Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
XxWACzmWyB.exe

Overview

General Information

Sample Name:XxWACzmWyB.exe
(renamed file extension from none to exe, renamed because original name is a hash value)
Original Sample Name:0e484560a909fc06b9987db73346efa0ca6750d523f2334913c23e061695f5cc
Analysis ID:1338491
MD5:dfb5e2963e9bc48c904f4ac5978fe9ea
SHA1:aa02aff8e6722e6e3733b8c884bc838360f08ccf
SHA256:0e484560a909fc06b9987db73346efa0ca6750d523f2334913c23e061695f5cc
Infos:

Detection

AESCRYPT Ransomware, GhostLocker, TrojanRansom
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected TrojanRansom
Yara detected GhostLocker Ransomware
Antivirus detection for URL or domain
Yara detected AESCRYPT Ransomware
Multi AV Scanner detection for dropped file
Drops PE files to the startup folder
Potentially malicious time measurement code found
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
PE file contains sections with non-standard names
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Found dropped PE file which has not been started or loaded
PE file contains executable resources (Code or Archives)
Contains functionality for execution timing, often used to detect debuggers
PE file does not import any functions
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Binary contains a suspicious time stamp
Creates a start menu entry (Start Menu\Programs\Startup)
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • XxWACzmWyB.exe (PID: 7008 cmdline: C:\Users\user\Desktop\XxWACzmWyB.exe MD5: DFB5E2963E9BC48C904F4AC5978FE9EA)
    • wwndjlajmlkzqaqa.exe (PID: 4928 cmdline: C:\Users\user\Desktop\XxWACzmWyB.exe MD5: 898AF9AC9850D8901B56A302BDB37FFC)
      • cmd.exe (PID: 6676 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 6240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • XxWACzmWyB.exe (PID: 6672 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe" MD5: DFB5E2963E9BC48C904F4AC5978FE9EA)
    • wwndjlajmlkzqaqa.exe (PID: 5744 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe" MD5: 898AF9AC9850D8901B56A302BDB37FFC)
      • cmd.exe (PID: 4192 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1364 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: wwndjlajmlkzqaqa.exe PID: 4928JoeSecurity_GhostLockerYara detected GhostLocker RansomwareJoe Security
    Process Memory Space: wwndjlajmlkzqaqa.exe PID: 4928JoeSecurity_AESCRYPTRansomwareYara detected AESCRYPT RansomwareJoe Security
      Process Memory Space: wwndjlajmlkzqaqa.exe PID: 4928JoeSecurity_TrojanRansomYara detected TrojanRansomJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Snort Signatures

        No Snort rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Multi AV Scanner detection for submitted file
        Source: XxWACzmWyB.exeReversingLabs: Detection: 40%
        Antivirus detection for URL or domain
        Source: http://88.218.62.219/downloadAvira URL Cloud: Label: malware
        Source: http://88.218.61.141/incrementLaunchesAvira URL Cloud: Label: malware
        Multi AV Scanner detection for dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeReversingLabs: Detection: 40%
        Source: XxWACzmWyB.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.3built on: Tue Sep 19 14:31:32 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-5946imn3\src\rust\target\release\deps\cryptography_rust.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926103118.00007FFE007F5000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47506D000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912018127.000002001EE50000.00000002.00000001.01000000.00000008.sdmp
        Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-5946imn3\src\rust\target\release\deps\cryptography_rust.pdbbP source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926778110.00007FFE10310000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1928988511.00007FFE130C3000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919986827.00007FFDFB783000.00000002.00000001.01000000.00000005.sdmp
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47506D000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926992907.00007FFE1151C000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926992907.00007FFE1151C000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1929886408.00007FFE148E3000.00000002.00000001.01000000.0000000B.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2062741667.00007FFE120C3000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1922260395.00007FFDFF26C000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926103118.00007FFE007F5000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1929670650.00007FFE13308000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1928009953.00007FFE126DD000.00000002.00000001.01000000.0000000C.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1930177509.00007FFE1A461000.00000002.00000001.01000000.00000006.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1927111559.00007FFE11EBD000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1929239726.00007FFE13206000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmp
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,1_2_00007FFDFAAA3229
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
        Source: global trafficTCP traffic: 192.168.2.4:49730 -> 88.218.62.219:80
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: unknownTCP traffic detected without corresponding DNS query: 88.218.62.219
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913572886.0000020021A1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000003.1905448271.000002002176F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913767156.0000020021BCC000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913474117.000002002176F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://88.218.61.141/add
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000003.1905448271.000002002176F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913474117.000002002176F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1914426367.0000020021D40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://88.218.61.141/incrementLaunches
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1914426367.0000020021D40000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://88.218.62.219/download
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1914426367.0000020021E10000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://88.218.62.219/downloadp
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913108671.00000200214E0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905569639.0000020021058000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912683462.0000020021059000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
        Source: wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912260909.000002001F486000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905569639.0000020021058000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912683462.0000020021059000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905891645.000002001F486000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
        Source: wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://json.org
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://speleotrove.com/decimal/decarith.html
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913108671.00000200214E0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912409013.000002001F710000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905569639.0000020021058000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912683462.0000020021059000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912335268.000002001F510000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912724855.00000200210D9000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1929454345.00007FFE1322C000.00000002.00000001.01000000.00000009.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://cryptography.io
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913108671.00000200214E0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913572886.0000020021A1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912960511.00000200212B0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
        Source: wwndjlajmlkzqaqa.exe, 00000005.00000002.2053545024.000002B960D3A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://getsession.org/download
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.000002002114F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.000002002114F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.000002002114F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/facebook/zstd/blob/dev/lib/zstd.h).
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: https://github.com/kjd/idn
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/kjd/idna
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913767156.0000020021BCC000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: https://github.com/urllib3/urllib3/issue
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912409013.000002001F710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2168
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2168aurllib3_secure_extraaDeprecationWarningl
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912960511.00000200212B0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905569639.0000020021058000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912683462.0000020021059000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912409013.000002001F710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2680
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2680T
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920T
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912409013.000002001F710000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3020
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3020aNotOpenSSLWarningaOPENSSL_VERSION_INFOT
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: https://google.c
        Source: wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
        Source: wwndjlajmlkzqaqa.exe, 00000005.00000003.2044150399.000002B95EAF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
        Source: wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1912316090.000002001F4F0000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912648038.0000020021011000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905766722.000002002100E000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912607773.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044240381.000002B95EB29000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044150399.000002B95EAF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912648038.0000020021011000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905766722.000002002100E000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919986827.00007FFDFB783000.00000002.00000001.01000000.00000005.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913767156.0000020021B30000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044240381.000002B95EB29000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044150399.000002B95EAF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://requests.readthedocs.ioa__url__u2.31.0a__version__l1
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1906000991.000002001EDB8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1906248253.000002001EDF7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905849260.000002001ED8C000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905805487.000002001ED7E000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1911978014.000002001EDFA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1906228019.000002001F4ED000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905891645.000002001F486000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913035863.00000200213B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxya__cause__u
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsaInsecureRequestWarningu
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsd
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1913572886.0000020021A1C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/contrib.html#socks-proxies
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/contrib.html#socks-proxiesatypingasocketT
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: https://www.ibm.com/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47515A000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926307532.00007FFE0082A000.00000002.00000001.01000000.0000000D.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpString found in binary or memory: https://www.openssl.org/H
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.pyopenssl.org
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912607773.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044240381.000002B95EB29000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044150399.000002B95EAF9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912648038.0000020021011000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905766722.000002002100E000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912045240.000002001F210000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/

        Spam, unwanted Advertisements and Ransom Demands

        barindex
        Yara detected TrojanRansom
        Source: Yara matchFile source: Process Memory Space: wwndjlajmlkzqaqa.exe PID: 4928, type: MEMORYSTR
        Yara detected GhostLocker Ransomware
        Source: Yara matchFile source: Process Memory Space: wwndjlajmlkzqaqa.exe PID: 4928, type: MEMORYSTR
        Yara detected AESCRYPT Ransomware
        Source: Yara matchFile source: Process Memory Space: wwndjlajmlkzqaqa.exe PID: 4928, type: MEMORYSTR
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA655F1_2_00007FFDFAAA655F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA6A871_2_00007FFDFAAA6A87
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC57BC01_2_00007FFDFAC57BC0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC43B801_2_00007FFDFAC43B80
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA21B71_2_00007FFDFAAA21B7
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA22E81_2_00007FFDFAAA22E8
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA3FDA1_2_00007FFDFAAA3FDA
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAB0FA001_2_00007FFDFAB0FA00
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA41651_2_00007FFDFAAA4165
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA60A01_2_00007FFDFAAA60A0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA22891_2_00007FFDFAAA2289
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAABBF201_2_00007FFDFAABBF20
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA32E71_2_00007FFDFAAA32E7
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABD00101_2_00007FFDFABD0010
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA27661_2_00007FFDFAAA2766
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA30C11_2_00007FFDFAAA30C1
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABD7CD01_2_00007FFDFABD7CD0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAABBD601_2_00007FFDFAABBD60
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA6CBC1_2_00007FFDFAAA6CBC
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA29CD1_2_00007FFDFAAA29CD
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5D8A1_2_00007FFDFAAA5D8A
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA6EF11_2_00007FFDFAAA6EF1
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAABF0601_2_00007FFDFAABF060
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA213F1_2_00007FFDFAAA213F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAABF2001_2_00007FFDFAABF200
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABDB2001_2_00007FFDFABDB200
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA114F1_2_00007FFDFAAA114F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA6F281_2_00007FFDFAAA6F28
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA1EA11_2_00007FFDFAAA1EA1
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAACB8501_2_00007FFDFAACB850
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFACDF7D01_2_00007FFDFACDF7D0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA704A1_2_00007FFDFAAA704A
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA3B931_2_00007FFDFAAA3B93
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA51691_2_00007FFDFAAA5169
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABD74F01_2_00007FFDFABD74F0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAACB4C01_2_00007FFDFAACB4C0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC42C401_2_00007FFDFAC42C40
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA23F11_2_00007FFDFAAA23F1
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC2E8701_2_00007FFDFAC2E870
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5E251_2_00007FFDFAAA5E25
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA4E4E1_2_00007FFDFAAA4E4E
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA60DC1_2_00007FFDFAAA60DC
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAABEF001_2_00007FFDFAABEF00
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA1B221_2_00007FFDFAAA1B22
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAB82EB01_2_00007FFDFAB82EB0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA72C51_2_00007FFDFAAA72C5
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA46331_2_00007FFDFAAA4633
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5B0F1_2_00007FFDFAAA5B0F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5DA31_2_00007FFDFAAA5DA3
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA4D041_2_00007FFDFAAA4D04
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABD63101_2_00007FFDFABD6310
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA34861_2_00007FFDFAAA3486
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA378D1_2_00007FFDFAAA378D
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA43591_2_00007FFDFAAA4359
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA1B311_2_00007FFDFAAA1B31
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA47461_2_00007FFDFAAA4746
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA57D11_2_00007FFDFAAA57D1
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5A601_2_00007FFDFAAA5A60
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA1A4B1_2_00007FFDFAAA1A4B
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABD28501_2_00007FFDFABD2850
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA1CC11_2_00007FFDFAAA1CC1
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA6FFF1_2_00007FFDFAAA6FFF
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA36931_2_00007FFDFAAA3693
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA707C1_2_00007FFDFAAA707C
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC41AD01_2_00007FFDFAC41AD0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA50AB1_2_00007FFDFAAA50AB
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA35FD1_2_00007FFDFAAA35FD
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC59B901_2_00007FFDFAC59B90
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA4AC51_2_00007FFDFAAA4AC5
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA54CF1_2_00007FFDFAAA54CF
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA216C1_2_00007FFDFAAA216C
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA53C11_2_00007FFDFAAA53C1
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA21351_2_00007FFDFAAA2135
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA638E1_2_00007FFDFAAA638E
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA59F71_2_00007FFDFAAA59F7
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA4F3E1_2_00007FFDFAAA4F3E
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA3BA21_2_00007FFDFAAA3BA2
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA2D0B1_2_00007FFDFAAA2D0B
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA72AC1_2_00007FFDFAAA72AC
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA16221_2_00007FFDFAAA1622
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABD60101_2_00007FFDFABD6010
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA3A851_2_00007FFDFAAA3A85
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA1CFD1_2_00007FFDFAAA1CFD
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA38321_2_00007FFDFAAA3832
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA266C1_2_00007FFDFAAA266C
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA29821_2_00007FFDFAAA2982
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA1D831_2_00007FFDFAAA1D83
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA736A1_2_00007FFDFAAA736A
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA72571_2_00007FFDFAAA7257
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA68CA1_2_00007FFDFAAA68CA
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAABD2601_2_00007FFDFAABD260
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA53A81_2_00007FFDFAAA53A8
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA710D1_2_00007FFDFAAA710D
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC593C01_2_00007FFDFAC593C0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA1F961_2_00007FFDFAAA1F96
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA31891_2_00007FFDFAAA3189
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA144C1_2_00007FFDFAAA144C
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAC52001_2_00007FFDFAAC5200
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABE11701_2_00007FFDFABE1170
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABCD1701_2_00007FFDFABCD170
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA15C81_2_00007FFDFAAA15C8
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA54CA1_2_00007FFDFAAA54CA
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA55101_2_00007FFDFAAA5510
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA3A8F1_2_00007FFDFAAA3A8F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA12991_2_00007FFDFAAA1299
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABE17A01_2_00007FFDFABE17A0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA65641_2_00007FFDFAAA6564
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA542F1_2_00007FFDFAAA542F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5F101_2_00007FFDFAAA5F10
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5BF01_2_00007FFDFAAA5BF0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA44C61_2_00007FFDFAAA44C6
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA560F1_2_00007FFDFAAA560F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA50471_2_00007FFDFAAA5047
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA42871_2_00007FFDFAAA4287
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA11CC1_2_00007FFDFAAA11CC
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA4B561_2_00007FFDFAAA4B56
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA4C141_2_00007FFDFAAA4C14
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC54BC01_2_00007FFDFAC54BC0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA2FCC1_2_00007FFDFAAA2FCC
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA6D5C1_2_00007FFDFAAA6D5C
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA2D741_2_00007FFDFAAA2D74
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA177B1_2_00007FFDFAAA177B
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA22AC1_2_00007FFDFAAA22AC
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA4A531_2_00007FFDFAAA4A53
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA275C1_2_00007FFDFAAA275C
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA11401_2_00007FFDFAAA1140
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA10AA1_2_00007FFDFAAA10AA
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA12171_2_00007FFDFAAA1217
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA592F1_2_00007FFDFAAA592F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA44031_2_00007FFDFAAA4403
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA362F1_2_00007FFDFAAA362F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA6EBF1_2_00007FFDFAAA6EBF
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA65A01_2_00007FFDFAAA65A0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA26E91_2_00007FFDFAAA26E9
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA22FC1_2_00007FFDFAAA22FC
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABE03001_2_00007FFDFABE0300
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA2E8C1_2_00007FFDFAAA2E8C
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA14241_2_00007FFDFAAA1424
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5B731_2_00007FFDFAAA5B73
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA4C371_2_00007FFDFAAA4C37
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA41011_2_00007FFDFAAA4101
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAB507501_2_00007FFDFAB50750
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA25EF1_2_00007FFDFAAA25EF
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA69E71_2_00007FFDFAAA69E7
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFABCC7D01_2_00007FFDFABCC7D0
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA6C211_2_00007FFDFAAA6C21
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAABC4801_2_00007FFDFAABC480
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAC584901_2_00007FFDFAC58490
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAABC6201_2_00007FFDFAABC620
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA2C751_2_00007FFDFAAA2C75
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA300D appears 55 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA4057 appears 782 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA2A04 appears 172 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA698D appears 49 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA24B9 appears 83 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA483B appears 128 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA1EF1 appears 1581 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA2734 appears 511 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA4D68 appears 38 times
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: String function: 00007FFDFAAA688E appears 31 times
        Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: unicodedata.pyd.4.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: python3.dll.4.drStatic PE information: No import functions for PE file found
        Source: python3.dll.0.drStatic PE information: No import functions for PE file found
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47515A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs XxWACzmWyB.exe
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs XxWACzmWyB.exe
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeSection loaded: python3.dllJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeSection loaded: python3.dllJump to behavior
        Source: XxWACzmWyB.exeReversingLabs: Detection: 40%
        Source: XxWACzmWyB.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\XxWACzmWyB.exe C:\Users\user\Desktop\XxWACzmWyB.exe
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exe C:\Users\user\Desktop\XxWACzmWyB.exe
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe"
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe"
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
        Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exe C:\Users\user\Desktop\XxWACzmWyB.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeProcess created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe" Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeJump to behavior
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594Jump to behavior
        Source: classification engineClassification label: mal96.rans.adwa.evad.winEXE@12/51@0/1
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile read: C:\Users\desktop.iniJump to behavior
        Source: wwndjlajmlkzqaqa.exeBinary or memory string: Insert thousands separators into a digit string. spec is a dictionary whose keys should include 'thousands_sep' and 'grouping'; typically it's the result of parsing the format specifier using _parse_format_specifier. The min_width keyword arg
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6240:120:WilError_03
        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1364:120:WilError_03
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: uCreate a copy of the timeout object Timeout properties are stored per-pool but each request needs a fresh Timeout object to ensure each one has its own start/stop configured. :return: a copy of the timeout object :rtype: :cla
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: uCreate a copy of the timeout object Timeout properties are stored per-pool but each request needs a fresh Timeout object to ensure each one has its own start/stop configured. :return: a copy of the timeout object :rtype: :cla
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: | response.read() | putrequest() v v Idle Req-started-unread-response ______/| / | response.read() | | ( putheader() )* endheaders()
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: ransitions: (null) | | HTTPConnection() v Idle | | putrequest() v Request-started | | ( putheader() )* endheaders() v Request-sent |\_____________________________ |
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: v v Request-started Req-sent-unread-response | | response.read() v Request-sent This diagram presents the following rules: -
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: ------ Idle _CS_IDLE None Request-started _CS_REQ_STARTED None Request-sent _CS_REQ_SENT None Unread-response _CS_IDLE <response_class> Req-started-unread-re
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: Usage: mimetypes.py [options] type Options: --help / -h -- print this message and exit --lenient / -l -- additionally search of some common, but non-standard types. --extension / -e -- guess extension instead of
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: Usage: mimetypes.py [options] type Options: --help / -h -- print this message and exit --lenient / -l -- additionally search of some common, but non-standard types. --extension / -e -- guess extension instead of
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: Fused multiply-add. Returns self*other+third with no rounding of the intermediate product self*other. self and other are multiplied together, with no rounding of the result. The third operand is then added to the result,
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: helpz#use -h/--help for command line helprB
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: helpz#use -h/--help for command line helprB
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: for more digits precision -u/--unit: set the output time unit (nsec, usec, msec, or sec) -h/--help: print this usage message and exit --: separate options from statement, use when statement starts with - statement: statement to be timed (default 'pass
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: for more digits precision -u/--unit: set the output time unit (nsec, usec, msec, or sec) -h/--help: print this usage message and exit --: separate options from statement, use when statement starts with - statement: statement to be timed (default 'pass
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: s.mp64. AIX ABI compatibility is described as guaranteed at: https://www.ibm.com/ support/knowledgecenter/en/ssw_aix_72/install/binary_compatability.html For pep425 purposes the AIX platform tag becomes: "aix-{:1x}{:1d}{:02d}-{:04d}-{}".format
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: - conflict_handler -- String indicating how to handle conflicts - add_help -- Add a -h/-help option - allow_abbrev -- Allow long options to be abbreviated unambiguously - exit_on_error -- Determines whether or not ArgumentParser exi
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: The name of the reverse DNS pointer for the IP address, e.g.: >>> ipaddress.ip_address("127.0.0.1").reverse_pointer '1.0.0.127.in-addr.arpa' >>> ipaddress.ip_address("2001:db8::1").reverse_pointer '1.0.0.0.0.0.0.
        Source: wwndjlajmlkzqaqa.exeString found in binary or memory: address_list = (address *("," address)) / obs-addr-list obs-addr-list = *([CFWS] ",") address *("," [address / CFWS]) We depart from the formal grammar here by continuing to parse until the end of the input, assuming the input to be entirely
        Source: XxWACzmWyB.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: XxWACzmWyB.exeStatic file information: File size 8919552 > 1048576
        Source: XxWACzmWyB.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x854000
        Source: XxWACzmWyB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: XxWACzmWyB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: XxWACzmWyB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: XxWACzmWyB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: XxWACzmWyB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: XxWACzmWyB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: XxWACzmWyB.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
        Source: XxWACzmWyB.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: crypto\stack\stack.cOPENSSL_sk_dupOPENSSL_sk_deep_copysk_reserveOPENSSL_sk_new_reserveOPENSSL_sk_reserveOPENSSL_sk_insertOPENSSL_sk_seti=%dcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC3.1.3built on: Tue Sep 19 14:31:32 2023 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptoOPENSSL_atexitcrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-5946imn3\src\rust\target\release\deps\cryptography_rust.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926103118.00007FFE007F5000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47506D000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912018127.000002001EE50000.00000002.00000001.01000000.00000008.sdmp
        Source: Binary string: C:\Users\runneradmin\AppData\Local\Temp\pip-req-build-5946imn3\src\rust\target\release\deps\cryptography_rust.pdbbP source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926778110.00007FFE10310000.00000002.00000001.01000000.00000017.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1928988511.00007FFE130C3000.00000002.00000001.01000000.00000011.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919986827.00007FFDFB783000.00000002.00000001.01000000.00000005.sdmp
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47506D000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926992907.00007FFE1151C000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926992907.00007FFE1151C000.00000002.00000001.01000000.00000016.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1929886408.00007FFE148E3000.00000002.00000001.01000000.0000000B.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2062741667.00007FFE120C3000.00000002.00000001.01000000.00000021.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1922260395.00007FFDFF26C000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926103118.00007FFE007F5000.00000002.00000001.01000000.0000000D.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1929670650.00007FFE13308000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474DD2000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1928009953.00007FFE126DD000.00000002.00000001.01000000.0000000C.sdmp
        Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1930177509.00007FFE1A461000.00000002.00000001.01000000.00000006.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1927111559.00007FFE11EBD000.00000002.00000001.01000000.00000015.sdmp
        Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1929239726.00007FFE13206000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: X509_SIGPKCS8_encrypt_excrypto\pkcs12\p12_p8e.cPKCS8_set0_pbe_excompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmp
        Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmp
        Source: XxWACzmWyB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: XxWACzmWyB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: XxWACzmWyB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: XxWACzmWyB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: XxWACzmWyB.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: XxWACzmWyB.exeStatic PE information: section name: _RDATA
        Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
        Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
        Source: python310.dll.0.drStatic PE information: section name: PyRuntim
        Source: vcruntime140.dll.0.drStatic PE information: section name: _RDATA
        Source: wwndjlajmlkzqaqa.exe.0.drStatic PE information: section name: _RDATA
        Source: XxWACzmWyB.exe.1.drStatic PE information: section name: _RDATA
        Source: wwndjlajmlkzqaqa.exe.4.drStatic PE information: section name: _RDATA
        Source: libcrypto-1_1.dll.4.drStatic PE information: section name: .00cfg
        Source: libssl-1_1.dll.4.drStatic PE information: section name: .00cfg
        Source: python310.dll.4.drStatic PE information: section name: PyRuntim
        Source: vcruntime140.dll.4.drStatic PE information: section name: _RDATA
        Source: vcruntime140.dll.0.drStatic PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_lzma.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libcrypto-1_1.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\zstandard\backend_c.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libffi-7.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libssl-1_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\select.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_bz2.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\python310.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\charset_normalizer\md.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_queue.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\select.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_ssl.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_ctypes.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libssl-1_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_bz2.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\charset_normalizer\md__mypyc.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\zstandard\_cffi.pydJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\zstandard\_cffi.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libcrypto-1_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\python310.dllJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libffi-7.dllJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\charset_normalizer\md.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_cffi_backend.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\charset_normalizer\md__mypyc.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_decimal.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_cffi_backend.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\vcruntime140.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\vcruntime140.dllJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\zstandard\backend_c.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\python3.dllJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile created: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_queue.pydJump to dropped file

