                            • Instruction ID: 6be46002f1c9b59817999dc62ad4626e97f7f5faf039ba2f0dcca0e30731034e
                                            • Opcode Fuzzy Hash: 7a0fb691405c137959cf6dafa0723c65f35cb562711c7f1ddf0d7e6bf6bcfa70
                                            • Instruction Fuzzy Hash: AD132A30D107198EDB14EF69C894AADF7B1FF89300F15C69AD458AB265EB70AAC4CF40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 471 14692e0-1469303 472 1469305-146930b 471->472 473 146930e-146932e 471->473 472->473 476 1469335-146933c 473->476 477 1469330 473->477 479 146933e-1469349 476->479 478 14696c4-14696cd 477->478 480 14696d5-14696fe 479->480 481 146934f-1469362 479->481 484 1469364-1469372 481->484 485 1469378-1469393 481->485 484->485 488 146964c-1469653 484->488 489 14693b7-14693ba 485->489 490 1469395-146939b 485->490 488->478 493 1469655-1469657 488->493 494 1469514-146951a 489->494 495 14693c0-14693c3 489->495 491 14693a4-14693a7 490->491 492 146939d 490->492 497 14693da-14693e0 491->497 498 14693a9-14693ac 491->498 492->491 492->494 496 1469606-1469609 492->496 492->497 499 1469666-146966c 493->499 500 1469659-146965e 493->500 494->496 501 1469520-1469525 494->501 495->494 502 14693c9-14693cf 495->502 507 14696d0 496->507 508 146960f-1469615 496->508 509 14693e6-14693e8 497->509 510 14693e2-14693e4 497->510 503 1469446-146944c 498->503 504 14693b2 498->504 499->480 505 146966e-1469673 499->505 500->499 501->496 502->494 506 14693d5 502->506 503->496 513 1469452-1469458 503->513 504->496 511 1469675-146967a 505->511 512 14696b8-14696bb 505->512 506->496 507->480 514 1469617-146961f 508->514 515 146963a-146963e 508->515 516 14693f2-14693fb 509->516 510->516 511->507 522 146967c 511->522 512->507 521 14696bd-14696c2 512->521 523 146945e-1469460 513->523 524 146945a-146945c 513->524 514->480 517 1469625-1469634 514->517 515->488 520 1469640-1469646 515->520 518 146940e-146941c 516->518 519 14693fd-1469408 516->519 517->485 517->515 539 1469425-1469436 518->539 519->496 519->518 520->479 520->488 521->478 521->493 526 1469683-1469688 522->526 525 146946a-1469481 523->525 524->525 537 1469483-146949c 525->537 538 14694ac-14694d3 525->538 530 14696aa-14696ac 526->530 531 146968a-146968c 526->531 530->507 535 14696ae-14696b1 530->535 532 146968e-1469693 531->532 533 146969b-14696a1 531->533 532->533 533->480 536 14696a3-14696a8 533->536 535->512 536->530 540 146967e-1469681 536->540 545 146952a-1469560 537->545 549 14694a2-14694a7 537->549 538->507 548 14694d9-14694dc 538->548 544 146943c-1469441 539->544 539->545 540->507 540->526 544->545 552 1469562-1469566 545->552 553 146956d-1469575 545->553 548->507 551 14694e2-146950b 548->551 549->545 551->545 568 146950d-1469512 551->568 555 1469585-1469589 552->555 556 1469568-146956b 552->556 553->507 554 146957b-1469580 553->554 554->496 558 146958b-1469591 555->558 559 14695a8-14695ac 555->559 556->553 556->555 558->559 560 1469593-146959b 558->560 561 14695b6-14695d5 call 14698b8 559->561 562 14695ae-14695b4 559->562 560->507 564 14695a1-14695a6 560->564 565 14695db-14695df 561->565 562->561 562->565 564->496 565->496 566 14695e1-14695fd 565->566 566->496 568->545
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (o]q$(o]q$,aq$,aq
                                            • API String ID: 0-1947289240
                                            • Opcode ID: 06e364082a8bdd1af55defe5085eff3ab2e67986b6e519e6e6f74f4dd85bea01
                                            • Instruction ID: 982a7cf640f240bfefc7443bfbe21e69b8564abe6c43d78dd16309e02f71c0f7
                                            • Opcode Fuzzy Hash: 06e364082a8bdd1af55defe5085eff3ab2e67986b6e519e6e6f74f4dd85bea01
                                            • Instruction Fuzzy Hash: CBE14E71A00209DFCB15CFA9C984AAEBBBAFF89318F148056E515AB3B5D770DC41CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402911919.0000000006D30000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D30000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d30000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Y
                                            • API String ID: 2994545307-3233089245
                                            • Opcode ID: 0354d38ae354c0c9deadb7d472f86816f652697389ba9065428386f8b6f7a6a6
                                            • Instruction ID: 96677c769c3580d23781e87c0a4a2ae3590aa138743219ac9c9e32544fdd839c
                                            • Opcode Fuzzy Hash: 0354d38ae354c0c9deadb7d472f86816f652697389ba9065428386f8b6f7a6a6
                                            • Instruction Fuzzy Hash: 84820870D106198FCB64EF69C8946ADFBF1FF89300F14C69AD458AB255EB70AA84CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $$]q
                                            • API String ID: 0-711494890
                                            • Opcode ID: 53503c2b5e54002f54f651a107d579a9b0a1404cece5a1e9971bf725135a8133
                                            • Instruction ID: 817a63222650e10a5c6c2e5b9bc9595968d616be652221936310965858de54bd
                                            • Opcode Fuzzy Hash: 53503c2b5e54002f54f651a107d579a9b0a1404cece5a1e9971bf725135a8133
                                            • Instruction Fuzzy Hash: 36824C74E012198FDB14CF99C4809AEBBF6FF88314F158596E515AB762D334EC82CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1798 1468b69-1468bae 1799 1468bb4-1468bc2 1798->1799 1800 1469179-14691d4 call 14692e0 1798->1800 1803 1468bc4-1468bd5 1799->1803 1804 1468bf0-1468c01 1799->1804 1818 14691d6-14691da 1800->1818 1819 1469224-1469228 1800->1819 1803->1804 1812 1468bd7-1468be3 1803->1812 1806 1468c72-1468c86 1804->1806 1807 1468c03-1468c07 1804->1807 1944 1468c89 call 1469190 1806->1944 1945 1468c89 call 1468b69 1806->1945 1809 1468c22-1468c2b 1807->1809 1810 1468c09-1468c15 1807->1810 1816 1468f34 1809->1816 1817 1468c31-1468c34 1809->1817 1814 1468fa3-1468fee 1810->1814 1815 1468c1b-1468c1d 1810->1815 1820 1468f39-1468f9c 1812->1820 1821 1468be9-1468beb 1812->1821 1813 1468c8f-1468c95 1822 1468c97-1468c99 1813->1822 1823 1468c9e-1468ca5 1813->1823 1897 1468ff5-1469074 1814->1897 1826 1468f2a-1468f31 1815->1826 1816->1820 1817->1816 1827 1468c3a-1468c59 1817->1827 1828 14691dc-14691e1 1818->1828 1829 14691e9-14691f0 1818->1829 1824 146923f-1469253 1819->1824 1825 146922a-1469239 1819->1825 1820->1814 1821->1826 1822->1826 1832 1468d93-1468da4 1823->1832 1833 1468cab-1468cc2 1823->1833 1836 146925b-1469262 1824->1836 1946 1469255 call 146c340 1824->1946 1834 1469265-146926f 1825->1834 1835 146923b-146923d 1825->1835 1827->1816 1859 1468c5f-1468c65 1827->1859 1828->1829 1830 14692c6-14692d6 1829->1830 1831 14691f6-14691fd 1829->1831 1851 14692d7-14692dc 1830->1851 1831->1819 1838 14691ff-1469203 1831->1838 1853 1468da6-1468db3 1832->1853 1854 1468dce-1468dd4 1832->1854 1833->1832 1856 1468cc8-1468cd4 1833->1856 1840 1469271-1469277 1834->1840 1841 1469279-146927d 1834->1841 1835->1836 1847 1469205-146920a 1838->1847 1848 1469212-1469219 1838->1848 1843 1469285-14692bf 1840->1843 1841->1843 1844 146927f 1841->1844 1843->1830 1844->1843 1847->1848 1848->1830 1855 146921f-1469222 1848->1855 1851->1851 1858 14692de-14692e2 1851->1858 1863 1468def-1468df5 1853->1863 1873 1468db5-1468dc1 1853->1873 1862 1468dd6-1468de2 1854->1862 1854->1863 1855->1836 1864 1468d8c-1468d8e 1856->1864 1865 1468cda-1468d46 1856->1865 1859->1800 1867 1468c6b-1468c6f 1859->1867 1869 146908b-14690ee 1862->1869 1870 1468de8-1468dea 1862->1870 1871 1468f27 1863->1871 1872 1468dfb-1468e18 1863->1872 1864->1826 1900 1468d74-1468d89 1865->1900 1901 1468d48-1468d72 1865->1901 1867->1806 1923 14690f5-1469174 1869->1923 1870->1826 1871->1826 1872->1816 1892 1468e1e-1468e21 1872->1892 1879 1468dc7-1468dc9 1873->1879 1880 1469079-1469084 1873->1880 1879->1826 1880->1869 1892->1800 1893 1468e27-1468e4d 1892->1893 1893->1871 1904 1468e53-1468e5f 1893->1904 1900->1864 1901->1900 1907 1468e65-1468edd 1904->1907 1908 1468f23-1468f25 1904->1908 1926 1468edf-1468f09 1907->1926 1927 1468f0b-1468f20 1907->1927 1908->1826 1926->1927 1927->1908 1944->1813 1945->1813 1946->1836
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (o]q$Haq
                                            • API String ID: 0-903699183
                                            • Opcode ID: b903d7af53a550ef0b062fc464c4b1aade093d11f438706b352177a19367200e
                                            • Instruction ID: 63cc69f447da7d4e7b9df1032ac2fb4c113a629e02247936bce881abd662fff7
                                            • Opcode Fuzzy Hash: b903d7af53a550ef0b062fc464c4b1aade093d11f438706b352177a19367200e
                                            • Instruction Fuzzy Hash: D712D370A0021A8FCB15DF69D854AAFBBFABF88304F14856AE505DB3A5DF349C42CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2038 1465dbe-1465dcd 2039 1465dd6-1465de6 2038->2039 2040 1465dcf-1465dd1 2038->2040 2042 1465ded-1465dfd 2039->2042 2043 1465de8 2039->2043 2041 1466074-146607b 2040->2041 2045 1465e03-1465e11 2042->2045 2046 146605b-1466069 2042->2046 2043->2041 2049 1465e17 2045->2049 2050 146607c-1466156 2045->2050 2046->2050 2051 146606b-146606f call 1460318 2046->2051 2049->2050 2052 1465f47-1465f6f 2049->2052 2053 1465e82-1465ea3 2049->2053 2054 1465fe1-146600d 2049->2054 2055 1465ece-1465eef 2049->2055 2056 146600f-146602a call 1460140 2049->2056 2057 146604f-1466059 2049->2057 2058 146602c-146604d call 1464298 2049->2058 2059 1465ea8-1465ec9 2049->2059 2060 1465fb6-1465fdc 2049->2060 2061 1465ef4-1465f15 2049->2061 2062 1465f74-1465fb1 2049->2062 2063 1465e35-1465e56 2049->2063 2064 1465e1e-1465e30 2049->2064 2065 1465f1a-1465f42 2049->2065 2066 1465e5b-1465e7d 2049->2066 2051->2041 2052->2041 2053->2041 2054->2041 2055->2041 2056->2041 2057->2041 2058->2041 2059->2041 2060->2041 2061->2041 2062->2041 2063->2041 2064->2041 2065->2041 2066->2041
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Xaq$$]q
                                            • API String ID: 0-1280934391
                                            • Opcode ID: 96ca31d2d31eb1ea6cdc87fbf4c60f24a247f5934e36559573e875f18368291d
                                            • Instruction ID: d3ab351f635ede57b6ea520909921f23fb8725dbd143e93266c0f3f84799b0d1
                                            • Opcode Fuzzy Hash: 96ca31d2d31eb1ea6cdc87fbf4c60f24a247f5934e36559573e875f18368291d
                                            • Instruction Fuzzy Hash: 97A10270B042589FDB18DF7898502BE7FB6BFC9714B19856EE446D72A8CE358C02C792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6edef2c23d4ad89f866795a9814fdb9564417ddaead5401513bbbc18b15d411d
                                            • Instruction ID: ee5014688ae05f935ca8ec2c2b5b0edec08f962d02e766b2b0e0824700cdbe47
                                            • Opcode Fuzzy Hash: 6edef2c23d4ad89f866795a9814fdb9564417ddaead5401513bbbc18b15d411d
                                            • Instruction Fuzzy Hash: BD226E70B002059FE758EFBAD85876EBAE6BF88700F24886DE449DB395DE349C41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9be846eaa4acb4d1556c6e03f5e133f9e395f7f5ea4b45b8e0240e072ee2ffef
                                            • Instruction ID: f77e277037777c1ab7956866e1e448b91e17bba9a0653004630ade8f5cda2bfc
                                            • Opcode Fuzzy Hash: 9be846eaa4acb4d1556c6e03f5e133f9e395f7f5ea4b45b8e0240e072ee2ffef
                                            • Instruction Fuzzy Hash: E9227070B002058FD754EFBAC85876EBAE6BF88700F24886DD449EB395DE349C45CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ae8aa40cf84d908fdd48c5a77be7c00742cb704de2c455d8bc19ed2860bf8c5a
                                            • Instruction ID: 97542c47f65f2a95bab0d25c16c39d6d5facf17da0e759c088d09abc2094c284
                                            • Opcode Fuzzy Hash: ae8aa40cf84d908fdd48c5a77be7c00742cb704de2c455d8bc19ed2860bf8c5a
                                            • Instruction Fuzzy Hash: 6C225D70F002149FE758EFBAC85876EBAE6AF88700F24886DD449EB395DE749C41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 636c9f03f2705c0a36c369e30399fed068703c7c9986544bb898b38e51ea2604
                                            • Instruction ID: e997be56b68323171f60a87456668220ae5f3409ed17ed7e3c2fef701876b885
                                            • Opcode Fuzzy Hash: 636c9f03f2705c0a36c369e30399fed068703c7c9986544bb898b38e51ea2604
                                            • Instruction Fuzzy Hash: C6224D70B002059FD758EFBAC85876EBAE6BF88700F248869D449DB3A5DE749C41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 787ba88d575ca753115f8135d9b73916ec56aff1ed0f21d10ab6a57ce3141eba