        Boot Survival

        barindex
        Drops PE files to the startup folder
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\zstandard\_cffi.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_decimal.pydJump to dropped file
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\zstandard\_cffi.pydJump to dropped file
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_decimal.pydJump to dropped file
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA32F6 rdtsc 1_2_00007FFDFAAA32F6
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeAPI coverage: 0.2 %
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA3229 _errno,malloc,_errno,memset,MultiByteToWideChar,GetLastError,MultiByteToWideChar,MultiByteToWideChar,free,_errno,FindFirstFileW,_errno,FindNextFileW,WideCharToMultiByte,1_2_00007FFDFAAA3229
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\Jump to behavior
        Source: C:\Windows\System32\cmd.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Jump to behavior
        Source: XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
        Source: wwndjlajmlkzqaqa.exe, 00000001.00000002.1912607773.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

        Anti Debugging

        barindex
        Potentially malicious time measurement code found
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA572C1_2_00007FFDFAAA572C
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA42411_2_00007FFDFAAA4241
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAAA5A1F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA32F6 rdtsc 1_2_00007FFDFAAA32F6
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA5A1F IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFAAA5A1F
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop\XxWACzmWyB.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop\XxWACzmWyB.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop\XxWACzmWyB.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\Desktop\XxWACzmWyB.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934 VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exeQueries volume information: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe VolumeInformationJump to behavior
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
        Source: C:\Users\user\Desktop\XxWACzmWyB.exeCode function: 0_2_00007FF60011BB48 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF60011BB48
        Source: C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exeCode function: 1_2_00007FFDFAAA2B5D bind,WSAGetLastError,1_2_00007FFDFAAA2B5D

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
        Valid Accounts2
        Command and Scripting Interpreter        		12
        Registry Run Keys / Startup Folder        		11
        Process Injection        		1
        Masquerading        		OS Credential Dumping1
        System Time Discovery        		Remote Services1
        Archive Collected Data        		Exfiltration Over Other Network Medium1
        Encrypted Channel        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/Job1
        DLL Side-Loading        		12
        Registry Run Keys / Startup Folder        		11
        Process Injection        		LSASS Memory121
        Security Software Discovery        		Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)1
        DLL Side-Loading        		1
        Deobfuscate/Decode Files or Information        		Security Account Manager3
        File and Directory Discovery        		SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)1
        Obfuscated Files or Information        		NTDS14
        System Information Discovery        		Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
        Timestomp        		LSA SecretsRemote System DiscoverySSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.common1
        DLL Side-Loading        		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 1338491 Sample: XxWACzmWyB Startdate: 07/11/2023 Architecture: WINDOWS Score: 96 48 Antivirus detection for URL or domain 2->48 50 Multi AV Scanner detection for dropped file 2->50 52 Multi AV Scanner detection for submitted file 2->52 54 3 other signatures 2->54 8 XxWACzmWyB.exe 34 2->8         started        11 XxWACzmWyB.exe 34 2->11         started        process3 file4 28 C:\Users\user\...\wwndjlajmlkzqaqa.exe, PE32+ 8->28 dropped 30 C:\Users\user\AppData\Local\...\backend_c.pyd, PE32+ 8->30 dropped 32 C:\Users\user\AppData\Local\...\_cffi.pyd, PE32+ 8->32 dropped 40 20 other files (none is malicious) 8->40 dropped 13 wwndjlajmlkzqaqa.exe 1 8->13         started        34 C:\Users\user\AppData\Local\...\backend_c.pyd, PE32+ 11->34 dropped 36 C:\Users\user\AppData\Local\...\_cffi.pyd, PE32+ 11->36 dropped 38 C:\Users\user\...\wwndjlajmlkzqaqa.exe, PE32+ 11->38 dropped 42 20 other files (none is malicious) 11->42 dropped 18 wwndjlajmlkzqaqa.exe 11->18         started        process5 dnsIp6 46 88.218.62.219, 80 E-STYLEISP-ASRU Russian Federation 13->46 44 C:\Users\user\AppData\...\XxWACzmWyB.exe, PE32+ 13->44 dropped 56 Drops PE files to the startup folder 13->56 58 Potentially malicious time measurement code found 13->58 20 cmd.exe 1 13->20         started        22 cmd.exe 1 18->22         started        file7 signatures8 process9 process10 24 conhost.exe 20->24         started        26 conhost.exe 22->26         started       

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        XxWACzmWyB.exe41%ReversingLabsWin64.Trojan.Midie

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_bz2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_cffi_backend.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_ctypes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_decimal.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_hashlib.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_lzma.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_queue.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_socket.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_ssl.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\charset_normalizer\md.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\charset_normalizer\md__mypyc.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libcrypto-1_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libffi-7.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libssl-1_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\python3.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\python310.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\select.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\unicodedata.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\vcruntime140.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exe6%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\zstandard\_cffi.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\zstandard\backend_c.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_bz2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_cffi_backend.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_ctypes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_decimal.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_hashlib.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_lzma.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_queue.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_socket.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_ssl.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\charset_normalizer\md.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\charset_normalizer\md__mypyc.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libcrypto-1_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libffi-7.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libssl-1_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\python3.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\python310.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\select.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\unicodedata.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\vcruntime140.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exe6%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\zstandard\_cffi.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\zstandard\backend_c.pyd0%ReversingLabs
        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe41%ReversingLabsWin64.Trojan.Midie

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://ocsp.thawte.com00%URL Reputationsafe
        https://mahler:8092/site-updates.py0%Avira URL Cloudsafe
        http://.../back.jpeg0%Avira URL Cloudsafe
        http://88.218.61.141/add0%Avira URL Cloudsafe
        https://getsession.org/download0%Avira URL Cloudsafe
        http://88.218.62.219/download100%Avira URL Cloudmalware
        http://88.218.62.219/downloadp0%Avira URL Cloudsafe
        http://88.218.61.141/incrementLaunches100%Avira URL Cloudmalware
        http://speleotrove.com/decimal/decarith.html0%Avira URL Cloudsafe
        http://www.cl.cam.ac.uk/~mgk25/iso-time.html0%Avira URL Cloudsafe
        https://google.c0%Avira URL Cloudsafe
        https://www.pyopenssl.org0%Avira URL Cloudsafe
        https://foss.heptapod.net/pypy/pypy/-/issues/35390%Avira URL Cloudsafe
        https://requests.readthedocs.ioa__url__u2.31.0a__version__l10%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        No contacted domains info

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://google.com/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://mahler:8092/site-updates.pyXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912648038.0000020021011000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905766722.000002002100E000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		low
          https://github.com/kjd/idnaXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
            		high
            https://github.com/pyca/cryptography/issues/8996XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475784000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmpfalse
              		high
              http://.../back.jpegXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913572886.0000020021A1C000.00000004.00001000.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		low
              http://88.218.61.141/addwwndjlajmlkzqaqa.exe, 00000001.00000003.1905448271.000002002176F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913767156.0000020021BCC000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913474117.000002002176F000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: safe
              		unknown
              https://www.python.org/download/releases/2.3/mro/.XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912045240.000002001F210000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                		high
                https://httpbin.org/postXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912607773.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044240381.000002B95EB29000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044150399.000002B95EAF9000.00000004.00000020.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/Ousret/charset_normalizerXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.000002002114F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.000002002114F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.000002002114F000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/urllib3/urllib3/issues/2168XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912409013.000002001F710000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://github.com/urllib3/urllib3/issues/2680TXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                        		high
                        https://python.org/dev/peps/pep-0263/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47555C000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919986827.00007FFDFB783000.00000002.00000001.01000000.00000005.sdmpfalse
                          		high
                          https://github.com/urllib3/urllib3/issues/2920XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmpfalse
                            		high
                            https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913108671.00000200214E0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913572886.0000020021A1C000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/urllib3/urllib3/issues/2680XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912409013.000002001F710000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://yahoo.com/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://requests.readthedocs.ioa__url__u2.31.0a__version__l1XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  https://tools.ietf.org/html/rfc2388#section-4.4XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1906000991.000002001EDB8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1906248253.000002001EDF7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905849260.000002001ED8C000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905805487.000002001ED7E000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1911978014.000002001EDFA000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/urllib3/urllib3/issues/3020aNotOpenSSLWarningaOPENSSL_VERSION_INFOTXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                      		high
                                      https://getsession.org/downloadwwndjlajmlkzqaqa.exe, 00000005.00000002.2053545024.000002B960D3A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905569639.0000020021058000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912683462.0000020021059000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                        		high
                                        http://crl.thawte.com/ThawteTimestampingCA.crl0XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://html.spec.whatwg.org/multipage/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.ibm.com/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                              		high
                                              https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.pyopenssl.orgXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://github.com/kjd/idnwwndjlajmlkzqaqa.exefalse
                                                  		high
                                                  https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912960511.00000200212B0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                    		high
                                                    http://www.iana.org/time-zones/repository/tz-link.htmlXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                      		high
                                                      https://requests.readthedocs.iowwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913767156.0000020021B30000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044240381.000002B95EB29000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044150399.000002B95EAF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://curl.haxx.se/rfc/cookie_spec.htmlXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913108671.00000200214E0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                          		high
                                                          http://speleotrove.com/decimal/decarith.htmlXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsdwwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://github.com/urllib3/urllib3/issues/3020XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912409013.000002001F710000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://json.orgwwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                                		high
                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913035863.00000200213B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://httpbin.org/getwwndjlajmlkzqaqa.exe, 00000001.00000002.1912316090.000002001F4F0000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912648038.0000020021011000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905766722.000002002100E000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://www.python.orgXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912607773.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044240381.000002B95EB29000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000003.2044150399.000002B95EAF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                                        		high
                                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsaInsecureRequestWarninguXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                          		high
                                                                          http://ocsp.thawte.com0XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B475165000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://www.python.org/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912648038.0000020021011000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905766722.000002002100E000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905026143.0000020020FF6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://urllib3.readthedocs.io/en/latest/contrib.html#socks-proxieswwndjlajmlkzqaqa.exe, 00000001.00000002.1913572886.0000020021A1C000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://88.218.62.219/downloadwwndjlajmlkzqaqa.exe, 00000001.00000002.1914426367.0000020021D40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: malware
                                                                              		unknown
                                                                              https://httpbin.org/wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.python.org/dev/peps/pep-0205/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912890115.00000200211B0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://github.com/urllib3/urllib3/issues/2168aurllib3_secure_extraaDeprecationWarninglXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                    		high
                                                                                    https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-filewwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/facebook/zstd/blob/dev/lib/zstd.h).XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                        		high
                                                                                        http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912409013.000002001F710000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://twitter.com/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1906228019.000002001F4ED000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905891645.000002001F486000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912260909.000002001F486000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905569639.0000020021058000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912683462.0000020021059000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905891645.000002001F486000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://google.com/wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://google.com/mail/wwndjlajmlkzqaqa.exe, 00000005.00000003.2044150399.000002B95EAF9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://google.cwwndjlajmlkzqaqa.exefalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                http://google.com/mail/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905569639.0000020021058000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912683462.0000020021059000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://wwwsearch.sf.net/):XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912724855.00000200210D9000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                                                                    		high
                                                                                                    http://tools.ietf.org/html/rfc6125#section-6.4.3XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913108671.00000200214E0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                      		high
                                                                                                      https://github.com/urllib3/urllib3/issuewwndjlajmlkzqaqa.exefalse
                                                                                                        		high
                                                                                                        https://cffi.readthedocs.io/en/latest/using.html#callbacksXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1929454345.00007FFE1322C000.00000002.00000001.01000000.00000009.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/urllib3/urllib3/issues/2920TXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.openssl.org/HXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B47515A000.00000004.00000020.00020000.00000000.sdmp, XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B4751E3000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1926307532.00007FFE0082A000.00000002.00000001.01000000.0000000D.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpfalse
                                                                                                              		high
                                                                                                              http://88.218.62.219/downloadpwwndjlajmlkzqaqa.exe, 00000001.00000002.1914426367.0000020021E10000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://google.com/mailXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905305044.00000200210E5000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905259613.00000200210E1000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905703894.00000200210E6000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912749404.00000200210E7000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905211542.00000200210D8000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2052222748.000002B960787000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://packaging.python.org/specifications/entry-points/XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://urllib3.readthedocs.io/en/latest/contrib.html#socks-proxiesatypingasocketTXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474291000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912335268.000002001F510000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000005.00000002.2055783061.00007FF7350A2000.00000002.00000001.01000000.0000001A.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cryptography.ioXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/pyca/cryptography/issueswwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913767156.0000020021BCC000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://88.218.61.141/incrementLauncheswwndjlajmlkzqaqa.exe, 00000001.00000003.1905448271.000002002176F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1913474117.000002002176F000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1914426367.0000020021D40000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown
                                                                                                                          https://foss.heptapod.net/pypy/pypy/-/issues/3539XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912960511.00000200212B0000.00000004.00001000.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.XxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904947897.0000020021052000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1905569639.0000020021058000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000002.1912683462.0000020021059000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000003.1904858985.000002002103F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxya__cause__uXxWACzmWyB.exe, 00000000.00000003.1675931122.000001B474C91000.00000004.00000020.00020000.00000000.sdmp, wwndjlajmlkzqaqa.exe, 00000001.00000000.1683495976.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                              		high

                                                                                                                              World Map of Contacted IPs

                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs

                                                                                                                              Public IPs

                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              88.218.62.219
                                                                                                                              		unknownRussian Federation
                                                                                                                              		20655E-STYLEISP-ASRUfalse

                                                                                                                              General Information

                                                                                                                              Joe Sandbox Version:38.0.0 Ammolite
                                                                                                                              Analysis ID:1338491
                                                                                                                              Start date and time:2023-11-07 20:24:55 +01:00
                                                                                                                              Joe Sandbox Product:CloudBasic
                                                                                                                              Overall analysis duration:0h 10m 3s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:14
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample file name:XxWACzmWyB.exe
                                                                                                                              (renamed file extension from none to exe, renamed because original name is a hash value)
                                                                                                                              Original Sample Name:0e484560a909fc06b9987db73346efa0ca6750d523f2334913c23e061695f5cc
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal96.rans.adwa.evad.winEXE@12/51@0/1
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 33.3%
                                                                                                                              HCA Information:Failed

                                                                                                                              Warnings

                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                              • Execution Graph export aborted for target XxWACzmWyB.exe, PID 6672 because there are no executed function
                                                                                                                              • Execution Graph export aborted for target XxWACzmWyB.exe, PID 7008 because there are no executed function
                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • VT rate limit hit for: XxWACzmWyB.exe

                                                                                                                              Simulations

                                                                                                                              Behavior and APIs

                                                                                                                              TimeTypeDescription
                                                                                                                              19:25:49AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe

                                                                                                                              Joe Sandbox View / Context

                                                                                                                              IPs

                                                                                                                              No context

                                                                                                                              Domains

                                                                                                                              No context

                                                                                                                              ASNs

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              E-STYLEISP-ASRUhttps://billings-confirmation.net/auth/Get hashmaliciousUnknownBrowse
                                                                                                                              • 213.226.123.41
                                                                                                                              Wondershare_Filmora_12_License.exeGet hashmaliciousDanaBotBrowse
                                                                                                                              • 88.218.61.195
                                                                                                                              http://vtgetaways.com/SKNWLsR6NN.cfm?gAAAAABlHn6nGWbLvyk1n6S3mfohZ12RTl4zQyC6CPHQH1CAvVJHbEj-8-q5K_ddJU11BEZX4NaFoybiPemu8bahbs4GxExM9I_dfWSiZNFuw_1VbYaBR6yE6g9vl5sIfhr5CDmeCrdHgohG4f4X3LyIEIgyn34yDA====Get hashmaliciousPhisherBrowse
                                                                                                                              • 185.147.127.22
                                                                                                                              xd.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 88.218.185.208
                                                                                                                              https://santander-signature.com.de/Get hashmaliciousUnknownBrowse
                                                                                                                              • 213.226.123.47
                                                                                                                              http://v6oib9i59.xtcmall.com/EOrpY.jsw?NMTBslQXHZXQb=cBHJVQQgdSnFJ1cmmyca03wca101ngge0z1tb12196eahih1dfGet hashmaliciousGRQ ScamBrowse
                                                                                                                              • 185.147.127.158
                                                                                                                              http://v6oib9i59.xtcmall.com/EOrpY.php5?NMTBslQXHZXQb=cBHJVQQgdSnFJ1cmmyca03wca101ngge0z1tb12196eahih1dfGet hashmaliciousPhisherBrowse
                                                                                                                              • 185.147.127.158
                                                                                                                              http://v6oib9i59.xtcmall.com/EOrpY.jsw?NMTBslQXHZXQb=cBHJVQQgdSnFJ1cmmyca03wca101ngge0z1tb12196eahih1dfGet hashmaliciousGRQ Scam, PhisherBrowse
                                                                                                                              • 185.147.127.158
                                                                                                                              http://v6oib9i59.xtcmall.com/EOrpY.php5?NMTBslQXHZXQb=cBHJVQQgdSnFJ1cmmyca03wca101ngge0z1tb12196eahih1dfGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 185.147.127.158
                                                                                                                              https://minimumsol.com/0/0/0/9e983bb8d13880312b9ce24ac5a24a47/UPS555_043i4pe/_j1%7C3pkhe%7Chi1fn%7Co0464f3563004e3d_1nm4%7C140lbju%7C94543%7C01eerhi1fn%7CAGet hashmaliciousGRQ Scam, PhisherBrowse
                                                                                                                              • 185.147.127.223
                                                                                                                              http://facilitateric.org.uk/9rqup7krhrjdt2a.php/ZXZtZ2dv/cGhiag==/b2dr/?l=MzI9MW8wNDY0ZjM1NjMwMDRlM2RfMW5tNC4za3R0N3M0bC5BMDFlZXJoaTFmbjIweTc3eDJfajEyMTQ2LmhpMWZu&f=dHJsYWw=d21lcHlydXU=M3BraGUxNDBsYmp1Ad18rRGet hashmaliciousGRQ Scam, PhisherBrowse
                                                                                                                              • 185.147.127.223
                                                                                                                              1692913422182fa291231c1585b71c8fc329e77db7ea5c9b7dd2e82fee195b19cb149cc927369.dat-decoded.exeGet hashmaliciousAmadeyBrowse
                                                                                                                              • 213.226.123.14
                                                                                                                              1692110550902459b3d38a295dc636c21043b764a40002f1a0c9978e09dc8a11da0bf51876723.dat-decoded.exeGet hashmaliciousAmadeyBrowse
                                                                                                                              • 213.226.123.14
                                                                                                                              http://www.imt.niu.edu/ipdb3n4m.azodusexz?ccyWVKqcc00VXcyKGjcccWgctcB5J7kxlrcbbb5m======Get hashmaliciousPhisherBrowse
                                                                                                                              • 185.147.127.48
                                                                                                                              raf3FTLZ2C.exeGet hashmaliciousPhoenix MinerBrowse
                                                                                                                              • 88.218.61.38
                                                                                                                              16904941841bdcd529d18d1719e97bd155d650a7d3789c12cda2bd13eb568705155674f42c725.dat-decoded.exeGet hashmaliciousAmadey, RemcosBrowse
                                                                                                                              • 213.226.123.14
                                                                                                                              CommerzbankSecurity.apkGet hashmaliciousHydraBrowse
                                                                                                                              • 213.226.123.27
                                                                                                                              RB9ztRoxZ5.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 88.218.185.229
                                                                                                                              https://storage.googleapis.com/hatrioua/hreflink.html#?Z289MSZzMT0xNjY2NTQ4JnMyPTM3NjI4MTYzOSZzMz1FUw==Get hashmaliciousPhisherBrowse
                                                                                                                              • 185.147.127.240
                                                                                                                              https://storage.googleapis.com/hatrioua/hreflink.html#?Z289MSZzMT0xNjYwMjkyJnMyPTM3NjI4MTYzOSZzMz1FUw==Get hashmaliciousPhisherBrowse
                                                                                                                              • 185.147.127.240

                                                                                                                              JA3 Fingerprints

                                                                                                                              No context

                                                                                                                              Dropped Files

                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_bz2.pydi2sVPK1Dnn.exeGet hashmaliciousUnknownBrowse
                                                                                                                                thwit4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                  thwit4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    InfinityCheatsLoader.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      SystemManager.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        python_stealer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          ChampCup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                            ESD_Update.exeGet hashmaliciousUnknownBrowse
                                                                                                                                              ESD_EGGS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                ESD_Update.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                  ESD_EGGS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    ESD_EGGS.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      ESD_Update.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        wXEaYEE4bg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                          RWL2nATyI8.exeGet hashmaliciousDCRatBrowse
                                                                                                                                                            7GV6ErInyE.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              KaxiNt5PTT.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_cffi_backend.pydAdamx_Tweaking_Utility_Version_10.04.23.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                  Creal.exeGet hashmaliciousCreal StealerBrowse
                                                                                                                                                                    ruhsat_skodafavorit_.batGet hashmaliciousCreal StealerBrowse

                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_bz2.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):83368
                                                                                                                                                                      Entropy (8bit):6.530099411242372
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:asRz7qNFcaO6ViD4fhaLRFc/a8kd7jzWHCxIStVs7Sywk:9RzGYYhaY9kd7jzWixIStVs+k
                                                                                                                                                                      MD5:A4B636201605067B676CC43784AE5570
                                                                                                                                                                      SHA1:E9F49D0FC75F25743D04CE23C496EB5F89E72A9A
                                                                                                                                                                      SHA-256:F178E29921C04FB68CC08B1E5D1181E5DF8CE1DE38A968778E27990F4A69973C
                                                                                                                                                                      SHA-512:02096BC36C7A9ECFA1712FE738B5EF8B78C6964E0E363136166657C153727B870A6A44C1E1EC9B81289D1AA0AF9C85F1A37B95B667103EDC2D3916280B6A9488
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                      • Filename: i2sVPK1Dnn.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: thwit4.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: thwit4.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: InfinityCheatsLoader.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: SystemManager.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: python_stealer.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ChampCup.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ESD_Update.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ESD_EGGS.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ESD_Update.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ESD_EGGS.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ESD_EGGS.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ESD_Update.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: wXEaYEE4bg.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: RWL2nATyI8.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: 7GV6ErInyE.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: KaxiNt5PTT.exe, Detection: malicious, Browse
                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........{..{..{...#.{......{....M.{......{......{......{......{..Z...{..{...{......{......{....O.{......{..Rich.{..........PE..d....K.b.........." ... .....^..............................................P......& ....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_cffi_backend.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):181248
                                                                                                                                                                      Entropy (8bit):6.188683787528254
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:rZ1fKD8GVLHASq0TTjfQxnkVB0hcspEsHS7iiSTLkKetJb9Pu:rZNRGVb9TTCnaZsuMXiSTLLeD9
                                                                                                                                                                      MD5:EBB660902937073EC9695CE08900B13D
                                                                                                                                                                      SHA1:881537ACEAD160E63FE6BA8F2316A2FBBB5CB311
                                                                                                                                                                      SHA-256:52E5A0C3CA9B0D4FC67243BD8492F5C305FF1653E8D956A2A3D9D36AF0A3E4FD
                                                                                                                                                                      SHA-512:19D5000EF6E473D2F533603AFE8D50891F81422C59AE03BEAD580412EC756723DC3379310E20CD0C39E9683CE7C5204791012E1B6B73996EA5CB59E8D371DE24
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                      • Filename: Adamx_Tweaking_Utility_Version_10.04.23.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: Creal.exe, Detection: malicious, Browse
                                                                                                                                                                      • Filename: ruhsat_skodafavorit_.bat, Detection: malicious, Browse
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ih..-..C-..C-..C$qMC!..C.|.B/..CKf#C)..C.|.B&..C.|.B%..C.|.B)..Cfq.B)..C.|.B...C-..C...C.|.B)..C$qKC,..C.|.B,..C.|!C,..C.|.B,..CRich-..C........PE..d.....e.........." .........@...............................................0............`..........................................g..l...|g..................H............ .......M...............................M..8............................................text...h........................... ..`.rdata..l...........................@..@.data....\.......0...v..............@....pdata..H...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_ctypes.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):122792
                                                                                                                                                                      Entropy (8bit):6.021506515932983
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:bsQx9bm+edYe3ehG+20t7MqfrSW08UficVISQPkFPR:QQxCOhGB0tgqfrSiUficrZ
                                                                                                                                                                      MD5:87596DB63925DBFE4D5F0F36394D7AB0
                                                                                                                                                                      SHA1:AD1DD48BBC078FE0A2354C28CB33F92A7E64907E
                                                                                                                                                                      SHA-256:92D7954D9099762D81C1AE2836C11B6BA58C1883FDE8EEEFE387CC93F2F6AFB4
                                                                                                                                                                      SHA-512:E6D63E6FE1C3BD79F1E39CB09B6F56589F0EE80FD4F4638002FE026752BFA65457982ADBEF13150FA2F36E68771262D9378971023E07A75D710026ED37E83D7B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T....ne..ne..ne......ne.p.d..ne.p.`..ne.p.a..ne.p.f..ne.t.d..ne...a..ne...d..ne...d..ne..nd..ne.t.h..ne.t.e..ne.t....ne.t.g..ne.Rich.ne.........PE..d....K.b.........." ... ............P[..............................................H.....`..........................................Q.......R...........................).......... ...T...............................@...............@............................text............................... ..`.rdata..nl.......n..................@..@.data...D>...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_decimal.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):250280
                                                                                                                                                                      Entropy (8bit):6.547354352688139
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:TogRj7JKM8c7N6FiFUGMKa3xB6Dhj9qWMa3pLW1A64WsqC:tPJKa7N6FEa3x4NlbqC
                                                                                                                                                                      MD5:10F7B96C666F332EC512EDADE873EECB
                                                                                                                                                                      SHA1:4F511C030D4517552979105A8BB8CCCF3A56FCEA
                                                                                                                                                                      SHA-256:6314C99A3EFA15307E7BDBE18C0B49BC841C734F42923A0B44AAB42ED7D4A62D
                                                                                                                                                                      SHA-512:CFE5538E3BECBC3AA5540C627AF7BF13AD8F5C160B581A304D1510E0CB2876D49801DF76916DCDA6B7E0654CE145BB66D6E31BD6174524AE681D5F2B49088419
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................7.......................................+.........c.........................[...........Rich...........PE..d....K.b.........." ... .p...:.......................................................^....`..........................................D..P...@E...................'.......)......@...p...T...........................0...@............................................text...]o.......p.................. ..`.rdata...............t..............@..@.data....)...`...$...L..............@....pdata...'.......(...p..............@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_hashlib.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):61864
                                                                                                                                                                      Entropy (8bit):6.210920109899827
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:aSz5iGzcowlJF+aSe3kuKUZgL4dqDswE9+B1fpIS5IHYiSyvc9eEdB:npWlJF+aYupZbdqDOgB1fpIS5IH7Sy+V
                                                                                                                                                                      MD5:49CE7A28E1C0EB65A9A583A6BA44FA3B
                                                                                                                                                                      SHA1:DCFBEE380E7D6C88128A807F381A831B6A752F10
                                                                                                                                                                      SHA-256:1BE5CFD06A782B2AE8E4629D9D035CBC487074E8F63B9773C85E317BE29C0430
                                                                                                                                                                      SHA-512:CF1F96D6D61ECB2997BB541E9EDA7082EF4A445D3DD411CE6FD71B0DFE672F4DFADDF36AE0FB7D5F6D1345FBD90C19961A8F35328332CDAA232F322C0BF9A1F9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zD.A>%..>%..>%..7]..:%..^_..<%..^_..2%..^_..6%..^_..=%..Z_..<%...W..<%...\..=%..>%...%..Z_..?%..Z_..?%..Z_..?%..Z_..?%..Rich>%..................PE..d....K.b.........." ... .P...z.......<..............................................Np....`............................................P...@............................)......X....l..T............................k..@............`..(............................text....N.......P.................. ..`.rdata..VM...`...N...T..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_lzma.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):158120
                                                                                                                                                                      Entropy (8bit):6.838169661977938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:MeORg8tdLRrHn5Xp4znfI9mNoY6JCvyPZxsyTxISe1KmDd:M/Rgo1L5wwYOY6MixJKR
                                                                                                                                                                      MD5:B5FBC034AD7C70A2AD1EB34D08B36CF8
                                                                                                                                                                      SHA1:4EFE3F21BE36095673D949CCEAC928E11522B29C
                                                                                                                                                                      SHA-256:80A6EBE46F43FFA93BBDBFC83E67D6F44A44055DE1439B06E4DD2983CB243DF6
                                                                                                                                                                      SHA-512:E7185DA748502B645030C96D3345D75814BA5FD95A997C2D1C923D981C44D5B90DB64FAF77DDBBDC805769AF1BEC37DAF0ECEE0930A248B67A1C2D92B59C250C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....................................................<.........................................Rich...........................PE..d....L.b.........." ... .d...........8...............................................p....`.........................................0%..L...|%..x....p.......P.......@...)......H.......T...........................`...@............................................text...^c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..H............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_queue.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):30632
                                                                                                                                                                      Entropy (8bit):6.41055734058478
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:lez/Dt36r34krA4eVIS7UAYiSyvAEYeEdSiD:leDE34krA4eVIS7UA7Sy9YLD
                                                                                                                                                                      MD5:23F4BECF6A1DF36AEE468BB0949AC2BC
                                                                                                                                                                      SHA1:A0E027D79A281981F97343F2D0E7322B9FE9B441
                                                                                                                                                                      SHA-256:09C5FAF270FD63BDE6C45CC53B05160262C7CA47D4C37825ED3E15D479DAEE66
                                                                                                                                                                      SHA-512:3EE5B3B7583BE1408C0E1E1C885512445A7E47A69FF874508E8F0A00A66A40A0E828CE33E6F30DDC3AC518D69E4BB96C8B36011FB4EDEDF9A9630EF98A14893B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~Zb...b...b...k..`.......`.......n.......j.......a.......a.......`...b...+.......c.......c.......c.......c...Richb...........................PE..d....K.b.........." ... .....8.......................................................F....`..........................................C..L....C..d....p.......`.......N...)..........`4..T........................... 3..@............0..(............................text............................... ..`.rdata..2....0......................@..@.data...x....P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_socket.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):77736
                                                                                                                                                                      Entropy (8bit):6.247935524153974
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:C6DucXZAuj19/s+S+pjtk/DDTaVISQwn7SyML:C6DPXSuj19/sT+ppk/XWVISQwneL
                                                                                                                                                                      MD5:E137DF498C120D6AC64EA1281BCAB600
                                                                                                                                                                      SHA1:B515E09868E9023D43991A05C113B2B662183CFE
                                                                                                                                                                      SHA-256:8046BF64E463D5AA38D13525891156131CF997C2E6CDF47527BC352F00F5C90A
                                                                                                                                                                      SHA-512:CC2772D282B81873AA7C5CBA5939D232CCEB6BE0908B211EDB18C25A17CBDB5072F102C0D6B7BC9B6B2F1F787B56AB1BC9BE731BB9E98885C17E26A09C2BEB90
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...ry..ry..ry..{.g.ty......py.......y......zy......qy......py..ry...y......uy......sy......sy......sy......sy..Richry..................PE..d....K.b.........." ... .l.......... &.......................................P.......Q....`.............................................P...P........0....... ..l........)...@.........T...............................@............................................text...Rj.......l.................. ..`.rdata...s.......t...p..............@..@.data...............................@....pdata..l.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\_ssl.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):159144
                                                                                                                                                                      Entropy (8bit):6.002098953253968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:UhIDGtzShE3z/JHPUE0uev5J2oE/wu3rE923+nuI5Piev9muxISt710Y:UhIqtzShE3zhvyue5EMnuaF9mu3
                                                                                                                                                                      MD5:35F66AD429CD636BCAD858238C596828
                                                                                                                                                                      SHA1:AD4534A266F77A9CDCE7B97818531CE20364CB65
                                                                                                                                                                      SHA-256:58B772B53BFE898513C0EB264AE4FA47ED3D8F256BC8F70202356D20F9ECB6DC
                                                                                                                                                                      SHA-512:1CCA8E6C3A21A8B05CC7518BD62C4E3F57937910F2A310E00F13F60F6A94728EF2004A2F4A3D133755139C3A45B252E6DB76987B6B78BC8269A21AD5890356AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dI...'L..'L..'L.}.L..'L..&M..'L.."M..'L..#M..'L..$M..'L..&M..'Lz|&M..'L..&Lt.'L)w&M..'L..*M..'L..'M..'L...L..'L..%M..'LRich..'L................PE..d....K.b.........." ... ............l*...................................................`............................................d...4........`.......P.......D...)...p..<.......T...............................@............................................text...x........................... ..`.rdata..J...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..<....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\certifi\cacert.pem