                                            • Instruction ID: 63576fbbaae86e6ed463d01d6adfa6e64b5e94ad59121e29af4af6e484ed3d4b
                                            • Opcode Fuzzy Hash: 787ba88d575ca753115f8135d9b73916ec56aff1ed0f21d10ab6a57ce3141eba
                                            • Instruction Fuzzy Hash: E7226070B002049FD758EFBAD95876EBAE6BF88700F24886DD849DB395DE349C41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4c51f51a95e351303833e1ad8efa93ec996956c6f920836f038dfc73050e7d7
                                            • Instruction ID: 19c59f0794c215294c51215e0de3ce8d1760b74d69adc671307b227c68964dc4
                                            • Opcode Fuzzy Hash: b4c51f51a95e351303833e1ad8efa93ec996956c6f920836f038dfc73050e7d7
                                            • Instruction Fuzzy Hash: 72223D70F002049FD758EFBAC85876EBAE6BF88700F248869E449DB395DE349C45CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f3c6682050da1cf6781b97066b81bc048733ec3ecda4cf24b51f04ecf216b0a1
                                            • Instruction ID: 1addaa15a7f00a3ef9ada9c4f3cd433f8bb073841688355369e084ffe5782c96
                                            • Opcode Fuzzy Hash: f3c6682050da1cf6781b97066b81bc048733ec3ecda4cf24b51f04ecf216b0a1
                                            • Instruction Fuzzy Hash: 63226070B002049FD758EFBAC85876EBAE6BF88700F24886DE44ADB795DE349C45CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3f6d2cd602956bae01739dcc93b2e0b665635096a67109ae36a1f2280e30bcc3
                                            • Instruction ID: d5af1a2545c8a4fb46c708fc51fdd565a4ee8e052505ae7ec2c78468ddbee4ce
                                            • Opcode Fuzzy Hash: 3f6d2cd602956bae01739dcc93b2e0b665635096a67109ae36a1f2280e30bcc3
                                            • Instruction Fuzzy Hash: EE225D70B002049FD758EFBAC85876EBAF6BF88700F248869E449DB3A5DE349C45CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c3ee9e5856f01f7ca74b5a12b414b2c77a5f8210cb20af695950f4fcec3c4741
                                            • Instruction ID: 0277b1a13e86e70cc0acf4df9f1352f5d7bd1d39197a6d41bc1f45c73b80c2db
                                            • Opcode Fuzzy Hash: c3ee9e5856f01f7ca74b5a12b414b2c77a5f8210cb20af695950f4fcec3c4741
                                            • Instruction Fuzzy Hash: EA226C70B002059FE718EFBAC85876EBAE6BF88700F248869E449DB395DE349C45CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e3f1c16560a151fbd8fe1264cefb33668435e567b481bb6702792382ba583180
                                            • Instruction ID: 33397fb7616c495ff184f44f813ad5135815f8866b8e37d910cf4dcba6dc8f90
                                            • Opcode Fuzzy Hash: e3f1c16560a151fbd8fe1264cefb33668435e567b481bb6702792382ba583180
                                            • Instruction Fuzzy Hash: 25224D70F002089FD758EFBAC85876EBAE6AF88700F248869D449EB395DE749C45CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cd6de49e8b2c0621ddd5cc7d2447d0da925e43764d8008a3d6eacc70b460bc8
                                            • Instruction ID: a3335f29c32b14bb93afde36372c16649795be3210fcd28935444bbb4d439a9f
                                            • Opcode Fuzzy Hash: 7cd6de49e8b2c0621ddd5cc7d2447d0da925e43764d8008a3d6eacc70b460bc8
                                            • Instruction Fuzzy Hash: 76227F70B002049FD718EFBAD95876EBAE6BF88700F24886DE849DB395DE749C41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 16473c56d8ce1d86e426871e1571a623b0bf678776508049851057eda907ec66
                                            • Instruction ID: bf623243230525c8d1267f4825219e1b611f58a870e82c25226e55ef9bce911c
                                            • Opcode Fuzzy Hash: 16473c56d8ce1d86e426871e1571a623b0bf678776508049851057eda907ec66
                                            • Instruction Fuzzy Hash: 85226F70B002059FE758EFBAC85876EBAE6BF88700F24886DE449DB395DE349C41CB55
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 52cbe00cf21d031a056ed9880cc0c4a07db4a64597beb35d3e0a4216c1241d05
                                            • Instruction ID: 8ad2a55debb826c9ee6c0b3cd739d1b6ee9be0f2f7d3c07feeab49f19ad958e3
                                            • Opcode Fuzzy Hash: 52cbe00cf21d031a056ed9880cc0c4a07db4a64597beb35d3e0a4216c1241d05
                                            • Instruction Fuzzy Hash: 9D225D70F002059FE758EFBAC85876EBAE6BF88700F248869D449DB395DE749C41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 01a596cf29e7b14cd1c937b595f09cc258aa33d2a9eba06fef7d29fd43b93125
                                            • Instruction ID: 4c9d83af59b349de097b916a5a228914904a36a7ba8eb949916a00265c586ad4
                                            • Opcode Fuzzy Hash: 01a596cf29e7b14cd1c937b595f09cc258aa33d2a9eba06fef7d29fd43b93125
                                            • Instruction Fuzzy Hash: 7BE19370B003059FE718AFB9D95876EBAE7AF88700F14882DE84ADB395DE349C41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7308b959e7d5f362d8cf3c68e6634978ecd26ec38f74842bf692f1d58b177084
                                            • Instruction ID: 8efcc2503f403c7a1c22119b0a60132a98e34dd403087e05c294c71d10bb3aa3
                                            • Opcode Fuzzy Hash: 7308b959e7d5f362d8cf3c68e6634978ecd26ec38f74842bf692f1d58b177084
                                            • Instruction Fuzzy Hash: 1BE1B470B003059FD758AFBAC85876EBAEBAF88700F14882DE44ADB395DE749C45C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fdd50826a400f01fe0ade6ab6504877fd64429ce83d4df755ec192661f501fa4
                                            • Instruction ID: 942d307502f0ae931997e1ffaaec476e71206cebdf52cb513764fdcc826386e0
                                            • Opcode Fuzzy Hash: fdd50826a400f01fe0ade6ab6504877fd64429ce83d4df755ec192661f501fa4
                                            • Instruction Fuzzy Hash: E2E1A270B002059FE758AFBAC85876EBAE7AFC8700F14882DE54ADB395DE349C45C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c53b183affa547408c43462e3d0f17ffe709ef247229ed3ac79c83009ccc7ce
                                            • Instruction ID: ba5ba14e391b9e2e1afa44444172be92592454095a884781885f0afda09aebf5
                                            • Opcode Fuzzy Hash: 6c53b183affa547408c43462e3d0f17ffe709ef247229ed3ac79c83009ccc7ce
                                            • Instruction Fuzzy Hash: 6CE1B170F002059FE718AFBAC85876EBAEBAF88700F15886DE44ADB395DE749C05C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e18efde3b120304fa0f8b1d36069894630f553b85da5c55585f20fb3676331aa
                                            • Instruction ID: c2e87eda24f7c979774b383032ffde9580529cd2fef0a08183bb751a43e5eadc
                                            • Opcode Fuzzy Hash: e18efde3b120304fa0f8b1d36069894630f553b85da5c55585f20fb3676331aa
                                            • Instruction Fuzzy Hash: 3BE17270B003059FE718EFBAC85876EBAEBAF88740F148829E449DB3A5DE349C45C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e8886ac361b50e8b2880d92203c8fcbcc8d3fef1c02e1b8773bfa9bddac550ad
                                            • Instruction ID: 666fdb0946f8092f3985291214f0d3d7fd91637d3d502036c12231c5b1d96828
                                            • Opcode Fuzzy Hash: e8886ac361b50e8b2880d92203c8fcbcc8d3fef1c02e1b8773bfa9bddac550ad
                                            • Instruction Fuzzy Hash: 58E1A370B002059FD758EFB9D85876EBAE7AF88700F14882DE84ADB395DE749C05CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6fbc8bfc30e98e706209fddd0b6c97c1ce66fc2f191123b4ecdfc34767741fa1
                                            • Instruction ID: 1da242fd2174b4499d41560bf3417ae49fded4a70be0c2ae3ce6cdd7657c8610
                                            • Opcode Fuzzy Hash: 6fbc8bfc30e98e706209fddd0b6c97c1ce66fc2f191123b4ecdfc34767741fa1
                                            • Instruction Fuzzy Hash: 39E19370B003059FE758AFBAC85876EBAEBAF88700F14882DE44ADB395DE349C41C755
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1dbef53f67c487843774ff48c45cbbf1166767b9084956d0c32a9c05148077c9
                                            • Instruction ID: f6942bb8f3930fef47963b435abeda25f07ea9e02c7b39c5b342e2f144301bbb
                                            • Opcode Fuzzy Hash: 1dbef53f67c487843774ff48c45cbbf1166767b9084956d0c32a9c05148077c9
                                            • Instruction Fuzzy Hash: 6DE18370B002059FE758EFBAC85876EBAE7AF88740F14882DE44ADB3A5DE749C41C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 213e52449d71ada8ab97c3030ff3e8985f18914180c8d63e9d2a73f8d955d522
                                            • Instruction ID: 49cb1e56b8ba181ad84f67ebd07df5ad8b1ae28e4180be5a944fe7c7f4795694
                                            • Opcode Fuzzy Hash: 213e52449d71ada8ab97c3030ff3e8985f18914180c8d63e9d2a73f8d955d522
                                            • Instruction Fuzzy Hash: 7BE17170B003059FE758AFBAC85876EBAEBAF88700F14882DE44ADB395DE749C45C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 582f454b34edfbc100067e006ca5638d8b10047da2ac61726040ee8f46ef73dc
                                            • Instruction ID: 92b1ec1632f920e00cabf999d48ecd23071674098df35293605d927ae5868ee4
                                            • Opcode Fuzzy Hash: 582f454b34edfbc100067e006ca5638d8b10047da2ac61726040ee8f46ef73dc
                                            • Instruction Fuzzy Hash: FDE17070B002059FE758AFB9C85876EBAEBAFC8700F14882DE84ADB395DE349C45C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 801892dc673762d43d0577e3bcc77f4cb32edf3ae7d409a4e26255609686086e
                                            • Instruction ID: 26e6035051c25a40609c63f2689d1a57e4a13a8a117fba85c50a4479c0853fc2
                                            • Opcode Fuzzy Hash: 801892dc673762d43d0577e3bcc77f4cb32edf3ae7d409a4e26255609686086e
                                            • Instruction Fuzzy Hash: 7FE18F70B003059FD719AFB9C85876EBAE7AF88700F14886EE44ADB3A5DE349C45CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 34223c28581d436222887c5118f910a9bc7c6a3c67256a0b762fb78905c941bf
                                            • Instruction ID: 6e8f80f8ddf5465805f206ad080493d22806894a5d65cc200d9e7b56ae1075ea
                                            • Opcode Fuzzy Hash: 34223c28581d436222887c5118f910a9bc7c6a3c67256a0b762fb78905c941bf
                                            • Instruction Fuzzy Hash: 55D19270B002049FD758EFBAD85876EBAEBAF88700F24882DE44ADB795DE349C45C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 993195ce6c4a792a3476ff9027ee424bebe64093ab0486d15dc37e24173761a2
                                            • Instruction ID: dd3bb17c635d0bcbbba551fea3e8d824ae21065beaeef4b49a68f7eb0b9253bc
                                            • Opcode Fuzzy Hash: 993195ce6c4a792a3476ff9027ee424bebe64093ab0486d15dc37e24173761a2
                                            • Instruction Fuzzy Hash: F4D18270B002059FD758AFBAD85876EBAEBEF88700F14882DE84ADB395DE749C41C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 14698b8-14698ed 1 14698f3-1469916 0->1 2 1469d1c-1469d20 0->2 11 14699c4-14699c8 1->11 12 146991c-1469929 1->12 3 1469d22-1469d36 2->3 4 1469d39-1469d47 2->4 9 1469db8-1469dcd 4->9 10 1469d49-1469d5e 4->10 20 1469dd4-1469de1 9->20 21 1469dcf-1469dd2 9->21 22 1469d65-1469d72 10->22 23 1469d60-1469d63 10->23 13 1469a10-1469a19 11->13 14 14699ca-14699d8 11->14 28 146992b-1469936 12->28 29 1469938 12->29 17 1469e2f 13->17 18 1469a1f-1469a29 13->18 14->13 36 14699da-14699f5 14->36 30 1469e34-1469e40 17->30 18->2 26 1469a2f-1469a38 18->26 24 1469de3-1469e1e 20->24 21->24 25 1469d74-1469db5 22->25 23->25 79 1469e25-1469e2c 24->79 34 1469a47-1469a53 26->34 35 1469a3a-1469a3f 26->35 31 146993a-146993c 28->31 29->31 46 1469e42-1469e64 30->46 47 1469e7c 30->47 31->11 37 1469942-14699a4 31->37 34->30 40 1469a59-1469a5f 34->40 35->34 60 14699f7-1469a01 36->60 61 1469a03 36->61 90 14699a6 37->90 91 14699aa-14699c1 37->91 43 1469d06-1469d0a 40->43 44 1469a65-1469a75 40->44 43->17 49 1469d10-1469d16 43->49 58 1469a77-1469a87 44->58 59 1469a89-1469a8b 44->59 64 1469e66-1469e7b 46->64 65 1469e7d-1469e84 46->65 49->2 49->26 62 1469a8e-1469a94 58->62 59->62 63 1469a05-1469a07 60->63 61->63 62->43 66 1469a9a-1469aa9 62->66 63->13 67 1469a09 63->67 64->47 73 1469b57-1469b82 call 1469700 * 2 66->73 74 1469aaf 66->74 67->13 92 1469c6c-1469c86 73->92 93 1469b88-1469b8c 73->93 77 1469ab2-1469ac3 74->77 77->30 81 1469ac9-1469adb 77->81 81->30 83 1469ae1-1469af9 81->83 146 1469afb call 1469e87 83->146 147 1469afb call 1469e98 83->147 86 1469b01-1469b11 86->43 89 1469b17-1469b1a 86->89 94 1469b24-1469b27 89->94 95 1469b1c-1469b22 89->95 90->91 91->11 92->2 115 1469c8c-1469c90 92->115 93->43 97 1469b92-1469b96 93->97 94->17 98 1469b2d-1469b30 94->98 95->94 95->98 100 1469bbe-1469bc4 97->100 101 1469b98-1469ba5 97->101 102 1469b32-1469b36 98->102 103 1469b38-1469b3b 98->103 104 1469bc6-1469bca 100->104 105 1469bff-1469c05 100->105 118 1469ba7-1469bb2 101->118 119 1469bb4 101->119 102->103 106 1469b41-1469b45 102->106 103->17 103->106 104->105 107 1469bcc-1469bd5 104->107 108 1469c07-1469c0b 105->108 109 1469c11-1469c17 105->109 106->17 112 1469b4b-1469b51 106->112 113 1469bd7-1469bdc 107->113 114 1469be4-1469bfa 107->114 108->79 108->109 116 1469c23-1469c25 109->116 117 1469c19-1469c1d 109->117 112->73 112->77 113->114 114->43 121 1469c92-1469c9c call 14685b0 115->121 122 1469ccc-1469cd0 115->122 123 1469c27-1469c30 116->123 124 1469c5a-1469c5c 116->124 117->43 117->116 120 1469bb6-1469bb8 118->120 119->120 120->43 120->100 121->122 135 1469c9e-1469cb3 121->135 122->79 127 1469cd6-1469cda 122->127 130 1469c32-1469c37 123->130 131 1469c3f-1469c55 123->131 124->43 125 1469c62-1469c69 124->125 127->79 132 1469ce0-1469ced 127->132 130->131 131->43 138 1469cef-1469cfa 132->138 139 1469cfc 132->139 135->122 143 1469cb5-1469cca 135->143 140 1469cfe-1469d00 138->140 139->140 140->43 140->79 143->2 143->122 146->86 147->86
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                            • API String ID: 0-1435242062
                                            • Opcode ID: 21cab2a994b8e8f1378e98b270aaa1128c47732b1cb0a030ecee7e244f0c4de3
                                            • Instruction ID: 6c1f3ec8d299875a9adc2dff380b98e7cb362b185f7d2edd3dfb872a9b867572
                                            • Opcode Fuzzy Hash: 21cab2a994b8e8f1378e98b270aaa1128c47732b1cb0a030ecee7e244f0c4de3
                                            • Instruction Fuzzy Hash: CB128A30A002499FCB15CF69D984AAEBBFABF48318F14856AE445DB3B1D770EC41CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 570 146f5d8-146f61a 681 146f61c call 146f800 570->681 682 146f61c call 146f5c8 570->682 683 146f61c call 146f5d8 570->683 684 146f61c call 146f878 570->684 576 146f622-146f627 577 146f67b-146f67d 576->577 578 146f629-146f632 576->578 579 146f685-146f689 577->579 580 146f67f-146f683 577->580 578->577 581 146f634-146f663 call 1468430 578->581 679 146f68c call 146f9c8 579->679 680 146f68c call 146f9d8 579->680 580->579 582 146f69f-146f6a5 580->582 598 146f71a-146f7b5 581->598 599 146f669-146f66d 581->599 585 146f6a7-146f6c5 582->585 586 146f6cc-146f6d0 582->586 583 146f692-146f69d 583->586 600 146f6c7-146f6ca 585->600 601 146f715 585->601 587 146f6d2-146f6e4 586->587 588 146f70b-146f712 586->588 587->588 594 146f6e6 587->594 597 146f6e9-146f701 594->597 597->601 605 146f703-146f709 597->605 614 146f7b7-146f7ba 598->614 615 146f7bc-146f7c0 598->615 599->601 602 146f673-146f679 599->602 600->585 600->586 601->598 602->577 602->581 605->588 605->597 614->615 616 146f7c1-146f7f1 614->616 621 146f805-146f80f 616->621 622 146f7f3-146f804 616->622 624 146f811-146f827 621->624 625 146f82d-146f840 621->625 622->621 624->625 632 146f829-146f82b 624->632 628 146f862-146f86d 625->628 629 146f842-146f84c 625->629 635 146f881-146f89e 628->635 636 146f86f-146f880 628->636 629->628 631 146f84e-146f858 629->631 634 146f85f-146f861 631->634 632->634 638 146f8a5-146f8d0 call 146da18 635->638 639 146f8a0 635->639 636->635 646 146f8d2-146f8dd call 146da28 638->646 647 146f8fa-146f908 638->647 640 146f9bd-146f9c5 639->640 653 146f8e2-146f8e6 646->653 650 146f932 647->650 651 146f90a-146f915 call 146da38 647->651 650->640 660 146f91a-146f91e 651->660 655 146f937-146f94c 653->655 656 146f8e8-146f8f5 653->656 663 146f9ae-146f9b6 655->663 664 146f94e-146f95c 655->664 656->640 660->655 661 146f920-146f92d 660->661 661->640 663->640 664->663 668 146f95e-146f96c 664->668 668->663 670 146f96e-146f97c 668->670 670->663 672 146f97e-146f98c 670->672 672->663 674 146f98e-146f99c 672->674 674->663 676 146f99e-146f9ac 674->676 676->663 678 146f9b8 676->678 678->640 679->583 680->583 681->576 682->576 683->576 684->576
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (Xbq$(aq$(aq$Haq
                                            • API String ID: 0-4033849380
                                            • Opcode ID: fe132421f174b9cc39a84df7dbf583f751c83476e9fdd7a0f12399cadc3a3b02
                                            • Instruction ID: 87566fc95a4f8c42bfb61044053da86c604ee0142882e1e2db87916822a3d29d
                                            • Opcode Fuzzy Hash: fe132421f174b9cc39a84df7dbf583f751c83476e9fdd7a0f12399cadc3a3b02
                                            • Instruction Fuzzy Hash: 0CB1D131B002158FCB159B7DE86467F7BAAAFC4204F14806AD986DB3A5DF34DC4AC792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1008 146ae58-146ae65 1009 146ae67-146ae6c 1008->1009 1010 146ae71-146ae7d 1008->1010 1011 146b206-146b20b 1009->1011 1013 146ae7f-146ae81 1010->1013 1014 146ae8d-146ae92 1010->1014 1015 146ae89-146ae8b 1013->1015 1014->1011 1015->1014 1016 146ae97-146aea3 1015->1016 1018 146aea5-146aeb1 1016->1018 1019 146aeb3-146aeb8 1016->1019 1018->1019 1021 146aebd-146aec8 1018->1021 1019->1011 1023 146af72-146af7d 1021->1023 1024 146aece-146aed9 1021->1024 1027 146af83-146af92 1023->1027 1028 146b020-146b02c 1023->1028 1029 146aeef 1024->1029 1030 146aedb-146aeed 1024->1030 1039 146af94-146af9e 1027->1039 1040 146afa3-146afb2 1027->1040 1037 146b02e-146b03a 1028->1037 1038 146b03c-146b04e 1028->1038 1031 146aef4-146aef6 1029->1031 1030->1031 1032 146af16-146af1b 1031->1032 1033 146aef8-146af07 1031->1033 1032->1011 1033->1032 1043 146af09-146af14 1033->1043 1037->1038 1049 146b07c-146b087 1037->1049 1056 146b072-146b077 1038->1056 1057 146b050-146b05c 1038->1057 1039->1011 1047 146afd6-146afdf 1040->1047 1048 146afb4-146afc0 1040->1048 1043->1032 1054 146af20-146af29 1043->1054 1062 146aff5 1047->1062 1063 146afe1-146aff3 1047->1063 1058 146afc2-146afc7 1048->1058 1059 146afcc-146afd1 1048->1059 1060 146b08d-146b096 1049->1060 1061 146b169-146b174 1049->1061 1071 146af35-146af44 1054->1071 1072 146af2b-146af30 1054->1072 1056->1011 1068 146b05e-146b063 1057->1068 1069 146b068-146b06d 1057->1069 1058->1011 1059->1011 1077 146b0ac 1060->1077 1078 146b098-146b0aa 1060->1078 1075 146b176-146b180 1061->1075 1076 146b19e-146b1ad 1061->1076 1066 146affa-146affc 1062->1066 1063->1066 1066->1028 1074 146affe-146b00a 1066->1074 1068->1011 1069->1011 1089 146af46-146af52 1071->1089 1090 146af68-146af6d 1071->1090 1072->1011 1082 146b016-146b01b 1074->1082 1083 146b00c-146b011 1074->1083 1092 146b197-146b19c 1075->1092 1093 146b182-146b18e 1075->1093 1094 146b201 1076->1094 1095 146b1af-146b1be 1076->1095 1080 146b0b1-146b0b3 1077->1080 1078->1080 1087 146b0b5-146b0c1 1080->1087 1088 146b0c3 1080->1088 1082->1011 1083->1011 1091 146b0c8-146b0ca 1087->1091 1088->1091 1100 146af54-146af59 1089->1100 1101 146af5e-146af63 1089->1101 1090->1011 1098 146b0d6-146b0e9 1091->1098 1099 146b0cc-146b0d1 1091->1099 1092->1011 1093->1092 1105 146b190-146b195 1093->1105 1094->1011 1095->1094 1106 146b1c0-146b1d8 1095->1106 1107 146b121-146b12b 1098->1107 1108 146b0eb 1098->1108 1099->1011 1100->1011 1101->1011 1105->1011 1117 146b1fa-146b1ff 1106->1117 1118 146b1da-146b1f8 1106->1118 1114 146b12d-146b139 call 146acb8 1107->1114 1115 146b14a-146b156 1107->1115 1110 146b0ee-146b0ff call 146acb8 1108->1110 1120 146b106-146b10b 1110->1120 1121 146b101-146b104 1110->1121 1126 146b140-146b145 1114->1126 1127 146b13b-146b13e 1114->1127 1128 146b15f 1115->1128 1129 146b158-146b15d 1115->1129 1117->1011 1118->1011 1120->1011 1121->1120 1124 146b110-146b113 1121->1124 1130 146b20c-146b234 1124->1130 1131 146b119-146b11f 1124->1131 1126->1011 1127->1115 1127->1126 1132 146b164 1128->1132 1129->1132 1135 146b236-146b23b 1130->1135 1136 146b240-146b24b 1130->1136 1131->1107 1131->1110 1132->1011 1137 146b3c1-146b3c5 1135->1137 1140 146b2f3-146b2fc 1136->1140 1141 146b251-146b25c 1136->1141 1144 146b347-146b352 1140->1144 1145 146b2fe-146b309 1140->1145 1146 146b272 1141->1146 1147 146b25e-146b270 1141->1147 1154 146b354-146b366 1144->1154 1155 146b368 1144->1155 1156 146b3bf-146b3c0 1145->1156 1157 146b30f-146b321 1145->1157 1148 146b277-146b279 1146->1148 1147->1148 1152 146b2ae-146b2c0 1148->1152 1153 146b27b-146b28a 1148->1153 1152->1156 1165 146b2c6-146b2d4 1152->1165 1153->1152 1161 146b28c-146b2a2 1153->1161 1158 146b36d-146b36f 1154->1158 1155->1158 1156->1137 1157->1156 1166 146b327-146b32b 1157->1166 1158->1156 1163 146b371-146b380 1158->1163 1161->1152 1183 146b2a4-146b2a9 1161->1183 1172 146b382-146b38b 1163->1172 1173 146b3a8 1163->1173 1176 146b2d6-146b2db 1165->1176 1177 146b2e0-146b2e3 1165->1177 1169 146b337-146b33a 1166->1169 1170 146b32d-146b332 1166->1170 1174 146b3c6-146b3dc 1169->1174 1175 146b340-146b343 1169->1175 1170->1137 1188 146b3a1 1172->1188 1189 146b38d-146b39f 1172->1189 1178 146b3ad-146b3af 1173->1178 1187 146b3b9-146b3bd 1174->1187 1190 146b3de 1174->1190 1175->1166 1180 146b345 1175->1180 1176->1137 1177->1174 1181 146b2e9-146b2ec 1177->1181 1178->1156 1182 146b3b1-146b3b7 1178->1182 1180->1156 1181->1165 1186 146b2ee 1181->1186 1182->1187 1183->1137 1186->1156 1187->1137 1191 146b3a6 1188->1191 1189->1191 1191->1178
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4']q$4']q$;]q
                                            • API String ID: 0-1096896373
                                            • Opcode ID: cc059860775146154392ab600c234f9d7093ba8a8b98964e54ab39566ba6fe8b
                                            • Instruction ID: fbea20a1c998d246058c36ce711f0c3d41fa1d8b6d7ea4fb7e3bad217f0101eb
                                            • Opcode Fuzzy Hash: cc059860775146154392ab600c234f9d7093ba8a8b98964e54ab39566ba6fe8b
                                            • Instruction Fuzzy Hash: ABF14D703049118FEB165B2DC9A873E7B9EEF85608F194467E512CB3B5EA39CC828753
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1195 146fe68-146fe7d 1196 146fe84-146fe86 1195->1196 1197 146fe7f call 1468430 1195->1197 1198 146fed6-146fede 1196->1198 1199 146fe88-146fecc call 1460140 * 2 1196->1199 1197->1196 1204 146fee5-146ff64 call 146f800 call 146f878 1198->1204 1199->1204 1210 146fece-146fed5 1199->1210 1220 146ff69-146ff6b 1204->1220
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: /$Haq$\
                                            • API String ID: 0-3406229343
                                            • Opcode ID: 4759faf67a54aff177b7d0e530020bc3b24cd1fdfbdff5aec80892e990fea797
                                            • Instruction ID: 7b02fe03312e62e4e2a4d509147d00b8aa562fe4183137b805c940c1ea54933c
                                            • Opcode Fuzzy Hash: 4759faf67a54aff177b7d0e530020bc3b24cd1fdfbdff5aec80892e990fea797
                                            • Instruction Fuzzy Hash: FA2124207043555FDB06AB766C2477F2EA69BE2A04F1804AED646CB3D1DE798D068392
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1405 146a250-146a73e 1480 146a744-146a754 1405->1480 1481 146ac90-146acb0 1405->1481 1480->1481 1482 146a75a-146a76a 1480->1482 1486 146acf4-146acfb 1481->1486 1487 146acb2-146acc5 1481->1487 1482->1481 1483 146a770-146a780 1482->1483 1483->1481 1485 146a786-146a796 1483->1485 1485->1481 1490 146a79c-146a7ac 1485->1490 1488 146ad66-146ad72 1486->1488 1489 146acfd-146ad09 1486->1489 1491 146acc7-146accc 1487->1491 1492 146acd1-146ace4 1487->1492 1501 146ad74-146ad80 1488->1501 1502 146ad89-146ad95 1488->1502 1499 146ad2e-146ad31 1489->1499 1500 146ad0b-146ad16 1489->1500 1490->1481 1493 146a7b2-146a7c2 1490->1493 1494 146adb6-146adbb 1491->1494 1520 146aced-146acef 1492->1520 1493->1481 1497 146a7c8-146a7d8 1493->1497 1497->1481 1503 146a7de-146a7ee 1497->1503 1506 146ad33-146ad3f 1499->1506 1507 146ad48-146ad54 1499->1507 1500->1499 1515 146ad18-146ad22 1500->1515 1501->1502 1516 146ad82-146ad87 1501->1516 1518 146ad97-146ada3 1502->1518 1519 146adac-146adae 1502->1519 1503->1481 1504 146a7f4-146a804 1503->1504 1504->1481 1512 146a80a-146a81a 1504->1512 1506->1507 1522 146ad41-146ad46 1506->1522 1508 146ad56-146ad5d 1507->1508 1509 146adbc-146adde 1507->1509 1508->1509 1514 146ad5f-146ad64 1508->1514 1526 146ade0 1509->1526 1527 146adee 1509->1527 1512->1481 1517 146a820-146ac8f 1512->1517 1514->1494 1515->1499 1533 146ad24-146ad29 1515->1533 1516->1494 1518->1519 1530 146ada5-146adaa 1518->1530 1597 146adb0 call 146ae48 1519->1597 1598 146adb0 call 146ae58 1519->1598 1520->1488 1524 146acf1 1520->1524 1522->1494 1524->1486 1526->1527 1531 146ade7-146adec 1526->1531 1532 146adf0-146adf1 1527->1532 1530->1494 1531->1532 1533->1494 1597->1494 1598->1494