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):281617
                                                                                                                                                                      Entropy (8bit):6.048201407322743
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:QW1H/M8fRR1mNplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5f:QWN/TR8NLWURrI55MWavdF0f
                                                                                                                                                                      MD5:78D9DD608305A97773574D1C0FB10B61
                                                                                                                                                                      SHA1:9E177F31A3622AD71C3D403422C9A980E563FE32
                                                                                                                                                                      SHA-256:794D039FFDF277C047E26F2C7D58F81A5865D8A0EB7024A0FAC1164FEA4D27CF
                                                                                                                                                                      SHA-512:0C2D08747712ED227B4992F6F8F3CC21168627A79E81C6E860EE2B5F711AF7F4387D3B71B390AA70A13661FC82806CC77AF8AB1E8A8DF82AD15E29E05FA911BF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\charset_normalizer\md.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                      Entropy (8bit):4.667245494255628
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:sFp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCFviormHcX6g8cim1qeSju1:sT2HzzjBbRYoetomcqgvimoe
                                                                                                                                                                      MD5:2069F8B2789FCF3647F9D499BC851C0E
                                                                                                                                                                      SHA1:EBAE22E22CFA7E2D83F5AFFEDCD20D4D556B503B
                                                                                                                                                                      SHA-256:A65DFD20D20B0EDE1AC22869E9567D31FE13845ADC95001691305E952C480F4D
                                                                                                                                                                      SHA-512:1D75F09C6241C9FC50D53C1664FB3FCC2AD4E8B047F3358F26266A09739FE1DF8A66EA8EE7140CD2DF6438D0F02B93ACE546EAE99A8388EA02726420A3413559
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.V"..V"..V".._Z..T"...^..T"...Z..T"...^..]"...^..^"...^..U"..W..U"..V"..p".._..W".._..W".._v.W".._..W"..RichV"..........................PE..d......e.........." ...#.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\charset_normalizer\md__mypyc.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):113664
                                                                                                                                                                      Entropy (8bit):5.8937305158443545
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:orQGTJv3qqaUlB2EsORhzkTJntQ7Q7Lg8Fkl7ZAn1kJ0F9quDpQpBlF:orQG5baUlB2vOLAJA6z89WkJ0FTpQpB
                                                                                                                                                                      MD5:16241E6837C9D16850C362DE6A26C6A1
                                                                                                                                                                      SHA1:9B80641AFB592013D7B657FA7C038845EC4F93E2
                                                                                                                                                                      SHA-256:44BE723AF3728B0BD3C482786B9356E540BAD5B648383DE6D577A8A9FC2720CB
                                                                                                                                                                      SHA-512:3F6E9DB81363DB8C432AB4CAE5E417092B67CC80596336AAFF13E9070B61C37EDF79A4B3DE24F1022795EF4693911A106B8E6C3651A2173C526EBB498E800CA8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........RK.J3%.J3%.J3%.CK..B3%..O$.H3%..K$.H3%..O .G3%..O!.B3%..O&.I3%..F$.I3%.J3$..3%..N-.K3%..N%.K3%..N..K3%..N'.K3%.RichJ3%.........................PE..d......e.........." ...#............."....................................................`......................................... t..d....t..................................$....e...............................d..@............0...............................text...(........................... ..`.rdata...U...0...V..."..............@..@.data...p8.......,...x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6642688
                                                                                                                                                                      Entropy (8bit):6.577039518750405
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:196608:WW58e0d+4d/PELa7tuWcjF8Qocmwis1J:WW58e0dbd/P6EtKjF8
                                                                                                                                                                      MD5:0617BE8F80712BFECC5B6551B0611C54
                                                                                                                                                                      SHA1:8211673695BE21AFB30ABDE8F63E6321B4E2A492
                                                                                                                                                                      SHA-256:DCB9980557FD18E59A075758236DA0D3FCD445FAE2EF990E670CC5DA1A67FC73
                                                                                                                                                                      SHA-512:2343786E5D40771D688FE5582DCA2240B8821C957F51EB7CFB63A679BD5D71A126FEE2BCD5E91FEB205117A49220610DAF302C95E245C34A0A8C6E061262C31A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{W........................................................./.......................2........s..........n....s.......s......Rich............PE..d...{..e.........." ...%..L.........X7L.......................................e...........`.........................................@.`.p.....`.|.............a.D.............d.,...@Z[.T....................[[.(....Y[.@.............L..............................text.....L.......L................. ..`.rdata........L.......L.............@..@.data...`.....`.......`.............@....pdata..D.....a.......a.............@..@.reloc..,.....d.......d.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libcrypto-1_1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3439512
                                                                                                                                                                      Entropy (8bit):6.096012359425593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                                      MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                                      SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                                      SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                                      SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libffi-7.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32792
                                                                                                                                                                      Entropy (8bit):6.3566777719925565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                      MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                      SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                      SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                      SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\libssl-1_1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):698784
                                                                                                                                                                      Entropy (8bit):5.533720236597082
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                                      MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                                      SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                                      SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                                      SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\python3.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64936
                                                                                                                                                                      Entropy (8bit):6.1037683983631625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:kD8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqL:kDwewnvtjnsfwaVISQ0a7SydEnn
                                                                                                                                                                      MD5:07BD9F1E651AD2409FD0B7D706BE6071
                                                                                                                                                                      SHA1:DFEB2221527474A681D6D8B16A5C378847C59D33
                                                                                                                                                                      SHA-256:5D78CD1365EA9AE4E95872576CFA4055342F1E80B06F3051CF91D564B6CD09F5
                                                                                                                                                                      SHA-512:DEF31D2DF95CB7999CE1F55479B2FF7A3CB70E9FC4778FC50803F688448305454FBBF82B5A75032F182DFF663A6D91D303EF72E3D2CA9F2A1B032956EC1A0E2A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f..A.e.A.e.A.e.%}m.@.e.%}e.@.e.%}..@.e.%}g.@.e.RichA.e.........................PE..d....K.b.........." ... ..................................................................`.........................................`...`................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\python310.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4493736
                                                                                                                                                                      Entropy (8bit):6.465157771728023
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:5vL1txd/8sCmiAiPw+RxtLzli0Im3wOc+28Ivu31WfbF9PtF+FNDHaSclAaBlh7y:Dw7Ad07RmodacSeSHCMTbSp4PS
                                                                                                                                                                      MD5:C80B5CB43E5FE7948C3562C1FFF1254E
                                                                                                                                                                      SHA1:F73CB1FB9445C96ECD56B984A1822E502E71AB9D
                                                                                                                                                                      SHA-256:058925E4BBFCB460A3C00EC824B8390583BAEF0C780A7C7FF01D43D9EEC45F20
                                                                                                                                                                      SHA-512:FAA97A9D5D2A0BF78123F19F8657C24921B907268938C26F79E1DF6D667F7BEE564259A3A11022E8629996406CDA9FA00434BB2B1DE3E10B9BDDC59708DBAD81
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.o...o...o.......m.......b.......c.......g.......k...f.`.u......f...o...3..............n.......n.......n...Richo...................PE..d....K.b.........." ... ..#...!.....|!........................................E.....{.D...`..........................................G=.......>.|.....E.......B......hD..)....E..t...Q%.T...........................`P%.@.............#.0............................text.....#.......#................. ..`.rdata...\....#..^....#.............@..@.data... ....0>.......>.............@....pdata........B.. ....A.............@..@PyRuntim`.....D.......C.............@....rsrc.........E.......C.............@..@.reloc...t....E..v....C.............@..B................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\select.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29096
                                                                                                                                                                      Entropy (8bit):6.4767692602677815
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:rPxHeWt+twhCBsHqF2BMXR6VIS7GuIYiSy1pCQkyw24i/8E9VFL2Ut8JU:ZeS+twhC6HqwmYVIS7GjYiSyv7VeEdH
                                                                                                                                                                      MD5:ADC412384B7E1254D11E62E451DEF8E9
                                                                                                                                                                      SHA1:04E6DFF4A65234406B9BC9D9F2DCFE8E30481829
                                                                                                                                                                      SHA-256:68B80009AB656FFE811D680585FAC3D4F9C1B45F29D48C67EA2B3580EC4D86A1
                                                                                                                                                                      SHA-512:F250F1236882668B2686BD42E1C334C60DA7ABEC3A208EBEBDEE84A74D7C4C6B1BC79EED7241BC7012E4EF70A6651A32AA00E32A83F402475B479633581E0B07
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{?t..Q'..Q'..Q'.b.'..Q'.`P&..Q'.`T&..Q'.`U&..Q'.`R&..Q'.`P&..Q'..P'..Q'5hP&..Q'.`\&..Q'.`Q&..Q'.`.'..Q'.`S&..Q'Rich..Q'........................PE..d....K.b.........." ... .....2......................................................l.....`..........................................@..L....@..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata..H....0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\unicodedata.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1121192
                                                                                                                                                                      Entropy (8bit):5.384501252071814
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:bMYYMmuZ63NoQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uz9O:AYYuXZV0m8wMMREtV6Vo4uYz9O
                                                                                                                                                                      MD5:102BBBB1F33CE7C007AAC08FE0A1A97E
                                                                                                                                                                      SHA1:9A8601BEA3E7D4C2FA6394611611CDA4FC76E219
                                                                                                                                                                      SHA-256:2CF6C5DEA30BB0584991B2065C052C22D258B6E15384447DCEA193FDCAC5F758
                                                                                                                                                                      SHA-512:A07731F314E73F7A9EA73576A89CCB8A0E55E53F9B5B82F53121B97B1814D905B17A2DA9BD2EDA9F9354FC3F15E3DEA7A613D7C9BC98C36BBA653743B24DFC32
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(..F...F...F......F..G...F..C...F..B...F..E...F...G...F.C.G...F...G...F...K...F...F...F.......F...D...F.Rich..F.........................PE..d....K.b.........." ... .B...........*.......................................@......Y.....`.............................................X...(........ ...................)...0......@b..T............................a..@............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\vcruntime140.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):98736
                                                                                                                                                                      Entropy (8bit):6.474996871326343
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                      MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                      SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                      SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                      SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10991616
                                                                                                                                                                      Entropy (8bit):6.400193849569252
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:UXXKlrSOM6UBUZdMlPdi1c0tiJHEjad4M45rBoUBcgMtSgSc:WKxjUGZdMzQc0+Sc
                                                                                                                                                                      MD5:898AF9AC9850D8901B56A302BDB37FFC
                                                                                                                                                                      SHA1:C649DC5D423EBE011B7B69EBAB77F501484BE9F9
                                                                                                                                                                      SHA-256:DE85FAB8537B4EE714A82F181F0EBDA9FE579D3AE12AA1FD0921B0F6A1B9FDBF
                                                                                                                                                                      SHA-512:5A4E37F85D6ECC0540FE7F23C36E4AF34A22CCFF72A51C7A148AF3D84A39F9D339FC5ABC6C05872DB0D4D36B51DC955D8D26DC0274A68A65948071F2812F5142
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 6%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o.o...<...<...<.v.=...<.v.=w..<.v.=...<.q.<...<.q.=...<.q.=...<.q.=...<.t.=...<.v.=...<...<b..<..=...<..=...<Rich...<........................PE..d....c2e.........."....%..Y...N......AW........@.........................................`.................................................dj[.<....P`..J.. _.....................IZ.............................`HZ.@.............Y.@............................text.....X.......Y................. ..`.rdata..2.....Y.......Y.............@..@.data....v....[..|....[.............@....pdata....... _.. ....\.............@..@_RDATA..\....@`......$].............@..@.rsrc....J..P`...J..&].............@..@.reloc.............................@..B........................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\zstandard\_cffi.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):655360
                                                                                                                                                                      Entropy (8bit):6.430047499633207
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Lsp5LoRb+hTzSBM4mcNUYNNVNkRqHkMDpU3jT/cnLXi2Pr:YCx+hTzSBM4mc0qHkMc/cLy2Pr
                                                                                                                                                                      MD5:117E86F2144E337B04C04949DF435E8F
                                                                                                                                                                      SHA1:FFFB49BD8A50368F25C014ED725F060EAE6FF3D3
                                                                                                                                                                      SHA-256:3AE3F79F0FA25E5978937C83FA77650A6CE2AE6507D7D9DEAFD9AA19035B05E5
                                                                                                                                                                      SHA-512:2E4FC563A11805ADD9EDA9CC68F9D3F988D970D402A688C2ABEE57960F21E3988F4A6B4667F615D261A2BA34E3EE9A3FC0FC40E82604890946BDC1E543D20C6C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................8........................................F.............E......E......E.T.....E......Rich............................PE..d.....<d.........." ...".....`......\........................................P............`.........................................p...\...........0..........p5...........@.......s..............................Pr..@...............8............................text...x........................... ..`.rdata..............................@..@.data...0...........................@....pdata..p5.......6..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\zstandard\backend_c.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):525312
                                                                                                                                                                      Entropy (8bit):6.429897149640042
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:qBaAUPlVZqtHUONNQNk9jdPqfVHkBFaf++udL5yFAU8C5nBt:qBaAUPlPqtfjdPqgQ+++EAF
                                                                                                                                                                      MD5:4EC296C5608D46AFDB37048B920A676B
                                                                                                                                                                      SHA1:C94C21C9E9621940F59BCEC2F6A576A991B42A03
                                                                                                                                                                      SHA-256:A0F31C62E0C1B25857330AFA3D8C23B68D2E2B1D18FFC6D69FFB3DB481FAE40D
                                                                                                                                                                      SHA-512:7C49668BC1E9CCA2B07533AE7E1DFAC27A6C660DDB33553B0300A3946188D32E471BCAE1C1CC203388B21265BDCF04FCBFAE94C767537DCA5F3DC8D17BE34E24
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................................0..........|...3......3......3.e.....3......Rich............PE..d.....<d.........." ...".....................................................@............`.............................................d............ ...........*...........0..d....k...............................j..@............... ............................text............................... ..`.rdata..`...........................@..@.data...(-.......(..................@....pdata...*.......,..................@..@.rsrc........ ......................@..@.reloc..d....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_bz2.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):83368
                                                                                                                                                                      Entropy (8bit):6.530099411242372
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:asRz7qNFcaO6ViD4fhaLRFc/a8kd7jzWHCxIStVs7Sywk:9RzGYYhaY9kd7jzWixIStVs+k
                                                                                                                                                                      MD5:A4B636201605067B676CC43784AE5570
                                                                                                                                                                      SHA1:E9F49D0FC75F25743D04CE23C496EB5F89E72A9A
                                                                                                                                                                      SHA-256:F178E29921C04FB68CC08B1E5D1181E5DF8CE1DE38A968778E27990F4A69973C
                                                                                                                                                                      SHA-512:02096BC36C7A9ECFA1712FE738B5EF8B78C6964E0E363136166657C153727B870A6A44C1E1EC9B81289D1AA0AF9C85F1A37B95B667103EDC2D3916280B6A9488
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........{..{..{...#.{......{....M.{......{......{......{......{..Z...{..{...{......{......{....O.{......{..Rich.{..........PE..d....K.b.........." ... .....^..............................................P......& ....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_cffi_backend.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):181248
                                                                                                                                                                      Entropy (8bit):6.188683787528254
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:rZ1fKD8GVLHASq0TTjfQxnkVB0hcspEsHS7iiSTLkKetJb9Pu:rZNRGVb9TTCnaZsuMXiSTLLeD9
                                                                                                                                                                      MD5:EBB660902937073EC9695CE08900B13D
                                                                                                                                                                      SHA1:881537ACEAD160E63FE6BA8F2316A2FBBB5CB311
                                                                                                                                                                      SHA-256:52E5A0C3CA9B0D4FC67243BD8492F5C305FF1653E8D956A2A3D9D36AF0A3E4FD
                                                                                                                                                                      SHA-512:19D5000EF6E473D2F533603AFE8D50891F81422C59AE03BEAD580412EC756723DC3379310E20CD0C39E9683CE7C5204791012E1B6B73996EA5CB59E8D371DE24
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......ih..-..C-..C-..C$qMC!..C.|.B/..CKf#C)..C.|.B&..C.|.B%..C.|.B)..Cfq.B)..C.|.B...C-..C...C.|.B)..C$qKC,..C.|.B,..C.|!C,..C.|.B,..CRich-..C........PE..d.....e.........." .........@...............................................0............`..........................................g..l...|g..................H............ .......M...............................M..8............................................text...h........................... ..`.rdata..l...........................@..@.data....\.......0...v..............@....pdata..H...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_ctypes.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):122792
                                                                                                                                                                      Entropy (8bit):6.021506515932983
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:bsQx9bm+edYe3ehG+20t7MqfrSW08UficVISQPkFPR:QQxCOhGB0tgqfrSiUficrZ
                                                                                                                                                                      MD5:87596DB63925DBFE4D5F0F36394D7AB0
                                                                                                                                                                      SHA1:AD1DD48BBC078FE0A2354C28CB33F92A7E64907E
                                                                                                                                                                      SHA-256:92D7954D9099762D81C1AE2836C11B6BA58C1883FDE8EEEFE387CC93F2F6AFB4
                                                                                                                                                                      SHA-512:E6D63E6FE1C3BD79F1E39CB09B6F56589F0EE80FD4F4638002FE026752BFA65457982ADBEF13150FA2F36E68771262D9378971023E07A75D710026ED37E83D7B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T....ne..ne..ne......ne.p.d..ne.p.`..ne.p.a..ne.p.f..ne.t.d..ne...a..ne...d..ne...d..ne..nd..ne.t.h..ne.t.e..ne.t....ne.t.g..ne.Rich.ne.........PE..d....K.b.........." ... ............P[..............................................H.....`..........................................Q.......R...........................).......... ...T...............................@...............@............................text............................... ..`.rdata..nl.......n..................@..@.data...D>...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_decimal.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):250280
                                                                                                                                                                      Entropy (8bit):6.547354352688139
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:TogRj7JKM8c7N6FiFUGMKa3xB6Dhj9qWMa3pLW1A64WsqC:tPJKa7N6FEa3x4NlbqC
                                                                                                                                                                      MD5:10F7B96C666F332EC512EDADE873EECB
                                                                                                                                                                      SHA1:4F511C030D4517552979105A8BB8CCCF3A56FCEA
                                                                                                                                                                      SHA-256:6314C99A3EFA15307E7BDBE18C0B49BC841C734F42923A0B44AAB42ED7D4A62D
                                                                                                                                                                      SHA-512:CFE5538E3BECBC3AA5540C627AF7BF13AD8F5C160B581A304D1510E0CB2876D49801DF76916DCDA6B7E0654CE145BB66D6E31BD6174524AE681D5F2B49088419
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................7.......................................+.........c.........................[...........Rich...........PE..d....K.b.........." ... .p...:.......................................................^....`..........................................D..P...@E...................'.......)......@...p...T...........................0...@............................................text...]o.......p.................. ..`.rdata...............t..............@..@.data....)...`...$...L..............@....pdata...'.......(...p..............@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_hashlib.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):61864
                                                                                                                                                                      Entropy (8bit):6.210920109899827
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:aSz5iGzcowlJF+aSe3kuKUZgL4dqDswE9+B1fpIS5IHYiSyvc9eEdB:npWlJF+aYupZbdqDOgB1fpIS5IH7Sy+V
                                                                                                                                                                      MD5:49CE7A28E1C0EB65A9A583A6BA44FA3B
                                                                                                                                                                      SHA1:DCFBEE380E7D6C88128A807F381A831B6A752F10
                                                                                                                                                                      SHA-256:1BE5CFD06A782B2AE8E4629D9D035CBC487074E8F63B9773C85E317BE29C0430
                                                                                                                                                                      SHA-512:CF1F96D6D61ECB2997BB541E9EDA7082EF4A445D3DD411CE6FD71B0DFE672F4DFADDF36AE0FB7D5F6D1345FBD90C19961A8F35328332CDAA232F322C0BF9A1F9
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zD.A>%..>%..>%..7]..:%..^_..<%..^_..2%..^_..6%..^_..=%..Z_..<%...W..<%...\..=%..>%...%..Z_..?%..Z_..?%..Z_..?%..Z_..?%..Rich>%..................PE..d....K.b.........." ... .P...z.......<..............................................Np....`............................................P...@............................)......X....l..T............................k..@............`..(............................text....N.......P.................. ..`.rdata..VM...`...N...T..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_lzma.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):158120
                                                                                                                                                                      Entropy (8bit):6.838169661977938
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:MeORg8tdLRrHn5Xp4znfI9mNoY6JCvyPZxsyTxISe1KmDd:M/Rgo1L5wwYOY6MixJKR
                                                                                                                                                                      MD5:B5FBC034AD7C70A2AD1EB34D08B36CF8
                                                                                                                                                                      SHA1:4EFE3F21BE36095673D949CCEAC928E11522B29C
                                                                                                                                                                      SHA-256:80A6EBE46F43FFA93BBDBFC83E67D6F44A44055DE1439B06E4DD2983CB243DF6
                                                                                                                                                                      SHA-512:E7185DA748502B645030C96D3345D75814BA5FD95A997C2D1C923D981C44D5B90DB64FAF77DDBBDC805769AF1BEC37DAF0ECEE0930A248B67A1C2D92B59C250C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....................................................<.........................................Rich...........................PE..d....L.b.........." ... .d...........8...............................................p....`.........................................0%..L...|%..x....p.......P.......@...)......H.......T...........................`...@............................................text...^c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..H............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_queue.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):30632
                                                                                                                                                                      Entropy (8bit):6.41055734058478
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:lez/Dt36r34krA4eVIS7UAYiSyvAEYeEdSiD:leDE34krA4eVIS7UA7Sy9YLD
                                                                                                                                                                      MD5:23F4BECF6A1DF36AEE468BB0949AC2BC
                                                                                                                                                                      SHA1:A0E027D79A281981F97343F2D0E7322B9FE9B441
                                                                                                                                                                      SHA-256:09C5FAF270FD63BDE6C45CC53B05160262C7CA47D4C37825ED3E15D479DAEE66
                                                                                                                                                                      SHA-512:3EE5B3B7583BE1408C0E1E1C885512445A7E47A69FF874508E8F0A00A66A40A0E828CE33E6F30DDC3AC518D69E4BB96C8B36011FB4EDEDF9A9630EF98A14893B
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~Zb...b...b...k..`.......`.......n.......j.......a.......a.......`...b...+.......c.......c.......c.......c...Richb...........................PE..d....K.b.........." ... .....8.......................................................F....`..........................................C..L....C..d....p.......`.......N...)..........`4..T........................... 3..@............0..(............................text............................... ..`.rdata..2....0......................@..@.data...x....P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_socket.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):77736
                                                                                                                                                                      Entropy (8bit):6.247935524153974
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:C6DucXZAuj19/s+S+pjtk/DDTaVISQwn7SyML:C6DPXSuj19/sT+ppk/XWVISQwneL
                                                                                                                                                                      MD5:E137DF498C120D6AC64EA1281BCAB600
                                                                                                                                                                      SHA1:B515E09868E9023D43991A05C113B2B662183CFE
                                                                                                                                                                      SHA-256:8046BF64E463D5AA38D13525891156131CF997C2E6CDF47527BC352F00F5C90A
                                                                                                                                                                      SHA-512:CC2772D282B81873AA7C5CBA5939D232CCEB6BE0908B211EDB18C25A17CBDB5072F102C0D6B7BC9B6B2F1F787B56AB1BC9BE731BB9E98885C17E26A09C2BEB90
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...ry..ry..ry..{.g.ty......py.......y......zy......qy......py..ry...y......uy......sy......sy......sy......sy..Richry..................PE..d....K.b.........." ... .l.......... &.......................................P.......Q....`.............................................P...P........0....... ..l........)...@.........T...............................@............................................text...Rj.......l.................. ..`.rdata...s.......t...p..............@..@.data...............................@....pdata..l.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\_ssl.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):159144
                                                                                                                                                                      Entropy (8bit):6.002098953253968
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:3072:UhIDGtzShE3z/JHPUE0uev5J2oE/wu3rE923+nuI5Piev9muxISt710Y:UhIqtzShE3zhvyue5EMnuaF9mu3
                                                                                                                                                                      MD5:35F66AD429CD636BCAD858238C596828
                                                                                                                                                                      SHA1:AD4534A266F77A9CDCE7B97818531CE20364CB65
                                                                                                                                                                      SHA-256:58B772B53BFE898513C0EB264AE4FA47ED3D8F256BC8F70202356D20F9ECB6DC
                                                                                                                                                                      SHA-512:1CCA8E6C3A21A8B05CC7518BD62C4E3F57937910F2A310E00F13F60F6A94728EF2004A2F4A3D133755139C3A45B252E6DB76987B6B78BC8269A21AD5890356AD
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dI...'L..'L..'L.}.L..'L..&M..'L.."M..'L..#M..'L..$M..'L..&M..'Lz|&M..'L..&Lt.'L)w&M..'L..*M..'L..'M..'L...L..'L..%M..'LRich..'L................PE..d....K.b.........." ... ............l*...................................................`............................................d...4........`.......P.......D...)...p..<.......T...............................@............................................text...x........................... ..`.rdata..J...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..<....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\certifi\cacert.pem