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: $]q$$]q
                                            • API String ID: 0-127220927
                                            • Opcode ID: 871c6cf2190a9a941c55535483ba2cbffa32821210af0cf7c863fda12c716453
                                            • Instruction ID: c738dee88ede1da62bf4f58314068dfd3832bf5f0f66cc2ba1dad09aa8fa13a4
                                            • Opcode Fuzzy Hash: 871c6cf2190a9a941c55535483ba2cbffa32821210af0cf7c863fda12c716453
                                            • Instruction Fuzzy Hash: E6522E74A00218CFEB15DBA5C960BAEBBB6FF94300F1084AEC50A6B3A5CE395D45DF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (o]q$4']q
                                            • API String ID: 0-176817397
                                            • Opcode ID: e5218a060666a506dc4b1fb18ae5e6ea1b22555a77a52d186da6611125144806
                                            • Instruction ID: 6cdabe207b0d111bdd71b8e67477bc2f9438d865719bd91400ff194bdbc7b44b
                                            • Opcode Fuzzy Hash: e5218a060666a506dc4b1fb18ae5e6ea1b22555a77a52d186da6611125144806
                                            • Instruction Fuzzy Hash: 0E427070600609DFCB15CF68D9C4AAABBBABF48314F15855AE485DB3B5C734EC41CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 1947 146b7e0-146b7f1 1948 146b7f7-146b7fa 1947->1948 1949 146b89b 1947->1949 1948->1949 1950 146b800-146b818 1948->1950 1951 146b8a0-146b8d9 1949->1951 1950->1949 1958 146b81e-146b822 1950->1958 1954 146b916 1951->1954 1955 146b8db-146b8e1 1951->1955 1959 146b918-146b91f 1954->1959 1957 146b8e4-146b8e6 1955->1957 1960 146b925-146b959 1957->1960 1961 146b8e8-146b8f1 1957->1961 1962 146b846-146b84c 1958->1962 1963 146b824 1958->1963 1978 146b95b-146b961 1960->1978 1979 146b9b9-146b9c6 1960->1979 1964 146b905-146b90f 1961->1964 1965 146b8f3-146b903 1961->1965 1962->1949 1967 146b84e-146b850 1962->1967 1966 146b827-146b82a 1963->1966 1969 146b920 1964->1969 1970 146b911-146b914 1964->1970 1965->1959 1966->1951 1968 146b82c-146b838 1966->1968 1971 146b874-146b87b 1967->1971 1972 146b852 1967->1972 1968->1949 1976 146b83a-146b840 1968->1976 1969->1960 1970->1954 1970->1957 1971->1951 1974 146b87d-146b886 1971->1974 1977 146b855-146b858 1972->1977 1974->1949 1982 146b888-146b891 1974->1982 1976->1949 1983 146b842-146b844 1976->1983 1977->1951 1985 146b85a-146b866 1977->1985 1980 146b9d7-146ba11 1978->1980 1981 146b963-146b96f 1978->1981 1984 146b9c8-146b9cf 1979->1984 2034 146ba13 call 146b7e0 1980->2034 2035 146ba13 call 146b930 1980->2035 2036 146ba13 call 146b7d1 1980->2036 1986 146b971-146b97b 1981->1986 1987 146b9a8-146b9b2 1981->1987 1982->1949 1988 146b893-146b89a 1982->1988 1983->1962 1983->1966 1985->1949 1989 146b868-146b86e 1985->1989 1986->1987 1990 146b97d-146b9a6 1986->1990 1991 146b9b4-146b9b7 1987->1991 1992 146b9d2 1987->1992 1989->1949 1994 146b870-146b872 1989->1994 1990->1984 1991->1978 1991->1979 1992->1980 1994->1971 1994->1977 1995 146ba19-146ba20 1997 146ba22-146ba27 1995->1997 1998 146ba2c-146ba4c 1995->1998 1999 146baf5-146bafc 1997->1999 2002 146ba87-146ba89 1998->2002 2003 146ba4e-146ba50 1998->2003 2006 146baf0 2002->2006 2007 146ba8b-146ba91 2002->2007 2004 146ba52-146ba57 2003->2004 2005 146ba5f-146ba66 2003->2005 2004->2005 2008 146baff-146bb2b call 146b3e0 2005->2008 2009 146ba6c-146ba85 2005->2009 2006->1999 2007->2006 2010 146ba93-146baae 2007->2010 2021 146bb2d-146bb37 2008->2021 2022 146bb39-146bb42 call 146b3e0 2008->2022 2009->1999 2015 146bae5-146bae7 2010->2015 2016 146bab0-146bab2 2010->2016 2015->2006 2020 146bae9-146baee 2015->2020 2018 146bab4-146bab9 2016->2018 2019 146bac1-146bac8 2016->2019 2018->2019 2019->2008 2023 146baca-146bae3 2019->2023 2020->1999 2021->2022 2028 146bb44-146bb4e 2022->2028 2029 146bb50-146bb5e call 146bb91 2022->2029 2023->1999 2028->2029 2031 146bb64-146bb8d 2029->2031 2034->1995 2035->1995 2036->1995
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4']q$4']q
                                            • API String ID: 0-3120983240
                                            • Opcode ID: 4c8bf06d8e0a7139e2c047cbbb99aea34b2e9ad90c62bee213e50c8fe9afcdd5
                                            • Instruction ID: 45cc06bd20e9afca3e146591c8de858dc9c7162a4481eac860c17ee03b496bbe
                                            • Opcode Fuzzy Hash: 4c8bf06d8e0a7139e2c047cbbb99aea34b2e9ad90c62bee213e50c8fe9afcdd5
                                            • Instruction Fuzzy Hash: 78D1D5317002458FCB11DF2DC8846AABFAAEF89314F148567E954CB366D731EC56C7A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2120 146bb91-146bbd0 2122 146bbd6-146bbe5 2120->2122 2123 146bcab-146bcc1 2120->2123 2126 146bbe7-146bbf0 2122->2126 2127 146bc0f 2122->2127 2130 146bcc4-146bcc6 2123->2130 2135 146bc06 2126->2135 2136 146bbf2-146bc04 2126->2136 2129 146bc14-146bc1c 2127->2129 2129->2123 2132 146bc22-146bc30 2129->2132 2133 146bdd1-146bddb 2130->2133 2134 146bccc-146bcd8 2130->2134 2142 146bc38-146bc45 2132->2142 2134->2133 2141 146bcde-146bced 2134->2141 2137 146bc0b-146bc0d 2135->2137 2136->2137 2137->2129 2148 146bd15 2141->2148 2149 146bcef-146bcf8 2141->2149 2143 146bdde-146bde8 2142->2143 2144 146bc4b-146bc60 call 14684d0 2142->2144 2151 146be3a-146be55 2143->2151 2152 146bdea-146bdff 2143->2152 2154 146bc62-146bc67 2144->2154 2155 146bc69 2144->2155 2153 146bd1a-146bd1c 2148->2153 2168 146bd0e 2149->2168 2169 146bcfa-146bd0c 2149->2169 2161 146be57-146be61 2151->2161 2162 146be63-146be97 2151->2162 2156 146be21-146be38 2152->2156 2157 146be01-146be20 call 1467f80 2152->2157 2153->2133 2158 146bd22-146bd26 2153->2158 2159 146bc6b-146bc6d 2154->2159 2155->2159 2156->2151 2164 146bd44-146bd67 2158->2164 2165 146bd28-146bd33 call 146b228 2158->2165 2166 146bc76 2159->2166 2167 146bc6f-146bc74 2159->2167 2161->2162 2164->2143 2191 146bd69-146bd7e call 14684d0 2164->2191 2165->2164 2183 146bd35-146bd42 2165->2183 2174 146bc7b-146bca1 call 14692e0 2166->2174 2167->2174 2176 146bd13 2168->2176 2169->2176 2174->2130 2187 146bca3-146bca9 2174->2187 2176->2153 2183->2164 2183->2165 2187->2130 2194 146bd87 2191->2194 2195 146bd80-146bd85 2191->2195 2196 146bd89-146bd8b 2194->2196 2195->2196 2197 146bd94 2196->2197 2198 146bd8d-146bd92 2196->2198 2199 146bd99-146bdbb call 14692e0 2197->2199 2198->2199 2202 146bdc3-146bdca 2199->2202 2203 146bdbd-146bdc0 2199->2203 2202->2133 2203->2202
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: 4']q$4']q
                                            • API String ID: 0-3120983240
                                            • Opcode ID: cb63911f5d9db877a114ebdb48d284029f97a2c3c044d98b80ca1891981deadb
                                            • Instruction ID: 17ccf2e80739f2d49884c8904804ed21a3deab51d5ee3d5295787e0b594fd834
                                            • Opcode Fuzzy Hash: cb63911f5d9db877a114ebdb48d284029f97a2c3c044d98b80ca1891981deadb
                                            • Instruction Fuzzy Hash: C2A1D1307042068FCB05CB6DC880ABEBBB9EF95304F1884ABD401CF366DA35D942CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2204 1468108-146812a 2205 1468140-146814b 2204->2205 2206 146812c-1468130 2204->2206 2209 14681f3-146821f 2205->2209 2210 1468151-1468153 2205->2210 2207 1468132-146813e 2206->2207 2208 1468158-146815f 2206->2208 2207->2205 2207->2208 2212 1468161-1468168 2208->2212 2213 146817f-1468188 2208->2213 2216 1468226-146827e 2209->2216 2211 14681eb-14681f0 2210->2211 2212->2213 2214 146816a-1468175 2212->2214 2288 146818a call 1468108 2213->2288 2289 146818a call 14680f8 2213->2289 2214->2216 2217 146817b-146817d 2214->2217 2236 1468280-1468286 2216->2236 2237 146828d-146829f 2216->2237 2217->2211 2218 1468190-1468192 2219 1468194-1468198 2218->2219 2220 146819a-14681a2 2218->2220 2219->2220 2223 14681b5-14681d4 call 1468b69 2219->2223 2224 14681a4-14681a9 2220->2224 2225 14681b1-14681b3 2220->2225 2230 14681d6-14681df 2223->2230 2231 14681e9 2223->2231 2224->2225 2225->2211 2286 14681e1 call 146d0b0 2230->2286 2287 14681e1 call 146d16d 2230->2287 2231->2211 2233 14681e7 2233->2211 2236->2237 2239 14682a5-14682a9 2237->2239 2240 1468333-1468335 2237->2240 2241 14682ab-14682b7 2239->2241 2242 14682b9-14682c6 2239->2242 2284 1468337 call 14684d0 2240->2284 2285 1468337 call 14684c1 2240->2285 2250 14682c8-14682d2 2241->2250 2242->2250 2243 146833d-1468343 2244 1468345-146834b 2243->2244 2245 146834f-1468356 2243->2245 2248 14683b1-1468410 2244->2248 2249 146834d 2244->2249 2264 1468417-146842e 2248->2264 2249->2245 2253 14682d4-14682e3 2250->2253 2254 14682ff-1468303 2250->2254 2262 14682e5-14682ec 2253->2262 2263 14682f3-14682fd 2253->2263 2255 1468305-146830b 2254->2255 2256 146830f-1468313 2254->2256 2259 146830d 2255->2259 2260 1468359-14683aa 2255->2260 2256->2245 2261 1468315-1468319 2256->2261 2259->2245 2260->2248 2261->2264 2265 146831f-1468331 2261->2265 2262->2263 2263->2254 2265->2245 2284->2243 2285->2243 2286->2233 2287->2233 2288->2218 2289->2218
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Haq$Haq
                                            • API String ID: 0-4016896955
                                            • Opcode ID: 48b7c9b43574d7560c4cb233a11b6f0fe7ffdb4ee600735cff4fc74d35d998e4
                                            • Instruction ID: 3bc6e540348fc922299c5364cb240871b1addabc2d699146f0aee6a9d359f4bd
                                            • Opcode Fuzzy Hash: 48b7c9b43574d7560c4cb233a11b6f0fe7ffdb4ee600735cff4fc74d35d998e4
                                            • Instruction Fuzzy Hash: 8991D0303007568FDB069F69D89866F7FE6BF89304F18846AE8458B3A5DB348C42C792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2290 1468668-1468675 2291 1468677-146867b 2290->2291 2292 146867d-146867f 2290->2292 2291->2292 2293 1468684-146868f 2291->2293 2294 1468890-1468897 2292->2294 2295 1468695-146869c 2293->2295 2296 1468898 2293->2296 2297 14686a2-14686b1 2295->2297 2298 1468831-1468837 2295->2298 2301 146889d-14688d5 2296->2301 2297->2301 2302 14686b7-14686c6 2297->2302 2299 146883d-1468841 2298->2299 2300 1468839-146883b 2298->2300 2303 1468843-1468849 2299->2303 2304 146888e 2299->2304 2300->2294 2320 14688d7-14688dc 2301->2320 2321 14688de-14688e2 2301->2321 2308 14686db-14686de 2302->2308 2309 14686c8-14686cb 2302->2309 2303->2296 2306 146884b-146884e 2303->2306 2304->2294 2306->2296 2310 1468850-1468865 2306->2310 2312 14686ea-14686f0 2308->2312 2313 14686e0-14686e3 2308->2313 2311 14686cd-14686d0 2309->2311 2309->2312 2327 1468867-146886d 2310->2327 2328 1468889-146888c 2310->2328 2315 14686d6 2311->2315 2316 14687d1-14687d7 2311->2316 2322 14686f2-14686f8 2312->2322 2323 1468708-1468725 2312->2323 2317 1468736-146873c 2313->2317 2318 14686e5 2313->2318 2324 14687fc-14687fe 2315->2324 2332 14687ef-14687f9 2316->2332 2333 14687d9-14687df 2316->2333 2325 1468754-1468766 2317->2325 2326 146873e-1468744 2317->2326 2318->2324 2329 14688e8-14688ea 2320->2329 2321->2329 2330 14686fc-1468706 2322->2330 2331 14686fa 2322->2331 2360 146872e-1468731 2323->2360 2346 1468807-1468809 2324->2346 2354 1468776-1468799 2325->2354 2355 1468768-1468774 2325->2355 2334 1468746 2326->2334 2335 1468748-1468752 2326->2335 2336 146887f-1468882 2327->2336 2337 146886f-146887d 2327->2337 2328->2294 2338 14688ff-1468906 2329->2338 2339 14688ec-14688fe 2329->2339 2330->2323 2331->2323 2332->2324 2340 14687e3-14687ed 2333->2340 2341 14687e1 2333->2341 2334->2325 2335->2325 2336->2296 2343 1468884-1468887 2336->2343 2337->2296 2337->2336 2340->2332 2341->2332 2343->2327 2343->2328 2351 146881d-146881f 2346->2351 2352 146880b-146880f 2346->2352 2358 1468823-1468826 2351->2358 2352->2351 2357 1468811-1468815 2352->2357 2354->2296 2366 146879f-14687a2 2354->2366 2364 14687c1-14687cf 2355->2364 2357->2296 2361 146881b 2357->2361 2358->2296 2362 1468828-146882b 2358->2362 2360->2324 2361->2358 2362->2297 2362->2298 2364->2324 2366->2296 2368 14687a8-14687ba 2366->2368 2368->2364
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ,aq$,aq
                                            • API String ID: 0-2990736959
                                            • Opcode ID: af9ee3c3c42a376438faa15aa6ac2cb14d3c066c59f4e53dc1d4aaa01cdbc71e
                                            • Instruction ID: 3ef22cb1f7aba74dc77ff493be820322d1733a2c7dbf1d023c1db6baba37d407
                                            • Opcode Fuzzy Hash: af9ee3c3c42a376438faa15aa6ac2cb14d3c066c59f4e53dc1d4aaa01cdbc71e
                                            • Instruction Fuzzy Hash: 17918C34A002078FCB14CF6DD88496ABBBAFF89309B15856AD5059B375DB35EC41CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2370 1465c68-1465c81 2372 1465c92-1465c9a 2370->2372 2373 1465c83-1465c85 2370->2373 2376 1465c9c-1465caa 2372->2376 2374 1465c87-1465c89 2373->2374 2375 1465c8b-1465c90 2373->2375 2374->2376 2375->2376 2379 1465cc0-1465cc8 2376->2379 2380 1465cac-1465cae 2376->2380 2383 1465ccb-1465cce 2379->2383 2381 1465cb7-1465cbe 2380->2381 2382 1465cb0-1465cb5 2380->2382 2381->2383 2382->2383 2385 1465ce5-1465ce9 2383->2385 2386 1465cd0-1465cde 2383->2386 2387 1465d02-1465d05 2385->2387 2388 1465ceb-1465cf9 2385->2388 2386->2385 2392 1465ce0 2386->2392 2390 1465d07-1465d0b 2387->2390 2391 1465d0d-1465d42 2387->2391 2388->2387 2398 1465cfb 2388->2398 2390->2391 2394 1465d44-1465d5b 2390->2394 2399 1465da4-1465da9 2391->2399 2392->2385 2396 1465d61-1465d6d 2394->2396 2397 1465d5d-1465d5f 2394->2397 2400 1465d77-1465d81 2396->2400 2401 1465d6f-1465d75 2396->2401 2397->2399 2398->2387 2403 1465d89 2400->2403 2404 1465d83 2400->2404 2401->2403 2406 1465d91-1465d9d 2403->2406 2404->2403 2406->2399
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Xaq$Xaq
                                            • API String ID: 0-1488805882
                                            • Opcode ID: 6fa378ed3f1067d040b5ece10f8fe29e91bf9d88bdb5643041878bf094e4a64c
                                            • Instruction ID: 92069429e5aec265163f9406147c0deaa4230391bbbaa1627845dcd6d50a4b1b
                                            • Opcode Fuzzy Hash: 6fa378ed3f1067d040b5ece10f8fe29e91bf9d88bdb5643041878bf094e4a64c
                                            • Instruction Fuzzy Hash: 3331B4317003158BEB185E6E999827F66EEBFC4298F14453BD907CB3E8DB74C8478652
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2409 146f9d8-146f9e7 2411 146f9ed-146fa00 2409->2411 2412 146f9e9-146f9eb 2409->2412 2415 146fa02-146fa0c 2411->2415 2416 146fa3e-146fa51 2411->2416 2413 146fa3b-146fa3d 2412->2413 2415->2416 2417 146fa0e-146fa38 2415->2417 2420 146fa65-146fa81 call 146f9d8 2416->2420 2421 146fa53-146fa61 2416->2421 2417->2413 2427 146fa83-146fa96 2420->2427 2428 146facb-146fb2a 2420->2428 2421->2420 2431 146fb31-146fb41 2427->2431 2432 146fa9c-146faa6 2427->2432 2428->2431 2436 146fb55 2431->2436 2437 146fb43-146fb52 2431->2437 2432->2431 2434 146faac-146faca 2432->2434 2440 146fb57-146fb68 call 1468430 2436->2440 2441 146fb7f-146fb90 call 1468430 2436->2441 2437->2436 2448 146fb74-146fb7d 2440->2448 2449 146fb6a 2440->2449 2451 146fb92 2441->2451 2452 146fb9c-146fb9e 2441->2452 2454 146fba5-146fba8 2448->2454 2455 146fb72 2449->2455 2453 146fb9a 2451->2453 2452->2454 2453->2454 2455->2454
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Haq
                                            • API String ID: 0-725504367
                                            • Opcode ID: 50a049daa3007165b17d86e400e6c2901edcafa9da6a26f56fdb604700d0a3dd
                                            • Instruction ID: ed90cb8737027fbea3053b99e0916e17accd67c105f2ed83505887c7b9ea00e4
                                            • Opcode Fuzzy Hash: 50a049daa3007165b17d86e400e6c2901edcafa9da6a26f56fdb604700d0a3dd
                                            • Instruction Fuzzy Hash: 934106307052158FDB0A6B79946433E3BAA9FD1608F1480AFC4068B3E6EE348D0B8397
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 2459 14671ba-1467273 call 14661c8 call 1464a10 2476 1467371-1467397 2459->2476 2477 1467279-146728a 2459->2477 2484 14673bc-14673d1 2476->2484 2485 1467399-14673a3 2476->2485 2521 146728c call 14677f0 2477->2521 2522 146728c call 1467828 2477->2522 2479 1467292-1467296 2481 14672ad-14672ea call 1463b88 2479->2481 2482 1467298-146729f 2479->2482 2508 14672ec-14672f7 2481->2508 2509 1467329-146734d 2481->2509 2482->2476 2483 14672a5 2482->2483 2483->2481 2493 14673d2-14673e7 2484->2493 2487 14673a5-14673b6 call 1463578 2485->2487 2488 14673b8-14673bb 2485->2488 2487->2488 2494 146740c-1467420 2493->2494 2495 14673e9-14673f3 2493->2495 2494->2493 2503 1467422-14674a4 2494->2503 2497 14673f5-1467406 call 1463578 2495->2497 2498 1467408-146740b 2495->2498 2497->2498 2512 146730f-1467327 2508->2512 2513 14672f9-14672ff 2508->2513 2517 146734f 2509->2517 2518 1467358 2509->2518 2512->2508 2512->2509 2515 1467303-1467305 2513->2515 2516 1467301 2513->2516 2515->2512 2516->2512 2517->2518 2518->2476 2521->2479 2522->2479
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PH]q
                                            • API String ID: 0-3168235125
                                            • Opcode ID: 99d9827daae3a886e782bb462defad4b5acc4a0be91603ef45ca2d85a8f07086
                                            • Instruction ID: 111dcd1c79699462ae9827dc1cee4dfcccbc75fd1e914101827be7f52c620750
                                            • Opcode Fuzzy Hash: 99d9827daae3a886e782bb462defad4b5acc4a0be91603ef45ca2d85a8f07086
                                            • Instruction Fuzzy Hash: A151E230B002058FDB149F79D8587AE7BEAAF89704F148469E805EB3A5DF34DC85CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (o]q
                                            • API String ID: 0-794736227
                                            • Opcode ID: 49b25f6197ed22b4b5f5061e692201852edef77be7a7981e7a4aa67d1716cc5b
                                            • Instruction ID: 01e814221adad240189a4ca5bc8ebcd86ac9283136bb5a172899a676b30c1237
                                            • Opcode Fuzzy Hash: 49b25f6197ed22b4b5f5061e692201852edef77be7a7981e7a4aa67d1716cc5b
                                            • Instruction Fuzzy Hash: DF410231B046458FC715AF79E8546AE7FBAAFCD610F1840AAD906DB3A5CE349C02CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: d8bq
                                            • API String ID: 0-3484500975
                                            • Opcode ID: aa7edda33634467602f91051e64c065544b61c02a46ed4896be72e843ef082ad
                                            • Instruction ID: e0ed40b8187a0141b75a5b9af039465b9ad9569dadfa88df2882c14c14ba4562
                                            • Opcode Fuzzy Hash: aa7edda33634467602f91051e64c065544b61c02a46ed4896be72e843ef082ad
                                            • Instruction Fuzzy Hash: 0A11EB302047414FC72A973DD864B6B7FE99F82315F08456AD086873B6DB78D809C792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (o]q
                                            • API String ID: 0-794736227
                                            • Opcode ID: 5ba29552ea00100dded3abee446a0d5da6227ae596a5dbd7ee5cb9fb80dcb372
                                            • Instruction ID: 9c1fddfbc94303bff1a447d38206ce14d97e80285c2a9d6cdc99155bb8332226
                                            • Opcode Fuzzy Hash: 5ba29552ea00100dded3abee446a0d5da6227ae596a5dbd7ee5cb9fb80dcb372
                                            • Instruction Fuzzy Hash: FD11E0217053120FC7169ABD9D20A6F7FDE9F8A25870408AA9648CB3B5EE74CC01C7A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 43dc66e301da891c9644ad6da8955861909b7354acbbe4ab8b990c472af60c14
                                            • Instruction ID: 14d2b0766f2f1abbc05daf34b6a2a147a43127e0c169df17969a84067f300f3a
                                            • Opcode Fuzzy Hash: 43dc66e301da891c9644ad6da8955861909b7354acbbe4ab8b990c472af60c14
                                            • Instruction Fuzzy Hash: 2DF12C71F006158FCB05CFA9D9849AEBBFABF98314B19805AE559AB371C730EC81CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1a7131ca998f2927f169ff43f5ba73af245beeb1c4fae99e0ae169eb928ca38b
                                            • Instruction ID: e61d7c614559bc94c2236212cb7ad5641bc4600669944d4b730992df4ae616cd
                                            • Opcode Fuzzy Hash: 1a7131ca998f2927f169ff43f5ba73af245beeb1c4fae99e0ae169eb928ca38b
                                            • Instruction Fuzzy Hash: FBD134346202018FD725AB68E81E76D7FB6FB84746F54882AF906872B1CF35AC49CB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7fb5427efe5bcfacc138522788bd4faada357f8fd4d684b3ebf055cb2302d5d4
                                            • Instruction ID: 6830d41788e94b9167ce8fcc493f916ff5e8837b5e7df55567c3f61b256248a5
                                            • Opcode Fuzzy Hash: 7fb5427efe5bcfacc138522788bd4faada357f8fd4d684b3ebf055cb2302d5d4
                                            • Instruction Fuzzy Hash: FF714B35B052459FC7119BBCE8645BF7FBAEF96200B1840ABD845D73A2CE305D0AC762
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 757edbc85e42352bee334f675984370b5e085a52b831c62dcaead2931fa177dc
                                            • Instruction ID: 7415f5c7ce756ec3089f7dedde11c634772f315b37cd9408048655e8497851fe
                                            • Opcode Fuzzy Hash: 757edbc85e42352bee334f675984370b5e085a52b831c62dcaead2931fa177dc
                                            • Instruction Fuzzy Hash: 1D81F171B012569FEB109B78D80876E7BF6EF84710F1484B9E549DB3A2DA34DC42C791
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6badab53d6fe0633cd7e2b756ca6bd6463aa88a67ba2832ff3da8e579b517b34
                                            • Instruction ID: 6d3739336ac7c4c5a1229b4be3849336c7bce7247d13b83ec95673dbc2938c2d
                                            • Opcode Fuzzy Hash: 6badab53d6fe0633cd7e2b756ca6bd6463aa88a67ba2832ff3da8e579b517b34
                                            • Instruction Fuzzy Hash: 1291E371A00259DFCF05CFA8C884AEEBFB6FF89304F048166E845AB365D730A955CB95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 13932ab04aae669f44b27d6d4a4066376787846ac309136c1750ee7dfa54d3ba
                                            • Instruction ID: 3a4c0635d85421d41d8805d01d936636a48ab54ace31e6c4eb2a4b74d89d94f4
                                            • Opcode Fuzzy Hash: 13932ab04aae669f44b27d6d4a4066376787846ac309136c1750ee7dfa54d3ba
                                            • Instruction Fuzzy Hash: AD713D74700A058FDB15DF2CC498AAE7BE9AF49308F1540AAE906DB3B1DB75DC41CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d4e419c3eeadae76f878773a6245db5b95ab47515359835ee41dfbd857016ea6
                                            • Instruction ID: 0ceb63cd7074934110f46ef000e967fa00e4ecdcb3b3891f3bbe6b0c7a97ab66
                                            • Opcode Fuzzy Hash: d4e419c3eeadae76f878773a6245db5b95ab47515359835ee41dfbd857016ea6
                                            • Instruction Fuzzy Hash: 99718274A00209CFCB15EFB4F58D9DC7FBAFF89341B105A25E81A9A228EB385945CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d49ccf53c83e1b7b3328718be297fe3ddec70ab4e11bea89ed0d86ec538be964
                                            • Instruction ID: bbdec2d1c2a76ab3894abf5cf2130c913204f19cfe7d4e4f8ba004b3c7ceb435
                                            • Opcode Fuzzy Hash: d49ccf53c83e1b7b3328718be297fe3ddec70ab4e11bea89ed0d86ec538be964
                                            • Instruction Fuzzy Hash: FB519E34A003018FD725AB79E458B6A7BF6EF88340F54842AE9078B3B5DF759C86CB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 97766fb92a6be5312cfcde00ad1e244df5cd2884d154e7e1b524224f63cde633
                                            • Instruction ID: 8c4588df53bca47a80d6acbc53d4f1cad50c1d0b7cf0322bf10bc74cc67397d4
                                            • Opcode Fuzzy Hash: 97766fb92a6be5312cfcde00ad1e244df5cd2884d154e7e1b524224f63cde633
                                            • Instruction Fuzzy Hash: 7951D074A083859FC702CF78D8549AABFB5EF86314B1981EBD444CB3A7E6389D42CB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bc697774c6ba6db187653688eed5f39c771ee5ff6068ce0008d30f8b1f040fe1
                                            • Instruction ID: fd1e273f6e14146184a40ce8f091221ff365be6d172917c15cec5c417542a85a
                                            • Opcode Fuzzy Hash: bc697774c6ba6db187653688eed5f39c771ee5ff6068ce0008d30f8b1f040fe1
                                            • Instruction Fuzzy Hash: C7419030E102059FEB54EBA9C9187ADBBF6EF88300F05846AD406DB295DF74EC45CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 39dd9b351c9e504d8ee14dc1dff4d18a6ab5840e952958e38017089e389ab5fa
                                            • Instruction ID: 1e82a9ae0ad559fe5d9573c6a04d16f35985ff4a5933e3c13a3473786f9bc222
                                            • Opcode Fuzzy Hash: 39dd9b351c9e504d8ee14dc1dff4d18a6ab5840e952958e38017089e389ab5fa
                                            • Instruction Fuzzy Hash: 9A410831A04259DFCF12CFA8CC84ADEBFB6AF49314F048056E985DB261D330E910CBA6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b0b655ade82bdac077aa943ca2d7c3b6412dc324d03092551827c8385573c343