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):281617
                                                                                                                                                                      Entropy (8bit):6.048201407322743
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6144:QW1H/M8fRR1mNplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5f:QWN/TR8NLWURrI55MWavdF0f
                                                                                                                                                                      MD5:78D9DD608305A97773574D1C0FB10B61
                                                                                                                                                                      SHA1:9E177F31A3622AD71C3D403422C9A980E563FE32
                                                                                                                                                                      SHA-256:794D039FFDF277C047E26F2C7D58F81A5865D8A0EB7024A0FAC1164FEA4D27CF
                                                                                                                                                                      SHA-512:0C2D08747712ED227B4992F6F8F3CC21168627A79E81C6E860EE2B5F711AF7F4387D3B71B390AA70A13661FC82806CC77AF8AB1E8A8DF82AD15E29E05FA911BF
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\charset_normalizer\md.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                      Entropy (8bit):4.667245494255628
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:96:sFp72HzA5iJewkY0hQMsQJCUCLsZEA4elh3XQMtCFviormHcX6g8cim1qeSju1:sT2HzzjBbRYoetomcqgvimoe
                                                                                                                                                                      MD5:2069F8B2789FCF3647F9D499BC851C0E
                                                                                                                                                                      SHA1:EBAE22E22CFA7E2D83F5AFFEDCD20D4D556B503B
                                                                                                                                                                      SHA-256:A65DFD20D20B0EDE1AC22869E9567D31FE13845ADC95001691305E952C480F4D
                                                                                                                                                                      SHA-512:1D75F09C6241C9FC50D53C1664FB3FCC2AD4E8B047F3358F26266A09739FE1DF8A66EA8EE7140CD2DF6438D0F02B93ACE546EAE99A8388EA02726420A3413559
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C.V"..V"..V".._Z..T"...^..T"...Z..T"...^..]"...^..^"...^..U"..W..U"..V"..p".._..W".._..W".._v.W".._..W"..RichV"..........................PE..d......e.........." ...#.....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data...8....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\charset_normalizer\md__mypyc.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):113664
                                                                                                                                                                      Entropy (8bit):5.8937305158443545
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:orQGTJv3qqaUlB2EsORhzkTJntQ7Q7Lg8Fkl7ZAn1kJ0F9quDpQpBlF:orQG5baUlB2vOLAJA6z89WkJ0FTpQpB
                                                                                                                                                                      MD5:16241E6837C9D16850C362DE6A26C6A1
                                                                                                                                                                      SHA1:9B80641AFB592013D7B657FA7C038845EC4F93E2
                                                                                                                                                                      SHA-256:44BE723AF3728B0BD3C482786B9356E540BAD5B648383DE6D577A8A9FC2720CB
                                                                                                                                                                      SHA-512:3F6E9DB81363DB8C432AB4CAE5E417092B67CC80596336AAFF13E9070B61C37EDF79A4B3DE24F1022795EF4693911A106B8E6C3651A2173C526EBB498E800CA8
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........RK.J3%.J3%.J3%.CK..B3%..O$.H3%..K$.H3%..O .G3%..O!.B3%..O&.I3%..F$.I3%.J3$..3%..N-.K3%..N%.K3%..N..K3%..N'.K3%.RichJ3%.........................PE..d......e.........." ...#............."....................................................`......................................... t..d....t..................................$....e...............................d..@............0...............................text...(........................... ..`.rdata...U...0...V..."..............@..@.data...p8.......,...x..............@....pdata..............................@..@.rsrc...............................@..@.reloc..$...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):6642688
                                                                                                                                                                      Entropy (8bit):6.577039518750405
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:196608:WW58e0d+4d/PELa7tuWcjF8Qocmwis1J:WW58e0dbd/P6EtKjF8
                                                                                                                                                                      MD5:0617BE8F80712BFECC5B6551B0611C54
                                                                                                                                                                      SHA1:8211673695BE21AFB30ABDE8F63E6321B4E2A492
                                                                                                                                                                      SHA-256:DCB9980557FD18E59A075758236DA0D3FCD445FAE2EF990E670CC5DA1A67FC73
                                                                                                                                                                      SHA-512:2343786E5D40771D688FE5582DCA2240B8821C957F51EB7CFB63A679BD5D71A126FEE2BCD5E91FEB205117A49220610DAF302C95E245C34A0A8C6E061262C31A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........{W........................................................./.......................2........s..........n....s.......s......Rich............PE..d...{..e.........." ...%..L.........X7L.......................................e...........`.........................................@.`.p.....`.|.............a.D.............d.,...@Z[.T....................[[.(....Y[.@.............L..............................text.....L.......L................. ..`.rdata........L.......L.............@..@.data...`.....`.......`.............@....pdata..D.....a.......a.............@..@.reloc..,.....d.......d.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libcrypto-1_1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):3439512
                                                                                                                                                                      Entropy (8bit):6.096012359425593
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                                      MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                                      SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                                      SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                                      SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libffi-7.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):32792
                                                                                                                                                                      Entropy (8bit):6.3566777719925565
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                      MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                      SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                      SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                      SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\libssl-1_1.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):698784
                                                                                                                                                                      Entropy (8bit):5.533720236597082
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                                      MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                                      SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                                      SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                                      SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\python3.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):64936
                                                                                                                                                                      Entropy (8bit):6.1037683983631625
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:768:kD8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqL:kDwewnvtjnsfwaVISQ0a7SydEnn
                                                                                                                                                                      MD5:07BD9F1E651AD2409FD0B7D706BE6071
                                                                                                                                                                      SHA1:DFEB2221527474A681D6D8B16A5C378847C59D33
                                                                                                                                                                      SHA-256:5D78CD1365EA9AE4E95872576CFA4055342F1E80B06F3051CF91D564B6CD09F5
                                                                                                                                                                      SHA-512:DEF31D2DF95CB7999CE1F55479B2FF7A3CB70E9FC4778FC50803F688448305454FBBF82B5A75032F182DFF663A6D91D303EF72E3D2CA9F2A1B032956EC1A0E2A
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f..A.e.A.e.A.e.%}m.@.e.%}e.@.e.%}..@.e.%}g.@.e.RichA.e.........................PE..d....K.b.........." ... ..................................................................`.........................................`...`................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\python310.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):4493736
                                                                                                                                                                      Entropy (8bit):6.465157771728023
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:49152:5vL1txd/8sCmiAiPw+RxtLzli0Im3wOc+28Ivu31WfbF9PtF+FNDHaSclAaBlh7y:Dw7Ad07RmodacSeSHCMTbSp4PS
                                                                                                                                                                      MD5:C80B5CB43E5FE7948C3562C1FFF1254E
                                                                                                                                                                      SHA1:F73CB1FB9445C96ECD56B984A1822E502E71AB9D
                                                                                                                                                                      SHA-256:058925E4BBFCB460A3C00EC824B8390583BAEF0C780A7C7FF01D43D9EEC45F20
                                                                                                                                                                      SHA-512:FAA97A9D5D2A0BF78123F19F8657C24921B907268938C26F79E1DF6D667F7BEE564259A3A11022E8629996406CDA9FA00434BB2B1DE3E10B9BDDC59708DBAD81
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.o...o...o.......m.......b.......c.......g.......k...f.`.u......f...o...3..............n.......n.......n...Richo...................PE..d....K.b.........." ... ..#...!.....|!........................................E.....{.D...`..........................................G=.......>.|.....E.......B......hD..)....E..t...Q%.T...........................`P%.@.............#.0............................text.....#.......#................. ..`.rdata...\....#..^....#.............@..@.data... ....0>.......>.............@....pdata........B.. ....A.............@..@PyRuntim`.....D.......C.............@....rsrc.........E.......C.............@..@.reloc...t....E..v....C.............@..B................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\select.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):29096
                                                                                                                                                                      Entropy (8bit):6.4767692602677815
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:384:rPxHeWt+twhCBsHqF2BMXR6VIS7GuIYiSy1pCQkyw24i/8E9VFL2Ut8JU:ZeS+twhC6HqwmYVIS7GjYiSyv7VeEdH
                                                                                                                                                                      MD5:ADC412384B7E1254D11E62E451DEF8E9
                                                                                                                                                                      SHA1:04E6DFF4A65234406B9BC9D9F2DCFE8E30481829
                                                                                                                                                                      SHA-256:68B80009AB656FFE811D680585FAC3D4F9C1B45F29D48C67EA2B3580EC4D86A1
                                                                                                                                                                      SHA-512:F250F1236882668B2686BD42E1C334C60DA7ABEC3A208EBEBDEE84A74D7C4C6B1BC79EED7241BC7012E4EF70A6651A32AA00E32A83F402475B479633581E0B07
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{?t..Q'..Q'..Q'.b.'..Q'.`P&..Q'.`T&..Q'.`U&..Q'.`R&..Q'.`P&..Q'..P'..Q'5hP&..Q'.`\&..Q'.`Q&..Q'.`.'..Q'.`S&..Q'Rich..Q'........................PE..d....K.b.........." ... .....2......................................................l.....`..........................................@..L....@..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata..H....0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\unicodedata.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):1121192
                                                                                                                                                                      Entropy (8bit):5.384501252071814
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:bMYYMmuZ63NoQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uz9O:AYYuXZV0m8wMMREtV6Vo4uYz9O
                                                                                                                                                                      MD5:102BBBB1F33CE7C007AAC08FE0A1A97E
                                                                                                                                                                      SHA1:9A8601BEA3E7D4C2FA6394611611CDA4FC76E219
                                                                                                                                                                      SHA-256:2CF6C5DEA30BB0584991B2065C052C22D258B6E15384447DCEA193FDCAC5F758
                                                                                                                                                                      SHA-512:A07731F314E73F7A9EA73576A89CCB8A0E55E53F9B5B82F53121B97B1814D905B17A2DA9BD2EDA9F9354FC3F15E3DEA7A613D7C9BC98C36BBA653743B24DFC32
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(..F...F...F......F..G...F..C...F..B...F..E...F...G...F.C.G...F...G...F...K...F...F...F.......F...D...F.Rich..F.........................PE..d....K.b.........." ... .B...........*.......................................@......Y.....`.............................................X...(........ ...................)...0......@b..T............................a..@............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\vcruntime140.dll

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):98736
                                                                                                                                                                      Entropy (8bit):6.474996871326343
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                      MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                      SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                      SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                      SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):10991616
                                                                                                                                                                      Entropy (8bit):6.400193849569252
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:98304:UXXKlrSOM6UBUZdMlPdi1c0tiJHEjad4M45rBoUBcgMtSgSc:WKxjUGZdMzQc0+Sc
                                                                                                                                                                      MD5:898AF9AC9850D8901B56A302BDB37FFC
                                                                                                                                                                      SHA1:C649DC5D423EBE011B7B69EBAB77F501484BE9F9
                                                                                                                                                                      SHA-256:DE85FAB8537B4EE714A82F181F0EBDA9FE579D3AE12AA1FD0921B0F6A1B9FDBF
                                                                                                                                                                      SHA-512:5A4E37F85D6ECC0540FE7F23C36E4AF34A22CCFF72A51C7A148AF3D84A39F9D339FC5ABC6C05872DB0D4D36B51DC955D8D26DC0274A68A65948071F2812F5142
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 6%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........o.o...<...<...<.v.=...<.v.=w..<.v.=...<.q.<...<.q.=...<.q.=...<.q.=...<.t.=...<.v.=...<...<b..<..=...<..=...<Rich...<........................PE..d....c2e.........."....%..Y...N......AW........@.........................................`.................................................dj[.<....P`..J.. _.....................IZ.............................`HZ.@.............Y.@............................text.....X.......Y................. ..`.rdata..2.....Y.......Y.............@..@.data....v....[..|....[.............@....pdata....... _.. ....\.............@..@_RDATA..\....@`......$].............@..@.rsrc....J..P`...J..&].............@..@.reloc.............................@..B........................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\zstandard\_cffi.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):655360
                                                                                                                                                                      Entropy (8bit):6.430047499633207
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:Lsp5LoRb+hTzSBM4mcNUYNNVNkRqHkMDpU3jT/cnLXi2Pr:YCx+hTzSBM4mc0qHkMc/cLy2Pr
                                                                                                                                                                      MD5:117E86F2144E337B04C04949DF435E8F
                                                                                                                                                                      SHA1:FFFB49BD8A50368F25C014ED725F060EAE6FF3D3
                                                                                                                                                                      SHA-256:3AE3F79F0FA25E5978937C83FA77650A6CE2AE6507D7D9DEAFD9AA19035B05E5
                                                                                                                                                                      SHA-512:2E4FC563A11805ADD9EDA9CC68F9D3F988D970D402A688C2ABEE57960F21E3988F4A6B4667F615D261A2BA34E3EE9A3FC0FC40E82604890946BDC1E543D20C6C
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................8........................................F.............E......E......E.T.....E......Rich............................PE..d.....<d.........." ...".....`......\........................................P............`.........................................p...\...........0..........p5...........@.......s..............................Pr..@...............8............................text...x........................... ..`.rdata..............................@..@.data...0...........................@....pdata..p5.......6..................@..@.rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\zstandard\backend_c.pyd

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):525312
                                                                                                                                                                      Entropy (8bit):6.429897149640042
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:12288:qBaAUPlVZqtHUONNQNk9jdPqfVHkBFaf++udL5yFAU8C5nBt:qBaAUPlPqtfjdPqgQ+++EAF
                                                                                                                                                                      MD5:4EC296C5608D46AFDB37048B920A676B
                                                                                                                                                                      SHA1:C94C21C9E9621940F59BCEC2F6A576A991B42A03
                                                                                                                                                                      SHA-256:A0F31C62E0C1B25857330AFA3D8C23B68D2E2B1D18FFC6D69FFB3DB481FAE40D
                                                                                                                                                                      SHA-512:7C49668BC1E9CCA2B07533AE7E1DFAC27A6C660DDB33553B0300A3946188D32E471BCAE1C1CC203388B21265BDCF04FCBFAE94C767537DCA5F3DC8D17BE34E24
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$................................................................0..........|...3......3......3.e.....3......Rich............PE..d.....<d.........." ...".....................................................@............`.............................................d............ ...........*...........0..d....k...............................j..@............... ............................text............................... ..`.rdata..`...........................@..@.data...(-.......(..................@....pdata...*.......,..................@..@.rsrc........ ......................@..@.reloc..d....0......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exe
                                                                                                                                                                      File Type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):8919552
                                                                                                                                                                      Entropy (8bit):7.994472931437236
                                                                                                                                                                      Encrypted:true
                                                                                                                                                                      SSDEEP:196608:syIv9FOPLctRby0WNMED3MtJL68WE4E3ocwB:T6vbOhiEDAUhB
                                                                                                                                                                      MD5:DFB5E2963E9BC48C904F4AC5978FE9EA
                                                                                                                                                                      SHA1:AA02AFF8E6722E6E3733B8C884BC838360F08CCF
                                                                                                                                                                      SHA-256:0E484560A909FC06B9987DB73346EFA0CA6750D523F2334913C23E061695F5CC
                                                                                                                                                                      SHA-512:65ED79179FD20DEF0C7997689DABB03B3276917A78572990A508D69431938337D545D452869C9549911137B1CB0FFAC031916CE88DC72B768B0503BB8D645FDE
                                                                                                                                                                      Malicious:true
                                                                                                                                                                      Antivirus:
                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 41%
                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C[o..:.K.:.K.:.KLB.J.:.KLB.J.:.KLB.J.:.K.E.K.:.K.E.J/:.K.E.J.:.K.E.J.:.KLB.J.:.K.:.Kw:.K>..J.:.K>..J.:.KRich.:.K................PE..d....c2e.........."....%......................@.............................P............`.....................................................<........?......L............@......p...............................0...@............................................text...0........................... ..`.rdata..~...........................@..@.data... ...........................@....pdata..L...........................@..@_RDATA..\...........................@..@.rsrc....?.......@..................@..@.reloc.......@......................@..B........................................................................................................................................................................................................

                                                                                                                                                                      \Device\Null

                                                                                                                                                                      Download File
                                                                                                                                                                      Process:C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exe
                                                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                      Category:dropped
                                                                                                                                                                      Size (bytes):302
                                                                                                                                                                      Entropy (8bit):4.979142325140462
                                                                                                                                                                      Encrypted:false
                                                                                                                                                                      SSDEEP:6:C8/zFYUYfc2t4gZVh9aKWRkKbSkGxxrlCWrEjzLQ9JLjt3by:H/BYVcjuAb+RCW6LQXdby
                                                                                                                                                                      MD5:C45DEC33B54EE3A5D24359B10A6BB1A5
                                                                                                                                                                      SHA1:B116F33F378EC7B5AAB3B349C44F109ED0C687DB
                                                                                                                                                                      SHA-256:068E37132337D3FFE000B033EB8C93B9CE752EE0E76A7D5B1085B4C804E28BA4
                                                                                                                                                                      SHA-512:EDFA77352CF8F96B4F78253D1D10C07B45F7602AB7D088B0476F50C629F559E78C26A1C40A34FF6EF8D8D0196732FCA79E98210FB8BDA312ECA541CACC773098
                                                                                                                                                                      Malicious:false
                                                                                                                                                                      Preview:An error occurred while executing the script: HTTPConnectionPool(host='88.218.62.219', port=80): Max retries exceeded with url: /download (Caused by ConnectTimeoutError(<urllib3.connection.HTTPConnection object at 0x000002B9613FBA00>, 'Connection to 88.218.62.219 timed out. (connect timeout=None)'))..