                                            • Instruction ID: 5f8a55c370a4dbeede9edf5484d7dc4a47c95d82aa3f6933b3776a9bbf2c754c
                                            • Opcode Fuzzy Hash: b0b655ade82bdac077aa943ca2d7c3b6412dc324d03092551827c8385573c343
                                            • Instruction Fuzzy Hash: 6941CC30E103059FEB54AFA8D80876DBBF2EB84704F05846AE4469B2A5DF74DC4ACB81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 17800a4cbb21dfc1579a751c09662df00f7e8241c9af175d8775b1d37838423f
                                            • Instruction ID: 89bd2cf4a5db7c2e4159a13800c9bad42f04109199d48bccf0dfc4e2c66a2733
                                            • Opcode Fuzzy Hash: 17800a4cbb21dfc1579a751c09662df00f7e8241c9af175d8775b1d37838423f
                                            • Instruction Fuzzy Hash: 1C41AC30E053059FEB94DFA9C8087ADBBF6FB84304F05846AD406DB2A5DB749C46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c0a3354cb3fd22dc8f26268bff1d85331f434cd0ab3696421f9d3d53bbfd772
                                            • Instruction ID: 7917b720483b0ea7ef53e39d548f06ba8d39f9f892bb6d88634f113f52d9a104
                                            • Opcode Fuzzy Hash: 7c0a3354cb3fd22dc8f26268bff1d85331f434cd0ab3696421f9d3d53bbfd772
                                            • Instruction Fuzzy Hash: A5417C30E102059FEB649FA8C9497ADBBF6FB88304F148469D406DB2A5DB74EC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dfed5a4e787e7bd080b13a6d5cad82f8d496ded0b15006da90b3b846ebb14315
                                            • Instruction ID: 18c3799e8344083bee659e129dc552e228848b4211de6587bb123deeaf945b55
                                            • Opcode Fuzzy Hash: dfed5a4e787e7bd080b13a6d5cad82f8d496ded0b15006da90b3b846ebb14315
                                            • Instruction Fuzzy Hash: 0E41B431604245DFCB168F68D844BAB7BBAEF49318F04886AE4459B262D7B4DC45CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d384e2c9e3742fee79c15a546470e5c66ea912e4feb882233d85a2e5bf7e0d7e
                                            • Instruction ID: 59fdc460b02669f8ce3d308bd8d80dddbf0097299bcdf4b4dffe19342d44e1e8
                                            • Opcode Fuzzy Hash: d384e2c9e3742fee79c15a546470e5c66ea912e4feb882233d85a2e5bf7e0d7e
                                            • Instruction Fuzzy Hash: 6D41AD34A003018FD724AF79E858B6A7BF6EF88340F54842AE9068B3B5DF359C85CB41
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cee55fe2f7536d532f6f576a8b388d1f56a8ed9195b4abb5689ac73c03b7b7cf
                                            • Instruction ID: ad1943ee3924394fa4c9ffd4dc5ab2b4a652251baf11c9830d8112974fcef446
                                            • Opcode Fuzzy Hash: cee55fe2f7536d532f6f576a8b388d1f56a8ed9195b4abb5689ac73c03b7b7cf
                                            • Instruction Fuzzy Hash: 8441AF30E113099FEB64DFA9C5587ADBBF2EB84304F048469D405DB2A4DB74EC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b1a52a92f4af07a9d2140e2062330bb519ef6beb1ae2b2161aac5339f09fc2bb
                                            • Instruction ID: 4970475e6daf6795e5455eb1e00dc7e42369dcdf47cea7ebdb0cc529069365fb
                                            • Opcode Fuzzy Hash: b1a52a92f4af07a9d2140e2062330bb519ef6beb1ae2b2161aac5339f09fc2bb
                                            • Instruction Fuzzy Hash: 97418C31E102069FEB549FA8C8587ADBBF2EB84314F188469D406DB2E5DB74EC45CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7fd40581ff51c9e7d30f937547cd3b98d42a3f2b140eb2dbac01010dd2c99c50
                                            • Instruction ID: b8821c5c646887bfbdb646c118eae3c74eb1550935724c53ca3a34657f8925be
                                            • Opcode Fuzzy Hash: 7fd40581ff51c9e7d30f937547cd3b98d42a3f2b140eb2dbac01010dd2c99c50
                                            • Instruction Fuzzy Hash: 32416D30E102059FEB54DFA9D9487A9BBF6EB84304F14846AD40A9B2A4DF74EC45CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 524dc202eb389a557892661e2ee0db3d09fc9649be8130eaf065f2c545507d0e
                                            • Instruction ID: 410d96df9163b0b3ecd9d70c190db3a9a36c41f96960946c15c1f69bb862a9a6
                                            • Opcode Fuzzy Hash: 524dc202eb389a557892661e2ee0db3d09fc9649be8130eaf065f2c545507d0e
                                            • Instruction Fuzzy Hash: EA418A30E002059FEB54DFA8C9587ADBBF2EF88304F15846AD406DB2A5DB74EC46CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d5991748e502be2d954b5b35905d2687d2d38bfe3da6734e92fc77b3255b7f09
                                            • Instruction ID: cd2ec33b0f5880621619d2a68fe1475f0b498c33f4b99319a11b75fff837f3ac
                                            • Opcode Fuzzy Hash: d5991748e502be2d954b5b35905d2687d2d38bfe3da6734e92fc77b3255b7f09
                                            • Instruction Fuzzy Hash: 5B411C357106018FCB18DF3DC8A4A6A7BF9AF49658B1A00AAE516CB3B1DB75DC01CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: eaa896555c07d25517c66718d9c7baf46d9829aceec71cee985d4856f7a63b41
                                            • Instruction ID: 4811f9514ef32fa0fd142a021b490e1b2119b0dd94166127799b5a4e9c6d4b7b
                                            • Opcode Fuzzy Hash: eaa896555c07d25517c66718d9c7baf46d9829aceec71cee985d4856f7a63b41
                                            • Instruction Fuzzy Hash: F431D431B002519FEB01AB79E81C3AE7BE6EF94644F05447AD845D73A5DF38CC0587A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9e756c4f9c620d0429b97c1975c3fb9218c12eeb28e947b660fb00009bf7221e
                                            • Instruction ID: 7b1d43b02620cb91b27e10d805ae3d4e3644598b157f10680dcfff75d801f48b
                                            • Opcode Fuzzy Hash: 9e756c4f9c620d0429b97c1975c3fb9218c12eeb28e947b660fb00009bf7221e
                                            • Instruction Fuzzy Hash: 2E31AD75B102518FCB14EF78D49885EBBEBAFAC26532544AAE406DB375CE34DC02CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 31f9bed833ccfe4ce7fdda7797bb90ed9e9723e69e63583a8e89bdb874e64801
                                            • Instruction ID: 35e4baf19bf1d4113dd9fd2752452a678714808addc1dfffe583715985960b74
                                            • Opcode Fuzzy Hash: 31f9bed833ccfe4ce7fdda7797bb90ed9e9723e69e63583a8e89bdb874e64801
                                            • Instruction Fuzzy Hash: 85315E71E002159BEF64AFA8C5597BDBBF6FF88301F048429D406E72A4DB74D845CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 627d5e0a07acec57d5c8ccc0162f8198afd721dbe5b3161c8708d04f5407785b
                                            • Instruction ID: 7c83288d320de8ebb05e91fe5aed70b7985f3b82e5c85e436553340966edff1e
                                            • Opcode Fuzzy Hash: 627d5e0a07acec57d5c8ccc0162f8198afd721dbe5b3161c8708d04f5407785b
                                            • Instruction Fuzzy Hash: 76319171E002158BEB64EFA9C9187ADBBF5FF84300F04842AD406DB294DB75EC45CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8e798c3c816c20e405b4a288ee94516377c8e581de06d025a475ae5e735bac62
                                            • Instruction ID: 85abaf55d64eb9f6a78560f55dcb5924a05205397e483f7449c5adcae498494c
                                            • Opcode Fuzzy Hash: 8e798c3c816c20e405b4a288ee94516377c8e581de06d025a475ae5e735bac62
                                            • Instruction Fuzzy Hash: E8317F71E012199BEB64EFB8C5587ADBBF2EF84300F048429D406AB2A4DB74AC45CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 021e60e4facfe87ed848ca524aebb6a33ce57a74563bc1934081b8aa3a94cc99
                                            • Instruction ID: a68457a683444c1a2d4165d7244af3ff2c53a64f62c6e47658635e20e7374493
                                            • Opcode Fuzzy Hash: 021e60e4facfe87ed848ca524aebb6a33ce57a74563bc1934081b8aa3a94cc99
                                            • Instruction Fuzzy Hash: 42319E70E00215CBEF64EFA8C9187ADBBF2EF84300F14852AD406A72E4DB74D885CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 03f95217b8e9c7614d1fd218a726b8dc4a904475817a1dac136234ce98d2b5a3
                                            • Instruction ID: c4b5eb803befb42995e7d7665d6aaeb7ff3479223995a2329f7904a4927d6c20
                                            • Opcode Fuzzy Hash: 03f95217b8e9c7614d1fd218a726b8dc4a904475817a1dac136234ce98d2b5a3
                                            • Instruction Fuzzy Hash: F4317F71E00615DBEB64AFB9C9487ADBBF6FF84304F04842AD406972A4DF74E885CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 22021531b4b4744dd59457f190c9f0cd2c0b529b5c9dfe844e2d8d2b36ebc0ea
                                            • Instruction ID: e64e7229b5fa5a616208aedb54a7a3978dc507273f830e693287a2886f10fc83
                                            • Opcode Fuzzy Hash: 22021531b4b4744dd59457f190c9f0cd2c0b529b5c9dfe844e2d8d2b36ebc0ea
                                            • Instruction Fuzzy Hash: A4318071E002159BEB64EFA8D5587ADBBF6FF84300F00846AD4069B3A4DF74AC45CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d34677d86af00f98b7c6a8280e36d488adb9ce3273d2955935a44c1dc8c1d8ab
                                            • Instruction ID: 7ce9e940727df18107e06618d7a20fe958b8049179405227ffaa3e798fa35edc
                                            • Opcode Fuzzy Hash: d34677d86af00f98b7c6a8280e36d488adb9ce3273d2955935a44c1dc8c1d8ab
                                            • Instruction Fuzzy Hash: 48318071E002159BEB64EFB8C5587ADBBF2FF88300F14842AD4069B2A4DF74E845CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5fa77397bb30756263cd24a11701584cc32bc9caaf910f76f3d934a0dbc9c4a0
                                            • Instruction ID: 9f9f8f6ef5c2f479ad3ba5ea86190626a899a2ab9b518569a1d767aa5f762481
                                            • Opcode Fuzzy Hash: 5fa77397bb30756263cd24a11701584cc32bc9caaf910f76f3d934a0dbc9c4a0
                                            • Instruction Fuzzy Hash: B3319C71E102059BEF64EFA8C9587ADBBF2FF88300F05842AD406A72A4DB749845CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2b369f747be3f4fe7d639e1be12de24610685461639661993abb5489c1b544ef
                                            • Instruction ID: 4029b4f638b8c95b9adc45baa44b8ff609c942a81715ca9938c14aea6c66fd67
                                            • Opcode Fuzzy Hash: 2b369f747be3f4fe7d639e1be12de24610685461639661993abb5489c1b544ef
                                            • Instruction Fuzzy Hash: 0431B53170550A9FDB069FA9E85496F3FA6FB48309F00402AF9558B3A4CB39CC66DB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b1b828e7f9c7abb601b46549dc123d4d252fdf2a4e29cd98011a4ef61f41a227
                                            • Instruction ID: 3c277af080bb287bae3285f5097449be2e8a8d0cb33c41bd7d81ecf08b166f25
                                            • Opcode Fuzzy Hash: b1b828e7f9c7abb601b46549dc123d4d252fdf2a4e29cd98011a4ef61f41a227
                                            • Instruction Fuzzy Hash: E4317C74E102059BDB54EFB9C9487BDBBF2EF88300F04846AD406AB294DBB4A845CBD1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 117e760c18112f66a1be5d5fb168025bb2ba4d0ad7e1c1bd468121842ccd8397
                                            • Instruction ID: 23d9d48cb2dcb930fdeabde0f2860d530926d0f38004e6c2542fbe582a8de0a5
                                            • Opcode Fuzzy Hash: 117e760c18112f66a1be5d5fb168025bb2ba4d0ad7e1c1bd468121842ccd8397
                                            • Instruction Fuzzy Hash: 62318235A002068FDB15CF68E85567F7BB6FF84305F14842AE946D73A1DB34AC4ACB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2f2ff01c63a81053dbd1a029f189bb0aefdd5f4be1aa14f6ff4ff5893e74fac0
                                            • Instruction ID: 81c629905870eba4b7457045a4a1834b8805e915c492d4ee8b5f215cf2379eb1
                                            • Opcode Fuzzy Hash: 2f2ff01c63a81053dbd1a029f189bb0aefdd5f4be1aa14f6ff4ff5893e74fac0
                                            • Instruction Fuzzy Hash: E331AC75B102118FCB14EF79D44881EBBEBAFAC66532144AAE406DB375CE31DC02CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2a0a0d1115066e84f5ec3de66bc8d2bc4fec43363b148075730b357294a6f41f
                                            • Instruction ID: f94a8c332bdedfce33fd074001124feed579728fee258e6c551e1d5bb1ad3b1a
                                            • Opcode Fuzzy Hash: 2a0a0d1115066e84f5ec3de66bc8d2bc4fec43363b148075730b357294a6f41f
                                            • Instruction Fuzzy Hash: 37318D70E002159BEB54DFA9C9487ADBBF6FF88304F048129D406DB2A4DBB5EC45CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8734ba182ea84222738ee8892096b52f1a0820dcffeee7134d05e7024ae13345