                                                                                                                                                                      Static File Info

                                                                                                                                                                      General

                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                      Entropy (8bit):7.994472931437236
                                                                                                                                                                      TrID:
                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                      File name:XxWACzmWyB.exe
                                                                                                                                                                      File size:8'919'552 bytes
                                                                                                                                                                      MD5:dfb5e2963e9bc48c904f4ac5978fe9ea
                                                                                                                                                                      SHA1:aa02aff8e6722e6e3733b8c884bc838360f08ccf
                                                                                                                                                                      SHA256:0e484560a909fc06b9987db73346efa0ca6750d523f2334913c23e061695f5cc
                                                                                                                                                                      SHA512:65ed79179fd20def0c7997689dabb03b3276917a78572990a508d69431938337d545d452869c9549911137b1cb0ffac031916ce88dc72b768b0503bb8d645fde
                                                                                                                                                                      SSDEEP:196608:syIv9FOPLctRby0WNMED3MtJL68WE4E3ocwB:T6vbOhiEDAUhB
                                                                                                                                                                      TLSH:1C963343778205E4D3BB64BA98F52746E675F93B0B43D2AB01A013B1FE73A419E2B315
                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......C[o..:.K.:.K.:.KLB.J.:.KLB.J.:.KLB.J.:.K.E.K.:.K.E.J/:.K.E.J.:.K.E.J.:.KLB.J.:.K.:.Kw:.K>..J.:.K>..J.:.KRich.:.K...............

                                                                                                                                                                      File Icon

                                                                                                                                                                      Icon Hash:90cececece8e8eb0

                                                                                                                                                                      Static PE Info

                                                                                                                                                                      General

                                                                                                                                                                      Entrypoint:0x14000b8e4
                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                      Time Stamp:0x6532638B [Fri Oct 20 11:24:59 2023 UTC]
                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                      File Version Major:6
                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                      Import Hash:92f408e283821e9865fe3074af091a34

                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                      Instruction
                                                                                                                                                                      dec eax
                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                      call 00007FCEE4EB68A0h
                                                                                                                                                                      dec eax
                                                                                                                                                                      add esp, 28h
                                                                                                                                                                      jmp 00007FCEE4EB64BFh
                                                                                                                                                                      int3
                                                                                                                                                                      int3
                                                                                                                                                                      dec eax
                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                      call 00007FCEE4EB6E20h
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      je 00007FCEE4EB6663h
                                                                                                                                                                      dec eax
                                                                                                                                                                      mov eax, dword ptr [00000030h]
                                                                                                                                                                      dec eax
                                                                                                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                                                                                                      jmp 00007FCEE4EB6647h
                                                                                                                                                                      dec eax
                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                      je 00007FCEE4EB6656h
                                                                                                                                                                      xor eax, eax
                                                                                                                                                                      dec eax
                                                                                                                                                                      cmpxchg dword ptr [00021714h], ecx
                                                                                                                                                                      jne 00007FCEE4EB6630h
                                                                                                                                                                      xor al, al
                                                                                                                                                                      dec eax
                                                                                                                                                                      add esp, 28h
                                                                                                                                                                      ret
                                                                                                                                                                      mov al, 01h
                                                                                                                                                                      jmp 00007FCEE4EB6639h
                                                                                                                                                                      int3
                                                                                                                                                                      int3
                                                                                                                                                                      int3
                                                                                                                                                                      inc eax
                                                                                                                                                                      push ebx
                                                                                                                                                                      dec eax
                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                      movzx eax, byte ptr [000216FFh]
                                                                                                                                                                      test ecx, ecx
                                                                                                                                                                      mov ebx, 00000001h
                                                                                                                                                                      cmove eax, ebx
                                                                                                                                                                      mov byte ptr [000216EFh], al
                                                                                                                                                                      call 00007FCEE4EB6C1Fh
                                                                                                                                                                      call 00007FCEE4EB6FD2h
                                                                                                                                                                      test al, al
                                                                                                                                                                      jne 00007FCEE4EB6646h
                                                                                                                                                                      xor al, al
                                                                                                                                                                      jmp 00007FCEE4EB6656h
                                                                                                                                                                      call 00007FCEE4EBE861h
                                                                                                                                                                      test al, al
                                                                                                                                                                      jne 00007FCEE4EB664Bh
                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                      call 00007FCEE4EB6FE2h
                                                                                                                                                                      jmp 00007FCEE4EB662Ch
                                                                                                                                                                      mov al, bl
                                                                                                                                                                      dec eax
                                                                                                                                                                      add esp, 20h
                                                                                                                                                                      pop ebx
                                                                                                                                                                      ret
                                                                                                                                                                      int3
                                                                                                                                                                      int3
                                                                                                                                                                      int3
                                                                                                                                                                      inc eax
                                                                                                                                                                      push ebx
                                                                                                                                                                      dec eax
                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                      cmp byte ptr [000216B4h], 00000000h
                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                      jne 00007FCEE4EB66A9h
                                                                                                                                                                      cmp ecx, 01h
                                                                                                                                                                      jnbe 00007FCEE4EB66ACh
                                                                                                                                                                      call 00007FCEE4EB6D86h
                                                                                                                                                                      test eax, eax
                                                                                                                                                                      je 00007FCEE4EB666Ah
                                                                                                                                                                      test ebx, ebx
                                                                                                                                                                      jne 00007FCEE4EB6666h
                                                                                                                                                                      dec eax
                                                                                                                                                                      lea ecx, dword ptr [0002169Eh]
                                                                                                                                                                      call 00007FCEE4EB667Eh

                                                                                                                                                                      Data Directories

                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x2b61c0x3c.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x400000x853fb8.rsrc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x3d0000x174c.pdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x8940000x688.reloc
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x296700x1c.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x295300x140.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x200000x2c8.rdata
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                      Sections

                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                      .text0x10000x1e7300x1e800False0.5697281634221312data6.513608143079931IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rdata0x200000xbf7e0xc000False0.45867919921875data4.966731128259658IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .data0x2c0000x10e200xc00False0.13834635416666666data1.9384623987279317IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                      .pdata0x3d0000x174c0x1800False0.4749348958333333PEX Binary Archive5.218457756903496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      _RDATA0x3f0000x15c0x200False0.38671875data2.788361231939953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .rsrc0x400000x853fb80x854000unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                      .reloc0x8940000x6880x800False0.5087890625data4.928541628284449IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                      Resources

                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                      RT_RCDATA0x400a00x853bd8data1.0003080368041992
                                                                                                                                                                      RT_MANIFEST0x893c780x33dASCII text, with very long lines (829), with no line terminators0.4873341375150784

                                                                                                                                                                      Imports

                                                                                                                                                                      DLLImport
                                                                                                                                                                      SHELL32.dllSHFileOperationW, SHGetFolderPathW
                                                                                                                                                                      KERNEL32.dllDeleteCriticalSection, WriteConsoleW, CreateDirectoryW, SetConsoleCtrlHandler, GetCommandLineW, WriteFile, TerminateProcess, GetModuleFileNameW, GetTempPathW, FindResourceA, WaitForSingleObject, CreateFileW, GetFileAttributesW, Sleep, GetLastError, LockResource, CloseHandle, LoadResource, GetProcAddress, SetEnvironmentVariableA, GetCurrentProcessId, CreateProcessW, WideCharToMultiByte, GetSystemTimeAsFileTime, FormatMessageA, GetExitCodeProcess, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, GetModuleHandleW, HeapReAlloc, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, EncodePointer, RaiseException, RtlPcToFileHeader, ExitProcess, GetModuleHandleExW, GetCommandLineA, GetStdHandle, HeapAlloc, MultiByteToWideChar, HeapFree, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, LCMapStringW, GetFileType, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetStdHandle, GetStringTypeW, GetProcessHeap, FlushFileBuffers, GetConsoleOutputCP, GetConsoleMode, GetFileSizeEx, SetFilePointerEx, HeapSize

                                                                                                                                                                      Network Behavior

                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                      TCP Packets

                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                      Nov 7, 2023 20:25:49.113430977 CET4973080192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:25:50.115514994 CET4973080192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:25:52.131088018 CET4973080192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:25:56.146815062 CET4973080192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:26:02.936595917 CET4973280192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:26:03.943582058 CET4973280192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:26:04.162309885 CET4973080192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:26:05.959333897 CET4973280192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:26:09.974826097 CET4973280192.168.2.488.218.62.219
                                                                                                                                                                      Nov 7, 2023 20:26:17.990437984 CET4973280192.168.2.488.218.62.219

                                                                                                                                                                      Statistics

                                                                                                                                                                      CPU Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      Memory Usage

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                      Behavior

                                                                                                                                                                      Click to jump to process

                                                                                                                                                                      System Behavior

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:0
                                                                                                                                                                      Start time:20:25:44
                                                                                                                                                                      Start date:07/11/2023
                                                                                                                                                                      Path:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      Imagebase:0x7ff600110000
                                                                                                                                                                      File size:8'919'552 bytes
                                                                                                                                                                      MD5 hash:DFB5E2963E9BC48C904F4AC5978FE9EA
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:1
                                                                                                                                                                      Start time:20:25:47
                                                                                                                                                                      Start date:07/11/2023
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\onefile_7008_133438587444077594\wwndjlajmlkzqaqa.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Users\user\Desktop\XxWACzmWyB.exe
                                                                                                                                                                      Imagebase:0x7ff6b17a0000
                                                                                                                                                                      File size:10'991'616 bytes
                                                                                                                                                                      MD5 hash:898AF9AC9850D8901B56A302BDB37FFC
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 6%, ReversingLabs
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:2
                                                                                                                                                                      Start time:20:25:47
                                                                                                                                                                      Start date:07/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                      Imagebase:0x7ff7662a0000
                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:3
                                                                                                                                                                      Start time:20:25:47
                                                                                                                                                                      Start date:07/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x7ff7699e0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:4
                                                                                                                                                                      Start time:20:25:57
                                                                                                                                                                      Start date:07/11/2023
                                                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe"
                                                                                                                                                                      Imagebase:0x7ff72f1a0000
                                                                                                                                                                      File size:8'919'552 bytes
                                                                                                                                                                      MD5 hash:DFB5E2963E9BC48C904F4AC5978FE9EA
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 41%, ReversingLabs
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:5
                                                                                                                                                                      Start time:20:26:00
                                                                                                                                                                      Start date:07/11/2023
                                                                                                                                                                      Path:C:\Users\user\AppData\Local\Temp\onefile_6672_133438587578007934\wwndjlajmlkzqaqa.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XxWACzmWyB.exe"
                                                                                                                                                                      Imagebase:0x7ff734ab0000
                                                                                                                                                                      File size:10'991'616 bytes
                                                                                                                                                                      MD5 hash:898AF9AC9850D8901B56A302BDB37FFC
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Antivirus matches:
                                                                                                                                                                      • Detection: 6%, ReversingLabs
                                                                                                                                                                      Reputation:low
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:7
                                                                                                                                                                      Start time:20:26:01
                                                                                                                                                                      Start date:07/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                      Imagebase:0x7ff7662a0000
                                                                                                                                                                      File size:289'792 bytes
                                                                                                                                                                      MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      General

                                                                                                                                                                      Target ID:8
                                                                                                                                                                      Start time:20:26:01
                                                                                                                                                                      Start date:07/11/2023
                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                      Imagebase:0x9a0000
                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                      Reputation:high
                                                                                                                                                                      Has exited:true

                                                                                                                                                                      Disassembly

                                                                                                                                                                      Reset < >

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00007FF60011BB48 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000000.00000002.1936135807.00007FF600111000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF600110000, based on PE: true
                                                                                                                                                                        • Associated: 00000000.00000002.1936122299.00007FF600110000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1936156738.00007FF600130000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1936171376.00007FF60013C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1936171376.00007FF600148000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1936171376.00007FF60014A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        • Associated: 00000000.00000002.1936212322.00007FF60014D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff600110000_XxWACzmWyB.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                        • Opcode ID: 015d8f8df3734927533f18fda09b55c5bd130b200fb83a53c341d3f3889cf401
                                                                                                                                                                        • Instruction ID: e7dde781d291dcaacc5f858935ac5ac2222ec3ee6396196b096728fcd52f3d4d
                                                                                                                                                                        • Opcode Fuzzy Hash: 015d8f8df3734927533f18fda09b55c5bd130b200fb83a53c341d3f3889cf401
                                                                                                                                                                        • Instruction Fuzzy Hash: AA115226B18F059AEB00CFA0E8552B833A4FB1D758F540E31EA6D867A8DF7CD198C340
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Execution Graph

                                                                                                                                                                        Execution Coverage:0%
                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                        Signature Coverage:0%
                                                                                                                                                                        Total number of Nodes:3
                                                                                                                                                                        Total number of Limit Nodes:0
                                                                                                                                                                        execution_graph 62975 7ffdfaaa2b53 62976 7ffdfac99380 62975->62976 62977 7ffdfac9938a TlsFree 62976->62977

                                                                                                                                                                        Executed Functions

                                                                                                                                                                        Function 00007FFDFAAA2B53 Relevance: 1.5, APIs: 1, Instructions: 12COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 0 7ffdfaaa2b53-7ffdfac993a2 call 7ffdfaaa1ef1 TlsFree
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Free
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3978063606-0
                                                                                                                                                                        • Opcode ID: 3eb066bf7efa447baa5fe8b530e2b80a5a952096b54138a78afdc5623d2e6ae2
                                                                                                                                                                        • Instruction ID: 9aa79b2bf5573955cac974580db9c40753e485f8c5a9ee0bd2d6d64508cf56a6
                                                                                                                                                                        • Opcode Fuzzy Hash: 3eb066bf7efa447baa5fe8b530e2b80a5a952096b54138a78afdc5623d2e6ae2
                                                                                                                                                                        • Instruction Fuzzy Hash: 23C01229F0600297E70C673D8C7657D11945F48310F9040B4E01EC67D4DD0C98598740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00007FFDFAC54BC0 Relevance: 33.6, APIs: 11, Strings: 8, Instructions: 351stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 830 7ffdfac54bc0-7ffdfac54c3c call 7ffdfaaa1ef1 833 7ffdfac54c40-7ffdfac54c46 830->833 834 7ffdfac54c8d-7ffdfac54cc4 call 7ffdfaaa2734 * 3 833->834 835 7ffdfac54c48-7ffdfac54c8b call 7ffdfaaa5e57 * 3 833->835 846 7ffdfac54cc9-7ffdfac54cee call 7ffdfaaa6eb0 834->846 835->846 850 7ffdfac54cf4-7ffdfac54d05 call 7ffdfac540c0 846->850 851 7ffdfac550f9-7ffdfac55106 call 7ffdfaaa5f38 846->851 856 7ffdfac54d17-7ffdfac54d2b 850->856 857 7ffdfac54d07-7ffdfac54d12 850->857 858 7ffdfac5511a 851->858 859 7ffdfac55108-7ffdfac55115 call 7ffdfaaa688e 851->859 860 7ffdfac54d31-7ffdfac54d37 856->860 861 7ffdfac55032 856->861 857->833 863 7ffdfac5511c-7ffdfac5513b call 7ffdfaaa3a76 858->863 859->858 860->861 865 7ffdfac54d3d-7ffdfac54d3f 860->865 864 7ffdfac55035-7ffdfac55058 call 7ffdfaaa1ed3 861->864 873 7ffdfac5505e-7ffdfac55075 864->873 874 7ffdfac54d85-7ffdfac54d8b 864->874 865->861 868 7ffdfac54d45-7ffdfac54d5d strncmp 865->868 871 7ffdfac54dc1-7ffdfac54ddb strspn 868->871 872 7ffdfac54d5f-7ffdfac54d76 868->872 875 7ffdfac54ddd-7ffdfac54de7 871->875 876 7ffdfac54d7e 871->876 877 7ffdfac54d79 call 7ffdfaaa4057 872->877 880 7ffdfac5507a-7ffdfac55083 873->880 881 7ffdfac55077 873->881 878 7ffdfac54d91-7ffdfac54da0 call 7ffdfaaa5e57 874->878 879 7ffdfac55093-7ffdfac550a0 call 7ffdfaaa2734 874->879 875->876 882 7ffdfac54de9-7ffdfac54e14 strspn strncmp 875->882 884 7ffdfac54d81 876->884 877->876 890 7ffdfac54da5-7ffdfac54dbc call 7ffdfaaa5e57 878->890 892 7ffdfac550a5-7ffdfac550b5 call 7ffdfaaa2734 879->892 880->874 886 7ffdfac55089-7ffdfac5508c 880->886 881->880 887 7ffdfac55012-7ffdfac55029 882->887 888 7ffdfac54e1a-7ffdfac54e31 strspn 882->888 884->874 891 7ffdfac5508e 886->891 886->892 887->861 888->887 893 7ffdfac54e37-7ffdfac54e4d strspn 888->893 901 7ffdfac550ba-7ffdfac550bd 890->901 891->890 892->901 895 7ffdfac54e6f-7ffdfac54e88 strncmp 893->895 896 7ffdfac54e4f-7ffdfac54e6a 893->896 899 7ffdfac54eaa-7ffdfac54f04 strspn strcspn call 7ffdfaaa211c strspn 895->899 900 7ffdfac54e8a-7ffdfac54ea1 895->900 896->877 909 7ffdfac54f24-7ffdfac54f2e call 7ffdfaaa1ad2 899->909 910 7ffdfac54f06-7ffdfac54f1b 899->910 900->899 903 7ffdfac550f4-7ffdfac550f7 901->903 904 7ffdfac550bf-7ffdfac550c5 901->904 903->863 906 7ffdfac550e2-7ffdfac550ef call 7ffdfaaa2734 904->906 907 7ffdfac550c7-7ffdfac550e0 call 7ffdfaaa5e57 904->907 906->903 907->863 915 7ffdfac54f30-7ffdfac54f38 909->915 916 7ffdfac54f5a 909->916 910->909 917 7ffdfac54f81-7ffdfac54f8e call 7ffdfaaa1ad2 915->917 918 7ffdfac54f3a-7ffdfac54f51 915->918 916->917 919 7ffdfac54f5c-7ffdfac54f5f 916->919 923 7ffdfac54f9e-7ffdfac54fa9 917->923 924 7ffdfac54f90-7ffdfac54f99 memset 917->924 918->916 919->917 920 7ffdfac54f61-7ffdfac54f78 919->920 920->917 923->864 925 7ffdfac54faf 923->925 924->923 926 7ffdfac54fb0-7ffdfac54fbd call 7ffdfaaa6131 925->926 929 7ffdfac54fed-7ffdfac5500d call 7ffdfaaa4057 926->929 930 7ffdfac54fbf-7ffdfac54fc6 926->930 929->884 931 7ffdfac54fcb-7ffdfac54fe9 930->931 932 7ffdfac54fc8 930->932 931->926 934 7ffdfac54feb 931->934 932->931 934->864
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strspn$strncmp$strcspn
                                                                                                                                                                        • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Expecting: $Proc-Type:
                                                                                                                                                                        • API String ID: 232339659-387852012
                                                                                                                                                                        • Opcode ID: e6754e586b77dd0458ff17a4a43a8a528c66be4792a71cdc3a930bb46af95bcc
                                                                                                                                                                        • Instruction ID: 8ba992dd791d9518bddfe37ad167739513df9bf5ddfa0ccde6a6777b4b2ef977
                                                                                                                                                                        • Opcode Fuzzy Hash: e6754e586b77dd0458ff17a4a43a8a528c66be4792a71cdc3a930bb46af95bcc
                                                                                                                                                                        • Instruction Fuzzy Hash: B8F16D65B08A4389F718CB61D860ABD33A2AB45788F4040B5DE6D5BBD9EF3CE51AC740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAB50750 Relevance: 26.9, Strings: 21, Instructions: 655COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: %-18s$%02X$%5ld:$(unknown)$:%u$:BAD BOOLEAN$:BAD ENUMERATED$:BAD INTEGER$:BAD OBJECT$<ASN1 %d>$BAD RECURSION DEPTH$Error in encoding$[HEX DUMP]:$appl [ %d ]$cons: $cont [ %d ]$d=%-2d hl=%ld l=%4ld $d=%-2d hl=%ld l=inf $length is greater than %ld$prim: $priv [ %d ]
                                                                                                                                                                        • API String ID: 0-3715720851
                                                                                                                                                                        • Opcode ID: 69eba2a1e52a0edf96a071fc9078b97c4800dc563510518807d1d8f750daea46
                                                                                                                                                                        • Instruction ID: eb06ae3481bfaf63bcea1d81554d24e9feb162c2afa1f7ef661abfb173fb2955
                                                                                                                                                                        • Opcode Fuzzy Hash: 69eba2a1e52a0edf96a071fc9078b97c4800dc563510518807d1d8f750daea46
                                                                                                                                                                        • Instruction Fuzzy Hash: 95528F32B086838EE7289B16E460A7AB7A0FF55784F8040B5DA6D4B6DDDF7DE445CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3229 Relevance: 21.3, APIs: 14, Instructions: 251fileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1603 7ffdfaaa3229-7ffdfac4410f call 7ffdfaaa1ef1 1607 7ffdfac44262-7ffdfac44268 _errno 1603->1607 1608 7ffdfac44115-7ffdfac44118 1603->1608 1610 7ffdfac4426e 1607->1610 1608->1607 1609 7ffdfac4411e-7ffdfac4412e _errno 1608->1609 1612 7ffdfac443ff-7ffdfac44411 FindNextFileW 1609->1612 1613 7ffdfac44134-7ffdfac4413c 1609->1613 1611 7ffdfac44270-7ffdfac44295 call 7ffdfaaa3a76 1610->1611 1612->1610 1615 7ffdfac44417-7ffdfac44425 1612->1615 1616 7ffdfac44150-7ffdfac44163 1613->1616 1617 7ffdfac4413e 1613->1617 1621 7ffdfac44427-7ffdfac4442e 1615->1621 1622 7ffdfac4443a-7ffdfac4446f WideCharToMultiByte 1615->1622 1619 7ffdfac443ee-7ffdfac443fa _errno 1616->1619 1620 7ffdfac44169-7ffdfac4417a malloc 1616->1620 1623 7ffdfac44140-7ffdfac44145 1617->1623 1619->1610 1625 7ffdfac4418d-7ffdfac441ca memset MultiByteToWideChar 1620->1625 1626 7ffdfac4417c-7ffdfac44188 _errno 1620->1626 1621->1622 1627 7ffdfac44430-7ffdfac44438 1621->1627 1628 7ffdfac44471-7ffdfac44474 1622->1628 1629 7ffdfac44497-7ffdfac444aa 1622->1629 1623->1616 1624 7ffdfac44147-7ffdfac4414e 1623->1624 1624->1616 1624->1623 1630 7ffdfac441fc-7ffdfac441ff 1625->1630 1631 7ffdfac441cc-7ffdfac441d7 GetLastError 1625->1631 1626->1610 1627->1621 1627->1622 1628->1629 1632 7ffdfac44476 1628->1632 1629->1611 1635 7ffdfac44296-7ffdfac442aa 1630->1635 1636 7ffdfac44205-7ffdfac44216 1630->1636 1634 7ffdfac441dd-7ffdfac441f9 MultiByteToWideChar 1631->1634 1631->1635 1633 7ffdfac44480-7ffdfac44495 1632->1633 1633->1629 1633->1633 1634->1630 1637 7ffdfac442b6-7ffdfac442cd call 7ffdfaaa1ef1 1635->1637 1638 7ffdfac442ac 1635->1638 1639 7ffdfac44222-7ffdfac44250 call 7ffdfaaa1ef1 MultiByteToWideChar 1636->1639 1640 7ffdfac44218 1636->1640 1645 7ffdfac4435f-7ffdfac44362 1637->1645 1646 7ffdfac442d3-7ffdfac442d7 1637->1646 1638->1637 1647 7ffdfac44381-7ffdfac44390 1639->1647 1648 7ffdfac44256-7ffdfac4425f free 1639->1648 1640->1639 1645->1647 1653 7ffdfac44364-7ffdfac44368 1645->1653 1651 7ffdfac44370-7ffdfac4437f 1646->1651 1652 7ffdfac442dd-7ffdfac442e8 1646->1652 1649 7ffdfac44392-7ffdfac44396 1647->1649 1650 7ffdfac443c6-7ffdfac443e7 FindFirstFileW 1647->1650 1648->1607 1654 7ffdfac44398-7ffdfac4439c 1649->1654 1655 7ffdfac443bb-7ffdfac443be 1649->1655 1650->1615 1656 7ffdfac443e9 1650->1656 1651->1647 1651->1651 1657 7ffdfac442f3-7ffdfac442fe 1652->1657 1658 7ffdfac442ea-7ffdfac442ed 1652->1658 1653->1651 1654->1655 1659 7ffdfac4439e-7ffdfac443b9 1654->1659 1655->1650 1656->1619 1660 7ffdfac44302-7ffdfac4435d 1657->1660 1658->1651 1658->1657 1659->1650 1660->1645 1660->1660
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ByteCharMultiWide_errno$FileFind$ErrorFirstLastNextfreemallocmemset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3372420414-0
                                                                                                                                                                        • Opcode ID: 93d5875e5dee341f10784224bd53556331c46b81fbb66407b9d17040cc771b2d
                                                                                                                                                                        • Instruction ID: 544bc22bfe53ee26a973ea17fa0396462bb6884b0adad4f352a8dfbf948df2d5
                                                                                                                                                                        • Opcode Fuzzy Hash: 93d5875e5dee341f10784224bd53556331c46b81fbb66407b9d17040cc771b2d
                                                                                                                                                                        • Instruction Fuzzy Hash: 5CB1D326B14A8286EB288F65D964A7C77A0FF48BA4F144275DE6D037DCEF3CD5418304
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA266C Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 168COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1661 7ffdfaaa266c-7ffdfac6de6e call 7ffdfaaa1ef1 GetEnvironmentVariableW 1665 7ffdfac6dec0-7ffdfac6dec2 1661->1665 1666 7ffdfac6de70-7ffdfac6de8c GetEnvironmentVariableW 1661->1666 1668 7ffdfac6e051 1665->1668 1669 7ffdfac6dec8-7ffdfac6dede 1665->1669 1666->1665 1667 7ffdfac6de8e-7ffdfac6dea7 GetEnvironmentVariableW 1666->1667 1667->1665 1671 7ffdfac6dea9-7ffdfac6debe GetEnvironmentVariableW 1667->1671 1670 7ffdfac6e053-7ffdfac6e078 call 7ffdfaaa3a76 1668->1670 1672 7ffdfac6dee3-7ffdfac6df08 call 7ffdfaaa1ef1 GetEnvironmentVariableW 1669->1672 1673 7ffdfac6dee0 1669->1673 1671->1665 1672->1668 1678 7ffdfac6df0e-7ffdfac6df41 WideCharToMultiByte 1672->1678 1673->1672 1678->1668 1679 7ffdfac6df47-7ffdfac6df4e 1678->1679 1680 7ffdfac6df50 1679->1680 1681 7ffdfac6df5a-7ffdfac6df93 call 7ffdfaaa1ef1 WideCharToMultiByte 1679->1681 1680->1681 1681->1668 1684 7ffdfac6df99-7ffdfac6df9c 1681->1684 1684->1668 1685 7ffdfac6dfa2-7ffdfac6dfa5 1684->1685 1685->1668 1686 7ffdfac6dfab 1685->1686 1687 7ffdfac6dfb0-7ffdfac6dfb9 1686->1687 1687->1687 1688 7ffdfac6dfbb-7ffdfac6dfbe 1687->1688 1689 7ffdfac6dff3-7ffdfac6dffa 1688->1689 1690 7ffdfac6dfc0-7ffdfac6dfc7 1688->1690 1689->1668 1691 7ffdfac6dffc-7ffdfac6dfff 1689->1691 1690->1668 1692 7ffdfac6dfcd-7ffdfac6dfd7 1690->1692 1693 7ffdfac6e002-7ffdfac6e00e 1691->1693 1694 7ffdfac6dfe0-7ffdfac6dfec 1692->1694 1693->1693 1696 7ffdfac6e010 1693->1696 1694->1694 1695 7ffdfac6dfee-7ffdfac6dff1 1694->1695 1695->1670 1697 7ffdfac6e014-7ffdfac6e01c 1696->1697 1697->1697 1698 7ffdfac6e01e-7ffdfac6e02c 1697->1698 1699 7ffdfac6e030-7ffdfac6e038 1698->1699 1699->1699 1700 7ffdfac6e03a-7ffdfac6e04f 1699->1700 1700->1670
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentVariable$ByteCharMultiWide
                                                                                                                                                                        • String ID: .rnd$HOME$RANDFILE$SYSTEMROOT$USERPROFILE
                                                                                                                                                                        • API String ID: 2184640988-1666712896
                                                                                                                                                                        • Opcode ID: 45285921c275070c670ca49d0546862358ccffd5776fb92ec22702d428bfbd5c
                                                                                                                                                                        • Instruction ID: 31aad54beb6aa0d48438277ccb6e9ef9a1585d03dd92b7ad161ed20cc7537aa9
                                                                                                                                                                        • Opcode Fuzzy Hash: 45285921c275070c670ca49d0546862358ccffd5776fb92ec22702d428bfbd5c
                                                                                                                                                                        • Instruction Fuzzy Hash: 2161D426708B8295EB19CF26A96057967E1FF45BA4B488271DE3D437D8EF3DE409C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4C14 Relevance: 16.5, Strings: 13, Instructions: 218COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: %*s $%*sExtensions: $%*sLog : %s$%*sLog ID : $%*sSignature : $%*sTimestamp : $%*sVersion : $%*sSigned Certificate Timestamp:$%.14s.%03dZ$%02X%02X$none$unknown%*s$v1 (0x0)
                                                                                                                                                                        • API String ID: 0-3712356246
                                                                                                                                                                        • Opcode ID: 1eae7960afd426dd7c53c8cc79e05da74429f1870874552e0b66dbdf4a464066
                                                                                                                                                                        • Instruction ID: a3a1f735442ab78a425b546c0069c1f5cd57bd82792595e5a651194614758446
                                                                                                                                                                        • Opcode Fuzzy Hash: 1eae7960afd426dd7c53c8cc79e05da74429f1870874552e0b66dbdf4a464066
                                                                                                                                                                        • Instruction Fuzzy Hash: 1F915165B0D68696EB5CDB26A8209B963A0FB44BC0F845072ED6E4B7DDDF3CE119C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5A1F Relevance: 13.6, APIs: 9, Instructions: 73COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 313767242-0
                                                                                                                                                                        • Opcode ID: 544d81e5d0bf66c33f804bb133da19342079062bac93336a06aa1597cb30c435
                                                                                                                                                                        • Instruction ID: a642a9cf3336758061523838c3a9e15a8a63145ad0705df17d59cadf93a3027e
                                                                                                                                                                        • Opcode Fuzzy Hash: 544d81e5d0bf66c33f804bb133da19342079062bac93336a06aa1597cb30c435
                                                                                                                                                                        • Instruction Fuzzy Hash: C4312A76708A818AEB649F60E8A07FD7365FB84744F44407ADA5E47AD8EF3CDA48C710
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC58490 Relevance: 12.8, Strings: 10, Instructions: 320COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\pem\pvkfmt.c$DSS1$DSS2$DSS2$DSS2$RSA1$RSA2$RSA2$RSA2$~
                                                                                                                                                                        • API String ID: 0-3555087193
                                                                                                                                                                        • Opcode ID: cda5b5e2266b90917324e8158cbbbec9d17d80220e1242f33795bd9eec1797ac
                                                                                                                                                                        • Instruction ID: 14d4d3ce64c61aee748e09759974455c059b3fd4e9d594261b823bc1649d3a0c
                                                                                                                                                                        • Opcode Fuzzy Hash: cda5b5e2266b90917324e8158cbbbec9d17d80220e1242f33795bd9eec1797ac
                                                                                                                                                                        • Instruction Fuzzy Hash: B0D1BE65B0C1928AF7689B268420ABE76D1EF81784F444071FAAD4BACDDE3CF606D711
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1140 Relevance: 9.9, APIs: 3, Strings: 3, Instructions: 919COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $..\s\crypto\bn\bn_exp.c$gfff
                                                                                                                                                                        • API String ID: 0-1870203436
                                                                                                                                                                        • Opcode ID: 91750fd68107087543fe07699a61943bb2d7f1a0fc5e1659fce8ad07074b103f
                                                                                                                                                                        • Instruction ID: 59af4e6622d000915a96ec22e0535061b290ac55d2e79ca3ba7ecc299c8a4c23
                                                                                                                                                                        • Opcode Fuzzy Hash: 91750fd68107087543fe07699a61943bb2d7f1a0fc5e1659fce8ad07074b103f
                                                                                                                                                                        • Instruction Fuzzy Hash: 18829172705A828ADB14CF29E450AE977A5FB48BC8F408135EE5D9BBC9DF38D246C740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3BA2 Relevance: 9.6, APIs: 4, Strings: 2, Instructions: 643COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove$memset
                                                                                                                                                                        • String ID: ..\s\crypto\dsa\dsa_gen.c$ggen
                                                                                                                                                                        • API String ID: 3790616698-373923223
                                                                                                                                                                        • Opcode ID: 9cadddcf5ace5d33941989ae4993096a93c20721d44c2e44242af68bcca3f450
                                                                                                                                                                        • Instruction ID: 773c576c1a62f37f110f2e0f017a6c6f30d2b4b4eefefd0f65b966186d8ff8dc
                                                                                                                                                                        • Opcode Fuzzy Hash: 9cadddcf5ace5d33941989ae4993096a93c20721d44c2e44242af68bcca3f450
                                                                                                                                                                        • Instruction Fuzzy Hash: 91523D21B0D68285EB699B12A470FAAB790FF85B80F459075EE9D47BDEDE3CE405C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA44C6 Relevance: 9.5, APIs: 4, Strings: 2, Instructions: 529COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID: ..\s\crypto\dsa\dsa_gen.c$U
                                                                                                                                                                        • API String ID: 2162964266-1283623164
                                                                                                                                                                        • Opcode ID: 23468288593cd33df75040b306780d95454a8333f40bed62edbce5028514d77b
                                                                                                                                                                        • Instruction ID: a1b01ab6078987bafdc3239348cfefc1044bada3dbbad2313ed6146caee27551
                                                                                                                                                                        • Opcode Fuzzy Hash: 23468288593cd33df75040b306780d95454a8333f40bed62edbce5028514d77b
                                                                                                                                                                        • Instruction Fuzzy Hash: 4522B122B0DB8285EB189B21A420ABA77E4AF857C4F454271EE6D5BBCEDF3CD445C600
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC593C0 Relevance: 6.7, Strings: 5, Instructions: 403COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\pem\pvkfmt.c$DSS1$DSS2$RSA1$RSA2
                                                                                                                                                                        • API String ID: 0-2917646762
                                                                                                                                                                        • Opcode ID: dd33e2a30825f60cda43f910f12af02ff844b6812d59e9a9b48cdae9b0079959
                                                                                                                                                                        • Instruction ID: c381ca205e98ab8c060a423ccc6b16dd4afa0ef668baa66034162b0b9d0ee8f4
                                                                                                                                                                        • Opcode Fuzzy Hash: dd33e2a30825f60cda43f910f12af02ff844b6812d59e9a9b48cdae9b0079959
                                                                                                                                                                        • Instruction Fuzzy Hash: 46F1E66AB155518AFB08DB65C8619EC37A1FF44788F4440B1EE2E5BADEDF39E50AC300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA22E8 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove$memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3790616698-0
                                                                                                                                                                        • Opcode ID: 5c27fcc7b015d44772e24548af3a7e83aa402ed56b7fba7a99915febce0b760f
                                                                                                                                                                        • Instruction ID: 48683c43e7ec0bb34d6d8812bb97c9895a338a55a2569425a107d37f645d74db
                                                                                                                                                                        • Opcode Fuzzy Hash: 5c27fcc7b015d44772e24548af3a7e83aa402ed56b7fba7a99915febce0b760f
                                                                                                                                                                        • Instruction Fuzzy Hash: 2851CF36719B8686DB10CB16E45066EBBA4FB89B90F444135EEAD077DACE3CE645C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2C75 Relevance: 5.3, Strings: 4, Instructions: 312COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\aes\aes_ige.c$assertion failed: (AES_ENCRYPT == enc) || (AES_DECRYPT == enc)$assertion failed: (length % AES_BLOCK_SIZE) == 0$assertion failed: in && out && key && ivec
                                                                                                                                                                        • API String ID: 0-3998121876
                                                                                                                                                                        • Opcode ID: 3498a025c29a1beb79b4c33d9388a448d468dd8768116bfb4bd88f5de9fc7b01
                                                                                                                                                                        • Instruction ID: 477b8c90fdfe87ee529e92958b109003c11322290991598d5df74b96f72f71b5
                                                                                                                                                                        • Opcode Fuzzy Hash: 3498a025c29a1beb79b4c33d9388a448d468dd8768116bfb4bd88f5de9fc7b01
                                                                                                                                                                        • Instruction Fuzzy Hash: 51D1B622F19AC684FB058F78C4205FC6761FB95B88F949571DE9D2668AEF3CD64AC300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2B5D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57networkCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastbind
                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock2.c
                                                                                                                                                                        • API String ID: 2328862993-3200932406
                                                                                                                                                                        • Opcode ID: 8475ffe534be1b52f8a83a963f2585e8110bc00f71c71f802b4263a764d0a002
                                                                                                                                                                        • Instruction ID: 6c0731b30471c2bc878fa075fac41bb65d097334695f8c283def91697540098d
                                                                                                                                                                        • Opcode Fuzzy Hash: 8475ffe534be1b52f8a83a963f2585e8110bc00f71c71f802b4263a764d0a002
                                                                                                                                                                        • Instruction Fuzzy Hash: 3421C331B1814286E754DB25E810ABD77A0FB80B84F4041B5EA6D07BDDDF3DE54A8B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4B56 Relevance: 5.2, Strings: 4, Instructions: 213COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\aes\aes_ige.c$assertion failed: (AES_ENCRYPT == enc) || (AES_DECRYPT == enc)$assertion failed: (length % AES_BLOCK_SIZE) == 0$assertion failed: in && out && key && ivec
                                                                                                                                                                        • API String ID: 0-3998121876
                                                                                                                                                                        • Opcode ID: bdc6c35671cd519ba0f6c89cc0cdc4cd3b216387f9b3e1cd6f25cac115cc41fd
                                                                                                                                                                        • Instruction ID: 44ce616f424560327d1bcab945815cb770a2ee3918e734029e08abdbb253fe1e
                                                                                                                                                                        • Opcode Fuzzy Hash: bdc6c35671cd519ba0f6c89cc0cdc4cd3b216387f9b3e1cd6f25cac115cc41fd
                                                                                                                                                                        • Instruction Fuzzy Hash: 42A1D232F08B82CAE715CF24D5549AD73A0FB5D748F869221EFAC57649EB38E685C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6EF1 Relevance: 4.2, Strings: 3, Instructions: 470COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $$..\s\crypto\bn\bn_exp2.c$O
                                                                                                                                                                        • API String ID: 0-847529346
                                                                                                                                                                        • Opcode ID: 554028a80b8bf4b7172acb72c99aea29435f578fcd174ec26a85c0cf1bef3866