                                            • Instruction ID: 6b9f43a27aa84249099b27fc51b7323d8e139f2b7fcd52c4aafb292e015213da
                                            • Opcode Fuzzy Hash: 8734ba182ea84222738ee8892096b52f1a0820dcffeee7134d05e7024ae13345
                                            • Instruction Fuzzy Hash: A831AD34600202CFD724DF64E869BAE7FF6FB48344F64842AE542972B0CB319C89CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c85f0fc83dcfa4f315a126c29e6fee0feddb5a37feac09abdabc0747858e6e41
                                            • Instruction ID: 7de5f56a57368b83a8f72010af5a8a5d8bede4b05f7aa3d567c523c0b54ae372
                                            • Opcode Fuzzy Hash: c85f0fc83dcfa4f315a126c29e6fee0feddb5a37feac09abdabc0747858e6e41
                                            • Instruction Fuzzy Hash: 144116B4155242CFC3226F74FD6D1983FB0FF1231AB1A4AB2E19AC507ECB280856CB65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 54cbbd4f6e6cf8a41286694b90865aab564ee5630a3d41a8c805f5194bac2a29
                                            • Instruction ID: 9793c152714b8aba110458566972fe6663f22456b91ec645f78c65d200b2ed9a
                                            • Opcode Fuzzy Hash: 54cbbd4f6e6cf8a41286694b90865aab564ee5630a3d41a8c805f5194bac2a29
                                            • Instruction Fuzzy Hash: EF21D330344A218BDB195B6DC85867F368FAFC465CF24403AD502DB3A5EE3ACC429783
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fda87cc585609a121e44522baed36d3bdde41b7ce1f41469a36a8ac9e393840c
                                            • Instruction ID: 4ae5baeae588084ab129cfebf204a31f4e0aa4070d1910d1958f0c97e87d8875
                                            • Opcode Fuzzy Hash: fda87cc585609a121e44522baed36d3bdde41b7ce1f41469a36a8ac9e393840c
                                            • Instruction Fuzzy Hash: 76318370F005068FCB04CFA9C8849AEBBFABF89714B14815AE5559B3B1C7349C41CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e827af6a7a9ef2e15eb4e0cb910f96c531cb9d5cdcd95aa8a2c0e4df2fb09234
                                            • Instruction ID: c2393afc939507c75192f294ba4abd898624b1807d02b99fdd194a1b537e0264
                                            • Opcode Fuzzy Hash: e827af6a7a9ef2e15eb4e0cb910f96c531cb9d5cdcd95aa8a2c0e4df2fb09234
                                            • Instruction Fuzzy Hash: 0F31E33160A25A9FD702DF7CE854A9A3FA4EF45319F04406BE445CB3A2CB38CC56CB96
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: afd3f5179dc8eb0e0cdc933a350bdf54072a9466fd1aa12d5595c379b74cbd07
                                            • Instruction ID: 1b121dd45a59a53764b2636436dfeae8a485264456f2f70a8468812d0ac26595
                                            • Opcode Fuzzy Hash: afd3f5179dc8eb0e0cdc933a350bdf54072a9466fd1aa12d5595c379b74cbd07
                                            • Instruction Fuzzy Hash: 5B21F535344A218BDB1A577D985463E36DEAFC565CB24403BD502DB3B6EA3ACC02D783
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6044e5e4a437c1a5100eb0c328c7b4b0b577babea003893acf321a84a51e5f15
                                            • Instruction ID: e528bb762a5c194d2a49181f5c7276c7992d3d47c003f6918b6d7def652124b8
                                            • Opcode Fuzzy Hash: 6044e5e4a437c1a5100eb0c328c7b4b0b577babea003893acf321a84a51e5f15
                                            • Instruction Fuzzy Hash: FC21A135701B128FC7269E29D85492FBBA6FF89755705417AD906CB368CF34DC028B82
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2402886473.0000000006D00000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D00000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_6d00000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4ae414dcf2c28ad4fdac0fb9405d6f56f629627993954816112389224292d872
                                            • Instruction ID: d2d58f158ce7996e0b7c13551ee04bdf26f9f69dc6c7f33c2f961cf5de55f9be
                                            • Opcode Fuzzy Hash: 4ae414dcf2c28ad4fdac0fb9405d6f56f629627993954816112389224292d872
                                            • Instruction Fuzzy Hash: C121C531B002259BEF04AF75E8183AE76A6EF94654F044539D806D73E4EF38DC068BD2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 981be7846aad4c53c4d1f65dd5be030491e0aa457998f68ff9d84be21bf5c691
                                            • Instruction ID: 0e70c222af671faf2bc90a9bc487a7c9153b247c40d6428d9349dc80f83cdc83
                                            • Opcode Fuzzy Hash: 981be7846aad4c53c4d1f65dd5be030491e0aa457998f68ff9d84be21bf5c691
                                            • Instruction Fuzzy Hash: A021A135B00115AFCF14DF68D4409AF77A9EB99268B58811AD80D8B390DB34EE46CBD2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 986092e6dff11945b5ea4606491fa5a7c0d98520e3454cfb465ea12c14441208
                                            • Instruction ID: 4a485d7a00443f5fb536ea7c517c95a14734413b748ced4cbafc507783107e42
                                            • Opcode Fuzzy Hash: 986092e6dff11945b5ea4606491fa5a7c0d98520e3454cfb465ea12c14441208
                                            • Instruction Fuzzy Hash: 4331F8321216069BCB023B7CFE1F12C7F66FF61A4BB108835F80686671DF31A84A8B51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8519917e4fe1795f74baf6fa2204551f63b03262b1666ac286046032c5f2a354
                                            • Instruction ID: 6485eb145745c1df4f3676b6b07ea3c184d7980be75cb356a6e412f1ed21d680
                                            • Opcode Fuzzy Hash: 8519917e4fe1795f74baf6fa2204551f63b03262b1666ac286046032c5f2a354
                                            • Instruction Fuzzy Hash: 4331E434A40341DFDB29DF28D868B6A7FF5FF88304F14846AE542AB2B5CB749845CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399617824.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_140d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 66ae364c2f6dc88430f585d766092cf92fd16b49da47a8d9885d8bb26a65165e
                                            • Instruction ID: cc4e60bb3e9341b3fd16a3701788cb3dfdac0d68e0df075d012ec82fcdd268c4
                                            • Opcode Fuzzy Hash: 66ae364c2f6dc88430f585d766092cf92fd16b49da47a8d9885d8bb26a65165e
                                            • Instruction Fuzzy Hash: 3E21F471900244DFDB06DF99D9C0B57BF65FB88314F21C57AE9090A2A6C33AE45AC6A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399617824.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_140d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9d2f9cc0d5caaf350ccebff1160a2014f877af4216743dbb3c6928c1e35c109d
                                            • Instruction ID: 150b6055da36c8edaa235f29ccb5b3a934a5d087824cbf4a1404a2026a67e692
                                            • Opcode Fuzzy Hash: 9d2f9cc0d5caaf350ccebff1160a2014f877af4216743dbb3c6928c1e35c109d
                                            • Instruction Fuzzy Hash: 6221F771904204DFDB06DF99D580F27BF65FB88318F20857AED050A2A6C33BD41ACAA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 77ca4fef052e5cc56e2ce751f48d6c0f51fc6a0722583608802ed09a6afef3f0
                                            • Instruction ID: 80c3d78f2dad287d84bb3ef51925c8cc2f5cfacf209e3e47a2ad8d0eeb5e2c60
                                            • Opcode Fuzzy Hash: 77ca4fef052e5cc56e2ce751f48d6c0f51fc6a0722583608802ed09a6afef3f0
                                            • Instruction Fuzzy Hash: 1731FA31131606DBCB027B6CFE1F12C7F66FB61A4BB108825F80282671DF31A84A8B11
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 90f3ff50019463b3abce0930983e1d2f6dfab858dc649046eb07275c8b06ad65
                                            • Instruction ID: 507ba0596e182853398535ed420d91fdf4202118860e70cf30b5e9c658c6b406
                                            • Opcode Fuzzy Hash: 90f3ff50019463b3abce0930983e1d2f6dfab858dc649046eb07275c8b06ad65
                                            • Instruction Fuzzy Hash: C4115B323192805FC70BAB6DA8648597FBAFFD625035440ABD445CB277C9709C0993A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f046b5a68ea3d6c60f8fb3fe34c63c6a8f65100dca36c37f4371aee6ae1746c0
                                            • Instruction ID: 2346a07c281ab0ebfae78d628f7fbf70ec6d97d4c4c7c66c5c828b115389d829
                                            • Opcode Fuzzy Hash: f046b5a68ea3d6c60f8fb3fe34c63c6a8f65100dca36c37f4371aee6ae1746c0
                                            • Instruction Fuzzy Hash: B5214870B011489FDB05CFA9E554AEEBFB6EF48309F14802AE811E6360DB35E941CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e87782e791cfb5ce842b547ef99a3bcc993a1c5fe2cce1b039bf58d94e7cde4d
                                            • Instruction ID: 64dfd1814ce7c7efc085d8e73befd879a9c7fcb391df84040eda86845b819136
                                            • Opcode Fuzzy Hash: e87782e791cfb5ce842b547ef99a3bcc993a1c5fe2cce1b039bf58d94e7cde4d
                                            • Instruction Fuzzy Hash: DD317AB4515142CFC3216FB0FE5E14C3FA0FF2270BB1A5A71E1AA9107DCB2809528F65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 22e54017eec6faf66077acee22fa850433f936d57b0f8e879e58aff522de6568
                                            • Instruction ID: 297285c2e63d57d8bef07e6b40b30e0b11ca044b6fcd02d3b4097af22cc33e77
                                            • Opcode Fuzzy Hash: 22e54017eec6faf66077acee22fa850433f936d57b0f8e879e58aff522de6568
                                            • Instruction Fuzzy Hash: A711C235301B139BD716AA2AD85892FBBAAFF88755305417AD906CB364CF30DC028B81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c76efc66e7722b51b6f52b6afc40ef48b0f00533249d09b803280c72efe22203
                                            • Instruction ID: e2f87ab1dc55ea5fd046c3a80ade5b0fc9b135ddee6d403b1bfc30c898b0615e
                                            • Opcode Fuzzy Hash: c76efc66e7722b51b6f52b6afc40ef48b0f00533249d09b803280c72efe22203
                                            • Instruction Fuzzy Hash: B5118E312193814FC31A9B29A8A05563FB9EF9670570944FFC08A8F376CA789815CB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4a524019cbe63e7d380c19e394d9bcc81068f886f99d40973dd0fac923863276
                                            • Instruction ID: 5f2dfddbc875fb93bcc69b37abac944c435fc058c868f7b9db6ac53cb7891c20
                                            • Opcode Fuzzy Hash: 4a524019cbe63e7d380c19e394d9bcc81068f886f99d40973dd0fac923863276
                                            • Instruction Fuzzy Hash: 85113C36B106118FCB14AF78E44881DB7EABFA866532545BAE40ADB375CE35DC02CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399617824.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_140d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction ID: 7b68d81ad087602fbb8ea3f196493a7f8b1c7192a6cb164d5cac8ba8fcd9d56c
                                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction Fuzzy Hash: 6E11AF76904240CFDB16CF54D5C4B16BF61FB88314F24C5AADD090B267C33AD45ACBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399617824.000000000140D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0140D000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_140d000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction ID: 21232077025e38ab29eac2312e59a1166bae629c8bda4f47231b81b3beef2502
                                            • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                            • Instruction Fuzzy Hash: 9711D272804240DFCB12CF44D5C4B56BF71FB84324F24C5AAD9090B667C33AE45ACBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b8f8e180fadc3ebf3e241cf9854925d5f55fe56f9cab6332bda27c56776b8d61
                                            • Instruction ID: 1fddb0eb53f1d1bd206854069a88922c3fa79ee89aa2ae0f132952e85de3381a
                                            • Opcode Fuzzy Hash: b8f8e180fadc3ebf3e241cf9854925d5f55fe56f9cab6332bda27c56776b8d61
                                            • Instruction Fuzzy Hash: A601FE717055565FDF029F99AC106EF3FAADFCA651B08805AF540C7255CE718C128792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e8e8fac04b2a9447c40ef5474562612d69beb0ac38c28f7ff145599b57559561
                                            • Instruction ID: 8eae39a7103d8a40d6a95dfa6319a0d0c65f36254850732ae82e9e8d7c352605
                                            • Opcode Fuzzy Hash: e8e8fac04b2a9447c40ef5474562612d69beb0ac38c28f7ff145599b57559561
                                            • Instruction Fuzzy Hash: 592119B4111106CBC3206FB0FE5E04C3BA4FF1270B75A5A31E1AA9107CCB2819518F65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ea8941aec4b3b25a3ca26f5470c02258adf88dacfc8b11617319eb8df2e8a146
                                            • Instruction ID: b0c51da5cc9f36ffb0e47ced22408a4952365366bdb4a2117463252449403011
                                            • Opcode Fuzzy Hash: ea8941aec4b3b25a3ca26f5470c02258adf88dacfc8b11617319eb8df2e8a146
                                            • Instruction Fuzzy Hash: 8E11A131D1021A9FCF00EFB4D8488EE7BB9FF8A304710865AD005E7154DB386906CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ad714cb2fd2e76e09b46ed610a8890fb6e3f6b3841f28f01f88d78628b8740f9
                                            • Instruction ID: ccd5a76534846d7bac2df3eb1034ad7ee0c44f891bbe80a9f6e381e5cbfe7149
                                            • Opcode Fuzzy Hash: ad714cb2fd2e76e09b46ed610a8890fb6e3f6b3841f28f01f88d78628b8740f9
                                            • Instruction Fuzzy Hash: 6D113774D11209DFCB41EFACE9945ACBFB6FF49240B1095AADD06E7264EB342E08CB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e0dce05807f3cd3983fc0142f6e1fa8184a9aef017856b47349dee80c09ccb5d
                                            • Instruction ID: 31336952db9a19a377e2b9120468da015b116e0af5a62222c68c31e4787a9d4f
                                            • Opcode Fuzzy Hash: e0dce05807f3cd3983fc0142f6e1fa8184a9aef017856b47349dee80c09ccb5d
                                            • Instruction Fuzzy Hash: 520169716092518FCB12DF3CE514A2A7BE5AF89320F0449AED0D98B3A6D730ED05CB83
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a63f617e333c99e08096525ca5b862efe8380936c51a49a7b1430f216573fff8
                                            • Instruction ID: 35b857eef51e91fcc953d095686ebd1fa1fdbbae59b272c07bc1f85ce3dd6f7f
                                            • Opcode Fuzzy Hash: a63f617e333c99e08096525ca5b862efe8380936c51a49a7b1430f216573fff8
                                            • Instruction Fuzzy Hash: D5F0F6353005118B97255A2E98A8A6B7FEEEFD9A58305407BE94ACB371DE30CC03C382
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5096ae5c17fc6b158512dba942c22d7b2e8b1ffd7ff1e840c155da143f3656b6
                                            • Instruction ID: a8ed252f887560367e124d82bdd009c062cd17445aedc6c403a6243be2538e17
                                            • Opcode Fuzzy Hash: 5096ae5c17fc6b158512dba942c22d7b2e8b1ffd7ff1e840c155da143f3656b6
                                            • Instruction Fuzzy Hash: 7811F878A11209EFCB45EFADE9445ACBBB6FB48200B50956A9916A7264DB346E088B40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c7dd01a0d7d8665d440dbd4b74284526f767b79520f24705d06d272793df078d
                                            • Instruction ID: 392942fddda642db4e362812e982f2c4b9c69e3b5f056b3b777a4aed5476cdb5
                                            • Opcode Fuzzy Hash: c7dd01a0d7d8665d440dbd4b74284526f767b79520f24705d06d272793df078d
                                            • Instruction Fuzzy Hash: 93018435D1061A9FCF00EFB4D8488EEBB79FF89314B108219E105E7254EB356906CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5f7ecbe406928846b2a246b0f7eadc7113e17ebf30d887b79b86dcc8d6618bbd
                                            • Instruction ID: b26e155fff2fc04bcfda621d8bde7c642162f1f7f3a07d9e22fafd1b02fe3cee
                                            • Opcode Fuzzy Hash: 5f7ecbe406928846b2a246b0f7eadc7113e17ebf30d887b79b86dcc8d6618bbd
                                            • Instruction Fuzzy Hash: 36F0A430B0E3C46FD302CB2C88545623FA5AB97318B4A40DBD548CF267E675E806C353
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 18ddd3c50ce07af061118571dfadf0388424b7a1d299fa0e3712382ed355054f
                                            • Instruction ID: de87be5d745f3faf6d324283d7eb6b9b6733ce5e6f62b7bbc5434b3d5770e316
                                            • Opcode Fuzzy Hash: 18ddd3c50ce07af061118571dfadf0388424b7a1d299fa0e3712382ed355054f
                                            • Instruction Fuzzy Hash: 6BF0AF353013414BC229EF2EA41091B3A9EFFD8B85B10887E820A4B768CF79DC05CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5b70a21b0420a2dbc2d67263926ca9920643c31520c39afc56e4a5b924d13e6
                                            • Instruction ID: 5dcdfbaae896ada04c019e292f550a57d939c4dbcc0298e677050e0019050087
                                            • Opcode Fuzzy Hash: f5b70a21b0420a2dbc2d67263926ca9920643c31520c39afc56e4a5b924d13e6
                                            • Instruction Fuzzy Hash: FDF0B4323111052B4609AA5FA84085EBEDFFFD9610350C43EE519C73A8CE71AC0A43A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f45513a93046cd8d5284a43c3994bf25c547ffea08bbe77fb2efcb445678c374
                                            • Instruction ID: fc69566fea51fce556722d01e089f2fc284ec766ccc01f05c622039fbf628d64
                                            • Opcode Fuzzy Hash: f45513a93046cd8d5284a43c3994bf25c547ffea08bbe77fb2efcb445678c374
                                            • Instruction Fuzzy Hash: F6F0F83060E3C05FD707973888A16563FBA5F87218B5A84EBE084CF667D629E80AC316
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 37f95e938d29ea89f297fad1dd695b30757e33a4e7d2b697ffc100a42c23ad88
                                            • Instruction ID: ddf2d5baef6694816e1f4705708abe9a69b167c3ae0f2f9af95ec2055e8f0a25
                                            • Opcode Fuzzy Hash: 37f95e938d29ea89f297fad1dd695b30757e33a4e7d2b697ffc100a42c23ad88
                                            • Instruction Fuzzy Hash: 13F08230A097C05FD702C72C88906963F79AF97318B4941EAD088CF227D235D806C702
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cca4589e04f0333bd7378ce2b7a25e001eefcf22c8ccaa42f91ef65df06d79a9
                                            • Instruction ID: 8ae699fdfb95a40bddf27ff164d646824ab0812e36524a9fa261f667dd67ee0a
                                            • Opcode Fuzzy Hash: cca4589e04f0333bd7378ce2b7a25e001eefcf22c8ccaa42f91ef65df06d79a9
                                            • Instruction Fuzzy Hash: EBF08C34B05689AFCB01DB2888506E637B5FFA2758B5580A7D808CB226F6B5DC46C716
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1b89afc043eeedf5b24f1c5e23b47a038a8ea57fa5e7358b046058ab8fa526fb
                                            • Instruction ID: 2abfe87c9e5814cec2b50eaaf9bb90ee94f87b1fe8747a995d25921a4fa8e215
                                            • Opcode Fuzzy Hash: 1b89afc043eeedf5b24f1c5e23b47a038a8ea57fa5e7358b046058ab8fa526fb
                                            • Instruction Fuzzy Hash: A0F082306493C1AFD703D7289854A523FB65B83204F4940D7E444CF2B7D675DC45C392
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab24e7f80711a4069235e895cdd76c62fa059a63192b1c60610a6c5a84063b1f
                                            • Instruction ID: d45a70be3ed9a3c15b69d0a24fcb656bd1cba788625c9df3aab1dea612085845
                                            • Opcode Fuzzy Hash: ab24e7f80711a4069235e895cdd76c62fa059a63192b1c60610a6c5a84063b1f
                                            • Instruction Fuzzy Hash: 62E086201083D50EC7076B75BC596557F6EAF96304B1844D2D9854D46ACA7C1D05C3A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                            • Instruction ID: a467d3c8340080d1f0d379911756adc121e7c0f8efa3fc3bf8594504813ef363
                                            • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                            • Instruction Fuzzy Hash: A1C08C7320C5282BA235604E7C40EE7BB8CC3C23B9A310137F95CE330198629C8261F6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5505ab0b93a9d9f419cd309f767c28ad61c16aea275df43a16022fd89b856dc1
                                            • Instruction ID: 2e6c2192520c8a2839ea1c03be13977845485a3de164495fcbefcb5a3dbc67ae
                                            • Opcode Fuzzy Hash: 5505ab0b93a9d9f419cd309f767c28ad61c16aea275df43a16022fd89b856dc1
                                            • Instruction Fuzzy Hash: 35D0A77AF001048F9B38AE3574580ACF3A3E7C4121304C036E80EC3A08CF384D469750
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ec2766809b1552acb3d4c84ea416d0f4ec892fce9dbfbf4bc974df5d5bc214f1
                                            • Instruction ID: 58cf08cae5c8d7f86278d1d9de3fb197e24e376f43beb997d05d01dbfc48c8f1
                                            • Opcode Fuzzy Hash: ec2766809b1552acb3d4c84ea416d0f4ec892fce9dbfbf4bc974df5d5bc214f1
                                            • Instruction Fuzzy Hash: F0D0677AB404189FCB149F98EC408DDBBB6FB9C221B048116E915A3265C6319921DB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8ce4adcd6df3ca13c537163094f741bf8b082a77cef9e7a505ffbd04641ec2b5
                                            • Instruction ID: 3880ca7db792e9061cdc6774f50c1deb246c50e980bdaac6911416f9e2b3ac3f
                                            • Opcode Fuzzy Hash: 8ce4adcd6df3ca13c537163094f741bf8b082a77cef9e7a505ffbd04641ec2b5
                                            • Instruction Fuzzy Hash: 5BD0C911A492F54BD76B567C646259CFF916A932A030910EBC8C19A25BD5480D4B9387
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3b22b7a0f613ba328170189ddd6219c1c2535e1affbc7631ba42b1b20908fa0a
                                            • Instruction ID: 9562a494980ffc46e1f8aee1ff3c17114c6013ee52f66b183881fddf110245cb
                                            • Opcode Fuzzy Hash: 3b22b7a0f613ba328170189ddd6219c1c2535e1affbc7631ba42b1b20908fa0a
                                            • Instruction Fuzzy Hash: CFC012302447094FC64AFF7AF94891A776FFEC03047548534960F0A529DF7C5C4986D0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 24dc1e91f189674a2d5e6fbd29b2fb6adbe93dc8814ff1be5cf8b2f3a4210c98
                                            • Instruction ID: a0c041fe2f8bea70daf55ba90143550f0a6b5debd5467bef1f8c91213710d406
                                            • Opcode Fuzzy Hash: 24dc1e91f189674a2d5e6fbd29b2fb6adbe93dc8814ff1be5cf8b2f3a4210c98
                                            • Instruction Fuzzy Hash: A4C04C3441F7D48FDB03C75488B47403FF26D4720439F08C68884CA966C659A8198726
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b5baa1f48ea516655a2f6cd525da06e835fa288a88a8aa14b3a65de204c30e08
                                            • Instruction ID: d4af8142fba51bf0e812e7b4ce43f413d5ada4c05671004323c2bd9a3f86f919
                                            • Opcode Fuzzy Hash: b5baa1f48ea516655a2f6cd525da06e835fa288a88a8aa14b3a65de204c30e08
                                            • Instruction Fuzzy Hash: B0C092140CF2C21ED34797242C318903F3468C391C38E50CAC0E18B963C10C0026DA39
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 985b7c1b91ef92762f06a41c458ce9a35501b4b3621b8150e489b84d4069f9b7
                                            • Instruction ID: 518fb918721798aec6c3c8133bf8ef8e6bd7da0b67350fe6f45db45fa7011866
                                            • Opcode Fuzzy Hash: 985b7c1b91ef92762f06a41c458ce9a35501b4b3621b8150e489b84d4069f9b7
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Xaq$Xaq$Xaq$Xaq$dq^
                                            • API String ID: 0-2775305623
                                            • Opcode ID: b3727f64f9ea50af3ce94e8433344c01be503714ee9ec769ede2133bf5f0b736
                                            • Instruction ID: b5aff819f0ce15bb8a3700ff66874aca154fbcf03ab09f68fdfe201feeff023d
                                            • Opcode Fuzzy Hash: b3727f64f9ea50af3ce94e8433344c01be503714ee9ec769ede2133bf5f0b736
                                            • Instruction Fuzzy Hash: 6951B431D093994FDF268B7C895039FBFB9AF46208F1900E7C1459B2B6DA348949C793
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000006.00000002.2399828767.0000000001460000.00000040.00000800.00020000.00000000.sdmp, Offset: 01460000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_6_2_1460000_i6R4NsEd8t.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: \;]q$\;]q$\;]q$\;]q
                                            • API String ID: 0-2351511683
                                            • Opcode ID: 287193886b33428b33778bdc077828a95e0d8edacc87fb51479c19378b0bbbb5
                                            • Instruction ID: c5925c5a60c84fbc74b32e20003e8682847d899adf2f64821d6c3fc3a7738ffa
                                            • Opcode Fuzzy Hash: 287193886b33428b33778bdc077828a95e0d8edacc87fb51479c19378b0bbbb5
                                            • Instruction Fuzzy Hash: 3A01DFB17402068FCB648E2CC49092A77EEFF88E68725496BF505CB371DA31DC42CB82
                                            Uniqueness

                                            Uniqueness Score: -1.00%