                                                                                                                                                                        • Instruction ID: 53c66761be058f779bdb57f86a6521e73c52068ac917df0cc658d3b208a723b6
                                                                                                                                                                        • Opcode Fuzzy Hash: 554028a80b8bf4b7172acb72c99aea29435f578fcd174ec26a85c0cf1bef3866
                                                                                                                                                                        • Instruction Fuzzy Hash: AF02B921B0C74286E7589A5AA460A7A77D0FF85BC4F584075EE6E4F7CDDE3DE4068700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5B0F Relevance: 4.1, Strings: 3, Instructions: 386COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\pkcs7\pk7_smime.c$Verify error:$smime_sign
                                                                                                                                                                        • API String ID: 0-155679235
                                                                                                                                                                        • Opcode ID: 27813321bcefd40d26e19b55eaa39aaef7f16f39f4387f163caafd9e78bc7963
                                                                                                                                                                        • Instruction ID: d51517e4938332423b9482b878acd7678690b715d00709d3da404cc0a8a2c47d
                                                                                                                                                                        • Opcode Fuzzy Hash: 27813321bcefd40d26e19b55eaa39aaef7f16f39f4387f163caafd9e78bc7963
                                                                                                                                                                        • Instruction Fuzzy Hash: 11F19426B0964286EB68DB129431EBE77A0EF84B84F040475ED6D4B7DDDF3CE54A8B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFACDF7D0 Relevance: 4.1, Strings: 3, Instructions: 381COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $ $.0
                                                                                                                                                                        • API String ID: 0-647222018
                                                                                                                                                                        • Opcode ID: f53e3ebc2cea6853dd015bf8171a1bb926fea5978b16c90e006d1bf4ee0bec8d
                                                                                                                                                                        • Instruction ID: a99576e80a2857027b14ea2a693ee33df32ceaa0a049bb36f97c3ca068e15ece
                                                                                                                                                                        • Opcode Fuzzy Hash: f53e3ebc2cea6853dd015bf8171a1bb926fea5978b16c90e006d1bf4ee0bec8d
                                                                                                                                                                        • Instruction Fuzzy Hash: 4C028F36B0834286EB5C9F229435BBC36D0FF40B88F084176D92E5A6DDDF3CA45987A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5169 Relevance: 3.9, Strings: 3, Instructions: 182COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $ $@
                                                                                                                                                                        • API String ID: 0-2546599590
                                                                                                                                                                        • Opcode ID: f2644830250c31aea3305b6dee589843c6a07d26a44212c961f7c0c9858f5bc0
                                                                                                                                                                        • Instruction ID: c9f4cf3a30c1b2c7b9c0c4ee1921147743d30b181ccc8271e91c9ee444d59529
                                                                                                                                                                        • Opcode Fuzzy Hash: f2644830250c31aea3305b6dee589843c6a07d26a44212c961f7c0c9858f5bc0
                                                                                                                                                                        • Instruction Fuzzy Hash: B461E973B1929187E374CA1AD4A0A6EBB90F3853D4F844176EA9D87FC9C93CD909CB41
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5A60 Relevance: 3.9, APIs: 3, Instructions: 160COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2162964266-0
                                                                                                                                                                        • Opcode ID: a111926b472cdd026b707c3c06e64bc37270c2157892f8b40b4e5e2067466ab3
                                                                                                                                                                        • Instruction ID: a77021fb04ed2e49c49f59e70631a93abea9c3cc90d61f9d3af1f2699e5dfbac
                                                                                                                                                                        • Opcode Fuzzy Hash: a111926b472cdd026b707c3c06e64bc37270c2157892f8b40b4e5e2067466ab3
                                                                                                                                                                        • Instruction Fuzzy Hash: B8513B66B042E04ADBA4CB5968699BD3BD5F7047C1F099076DFED4778ADE2CC641C310
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA22AC Relevance: 3.9, APIs: 3, Instructions: 110COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: a6b09ffb963c1d315ef66330ae7513fcda920f5995490242336111b0b524ed7e
                                                                                                                                                                        • Instruction ID: d49cef082f73b908bb9bceaebace6a31357abc7710d87c59ce747f3555a9c9f0
                                                                                                                                                                        • Opcode Fuzzy Hash: a6b09ffb963c1d315ef66330ae7513fcda920f5995490242336111b0b524ed7e
                                                                                                                                                                        • Instruction Fuzzy Hash: EA412216B187C183E728C728D4613BDAB91EBD6780F44C176DACD1BA9ADE2CE54AC700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA655F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 509COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID: ..\s\crypto\ec\ec_asn1.c
                                                                                                                                                                        • API String ID: 2162964266-62808776
                                                                                                                                                                        • Opcode ID: 0a51c55e710c6e031bccc3e373a16ac6aeadda2483132d883634016af90b15dc
                                                                                                                                                                        • Instruction ID: 00005c7cdabbab58b3800fd532f7118424c5ca3f43f5d17ac2faa1c3f8eeeb5c
                                                                                                                                                                        • Opcode Fuzzy Hash: 0a51c55e710c6e031bccc3e373a16ac6aeadda2483132d883634016af90b15dc
                                                                                                                                                                        • Instruction Fuzzy Hash: 27229121B0C642C2FB689B11C4B0B7962A1FF44B88F808075ED6D4BBD9DF7CE9469742
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA54CF Relevance: 3.3, APIs: 1, Strings: 1, Instructions: 259COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID: `|
                                                                                                                                                                        • API String ID: 2221118986-2662563857
                                                                                                                                                                        • Opcode ID: be0732203a70db9a96819cbc212d1a5854527bda7276c3d6f52d229dbcb6ffce
                                                                                                                                                                        • Instruction ID: 8428c28584a99f83a06576e2cadeeace9a0323e97168dfc4f2b9419760e7251c
                                                                                                                                                                        • Opcode Fuzzy Hash: be0732203a70db9a96819cbc212d1a5854527bda7276c3d6f52d229dbcb6ffce
                                                                                                                                                                        • Instruction Fuzzy Hash: CBA1F662B08B8585FF14CBA6E851ABD33A5BB48BC4F514436DE2D5BB98DE3CD146C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4359 Relevance: 3.1, Strings: 2, Instructions: 637COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\rsa\rsa_gen.c$T
                                                                                                                                                                        • API String ID: 0-459210079
                                                                                                                                                                        • Opcode ID: a2afc47d5de673f13dc38b15edc8f63842ba21b585907d34311ec223ec1f9dfa
                                                                                                                                                                        • Instruction ID: 3a29e585fb84b16e55fef26639c52e3633d46185a194cf7851ad269c9287b7e3
                                                                                                                                                                        • Opcode Fuzzy Hash: a2afc47d5de673f13dc38b15edc8f63842ba21b585907d34311ec223ec1f9dfa
                                                                                                                                                                        • Instruction Fuzzy Hash: E842C429B0974286EF599A22A061A7D63D0FF45BC0F044175EEAE57BCEDF3CE4568700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1A4B Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID: @
                                                                                                                                                                        • API String ID: 2221118986-2766056989
                                                                                                                                                                        • Opcode ID: 5871c7b66a309cf4b09220130cfa0452ed19186941ea21fefdbe485ba4461854
                                                                                                                                                                        • Instruction ID: ddacfaf7aa1fde318e956b1ed625a6d73357169f360337dfcdf0c896d3d7ec6c
                                                                                                                                                                        • Opcode Fuzzy Hash: 5871c7b66a309cf4b09220130cfa0452ed19186941ea21fefdbe485ba4461854
                                                                                                                                                                        • Instruction Fuzzy Hash: 05216232728B4486DA548B56A5A026A62B1FB8CB80F406535FF8D4BB54DF3CE5A08700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2E8C Relevance: 3.0, APIs: 2, Instructions: 495COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 74f30090324b672413da9ca174315d695224bb818384edc0d107c847e0ad9d06
                                                                                                                                                                        • Instruction ID: 35fd4b558eebff782ef4b4cef6c5c9457ff40c2771f7fdedf5dd1c7a1ca9ade1
                                                                                                                                                                        • Opcode Fuzzy Hash: 74f30090324b672413da9ca174315d695224bb818384edc0d107c847e0ad9d06
                                                                                                                                                                        • Instruction Fuzzy Hash: 2D022523F092E18FF315CBB944A05FC3FF1A762389745006ADE99A7B8AC53C951AD760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA65A0 Relevance: 3.0, Strings: 2, Instructions: 454COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\rsa\rsa_chk.c$3
                                                                                                                                                                        • API String ID: 0-1220129049
                                                                                                                                                                        • Opcode ID: 9312ee92c760115a9768c0c39bf0d76b29115fe05449a5d8a23cc7581918c926
                                                                                                                                                                        • Instruction ID: 481f103d5e7c51e1db58c6ce7d674f8424e26b1f3d8487dbdf7bfa82de6bab51
                                                                                                                                                                        • Opcode Fuzzy Hash: 9312ee92c760115a9768c0c39bf0d76b29115fe05449a5d8a23cc7581918c926
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C12D125B0868686E7689B62E520FBE73D4FF44784F444075EE6E47ACECF3CE54A9600
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1CC1 Relevance: 2.9, Strings: 2, Instructions: 372COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\pkcs7\pk7_doit.c$x
                                                                                                                                                                        • API String ID: 0-1293469523
                                                                                                                                                                        • Opcode ID: bc35ea6d0a89c78172df2494b52654d742011497f6eda5d27c35643d4342ce42
                                                                                                                                                                        • Instruction ID: bf53de7a6a14deac69a9028742d22928e558e650f6adedbeefec7b6d803e7f20
                                                                                                                                                                        • Opcode Fuzzy Hash: bc35ea6d0a89c78172df2494b52654d742011497f6eda5d27c35643d4342ce42
                                                                                                                                                                        • Instruction Fuzzy Hash: 76F14E26F0868286FB68DB169460A7E77A0FF88B84F444075EA6D4B7DDDF7DE4068700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6F28 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\pkcs12\p12_crt.c$:
                                                                                                                                                                        • API String ID: 0-2681564914
                                                                                                                                                                        • Opcode ID: 91390e4270c299501e6b48783b20747718766b6c360c92b612d51629b71760cc
                                                                                                                                                                        • Instruction ID: 4a6ba79f2c3768a82ceb539d7946630dad41f5a57543e1c56f7c64eded8299a7
                                                                                                                                                                        • Opcode Fuzzy Hash: 91390e4270c299501e6b48783b20747718766b6c360c92b612d51629b71760cc
                                                                                                                                                                        • Instruction Fuzzy Hash: CEC15325B0C64389FB6D9A169561EBEA6D1AF45BC0F044074FD6D4BBDEEF2CF4068600
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2766 Relevance: 2.8, Strings: 2, Instructions: 322COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\rsa\rsa_ssl.c$J
                                                                                                                                                                        • API String ID: 0-3717188103
                                                                                                                                                                        • Opcode ID: 9bf9e9984dc14a64b9e8cfe88f7a573b54dee9f6eac4365e6f5f543602cc742b
                                                                                                                                                                        • Instruction ID: 65ecb69f6f4642988dbb41b4fbc120fa41898a0b82a7a4860c969403b6f2d309
                                                                                                                                                                        • Opcode Fuzzy Hash: 9bf9e9984dc14a64b9e8cfe88f7a573b54dee9f6eac4365e6f5f543602cc742b
                                                                                                                                                                        • Instruction Fuzzy Hash: B6C1E3377286818BD758CF29E451AAE7BA1F385744F40A129FA9B87BC9DE3CD404CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5DA3 Relevance: 2.8, Strings: 2, Instructions: 276COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\asn1\a_object.c$I
                                                                                                                                                                        • API String ID: 0-1862382675
                                                                                                                                                                        • Opcode ID: 25913abc9b15af554500cd971072eafb1449fbeeca9cc1be88de94e7cdd2f124
                                                                                                                                                                        • Instruction ID: 38c3b1f506717589436bdfcdf95d0cfa917ee8754d068cf216bb268a0a8e3493
                                                                                                                                                                        • Opcode Fuzzy Hash: 25913abc9b15af554500cd971072eafb1449fbeeca9cc1be88de94e7cdd2f124
                                                                                                                                                                        • Instruction Fuzzy Hash: 46B1C262B0968385EB688E15D070B7A67A1FF81740F8401B5EEAE4B6C9DF3CE649C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA275C Relevance: 2.8, APIs: 2, Instructions: 260COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: f68bbef17c2619aa7538ca985f0d05f970de2937097a9b90f705c67e5ad2469a
                                                                                                                                                                        • Instruction ID: f1e0a7eaefb5a9b87e61b3b304584b4097fab5b8c89445f555d3b98df601fdf4
                                                                                                                                                                        • Opcode Fuzzy Hash: f68bbef17c2619aa7538ca985f0d05f970de2937097a9b90f705c67e5ad2469a
                                                                                                                                                                        • Instruction Fuzzy Hash: F9A1092331A2C58FD30DCE7C49504AD6F61E366A0474885AEDF94EB78BC918DA29C7B1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3A8F Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\cms\cms_pwri.c$i
                                                                                                                                                                        • API String ID: 0-405502633
                                                                                                                                                                        • Opcode ID: e3d51405f227b430536e1b52dadb7a9c284afe0da1426774b17ead956436e7a7
                                                                                                                                                                        • Instruction ID: cb555c616bef8269cea2b9191368f345573f753209f1ae028e7061c25cdf3878
                                                                                                                                                                        • Opcode Fuzzy Hash: e3d51405f227b430536e1b52dadb7a9c284afe0da1426774b17ead956436e7a7
                                                                                                                                                                        • Instruction Fuzzy Hash: BAA18161B09B8282FBA9DB51E421AB976D4EF84B80F444175EE7D4BBC9DF3CE4068700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6D5C Relevance: 2.7, APIs: 2, Instructions: 186COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2162964266-0
                                                                                                                                                                        • Opcode ID: 1c97625de21e4190d7316ec354854285b55a883de0c50795c5d73f048393105d
                                                                                                                                                                        • Instruction ID: c4dacf5b43a35666373090916d887eba53ab1d1fe1329fb72f080d208aa109a1
                                                                                                                                                                        • Opcode Fuzzy Hash: 1c97625de21e4190d7316ec354854285b55a883de0c50795c5d73f048393105d
                                                                                                                                                                        • Instruction Fuzzy Hash: FD51269BF082924BE75C8A2584B47BD2691FB11B98F144079DD5A0FBC9DE3DE846C310
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4287 Relevance: 2.7, APIs: 2, Instructions: 183COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 038d77fe90f1a8ab9e57f1742d626266c8388c7d9a3c2ee0b4d3477791783865
                                                                                                                                                                        • Instruction ID: e90babcf9f694d48b9833143025560e327158e55bdb6c361733a618cb40640f6
                                                                                                                                                                        • Opcode Fuzzy Hash: 038d77fe90f1a8ab9e57f1742d626266c8388c7d9a3c2ee0b4d3477791783865
                                                                                                                                                                        • Instruction Fuzzy Hash: EC61D276B0974297EB58CB0AD5A0A7873A1FB48780F40C036DA2D4B799EF3CE566C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA216C Relevance: 2.6, APIs: 2, Instructions: 150COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: 718e3d9c456202800df337672b6c2f09e970ded3d6b6eabefbbf8dd4312df873
                                                                                                                                                                        • Instruction ID: 554356c83dcfe8ee4aca985795d7a60da369b9620e44c93b97c18dc01b48e5a5
                                                                                                                                                                        • Opcode Fuzzy Hash: 718e3d9c456202800df337672b6c2f09e970ded3d6b6eabefbbf8dd4312df873
                                                                                                                                                                        • Instruction Fuzzy Hash: C2517E233292C18FC31DCF7C48508AD7F61D366A4474881ADDFC59B78BC918DA29CBA1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1217 Relevance: 2.6, APIs: 2, Instructions: 102COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: 84a74a417f333ba4190bbb5d65c0b8a2d73aebede607cec58e98ed21af644b86
                                                                                                                                                                        • Instruction ID: defd9ff0a1bc02763440da435c4f65fb49d9927bc469fdda3b311af04b098302
                                                                                                                                                                        • Opcode Fuzzy Hash: 84a74a417f333ba4190bbb5d65c0b8a2d73aebede607cec58e98ed21af644b86
                                                                                                                                                                        • Instruction Fuzzy Hash: 7B410726B297C1C3D714CB28D410A7C6B61E796B88F48D1B5DB5D1BB8ADF2DE186C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6A87 Relevance: 2.6, APIs: 2, Instructions: 102COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: 29c448f939a496797526196591817613a7da3c6896cf860c94d1bbc56d9bad7f
                                                                                                                                                                        • Instruction ID: 04b2c4010199b9d6e41411a0d8af780ebd3808df7042a660e154eb753213d9b3
                                                                                                                                                                        • Opcode Fuzzy Hash: 29c448f939a496797526196591817613a7da3c6896cf860c94d1bbc56d9bad7f
                                                                                                                                                                        • Instruction Fuzzy Hash: 9A41D32330D2D08BD31DCB6D949046D7F61E766740B48C0A9DBE687F87CA2CE569C721
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4403 Relevance: 1.8, Strings: 1, Instructions: 505COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\rsa\rsa_oaep.c
                                                                                                                                                                        • API String ID: 0-1437405514
                                                                                                                                                                        • Opcode ID: d79bbbb27c242f1968ee9db1b3b037b0ba9350e6df8b416dcb27db9b678a0ac5
                                                                                                                                                                        • Instruction ID: 33d233a92880b4d7f022f955ae760e5f10b20b9b66deea32e282396ea10ca532
                                                                                                                                                                        • Opcode Fuzzy Hash: d79bbbb27c242f1968ee9db1b3b037b0ba9350e6df8b416dcb27db9b678a0ac5
                                                                                                                                                                        • Instruction Fuzzy Hash: 92120877728A8286DB54CF29E454ABEB7A0F785784F405239EB9A47789EF3CD504C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA15C8 Relevance: 1.7, Strings: 1, Instructions: 474COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\pkcs7\pk7_doit.c
                                                                                                                                                                        • API String ID: 0-3382977829
                                                                                                                                                                        • Opcode ID: 1bf53d41fe1d4cb8ab0f1208157fd90a2a575a73ec351884194e2ffc2f045224
                                                                                                                                                                        • Instruction ID: cf291077c072c53dc7b10372ba283c736f799dfb4c2964225f5c342d4f6a2ebe
                                                                                                                                                                        • Opcode Fuzzy Hash: 1bf53d41fe1d4cb8ab0f1208157fd90a2a575a73ec351884194e2ffc2f045224
                                                                                                                                                                        • Instruction Fuzzy Hash: A9126025B0DA4286EB18DB52A464ABE77A0FF84B84F444075EE6D4BBDDDF3CE4068700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4A53 Relevance: 1.6, Strings: 1, Instructions: 323COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\x509v3\v3_addr.c
                                                                                                                                                                        • API String ID: 0-810650312
                                                                                                                                                                        • Opcode ID: 7e4f4548e992544a6f9d53afeda8e42a3c4b9e15b4ca7496aae615efd40be9a7
                                                                                                                                                                        • Instruction ID: 1ff119c78f27d2aadde067bed3f714d1072682e5b1d18625ecb4342f552c2643
                                                                                                                                                                        • Opcode Fuzzy Hash: 7e4f4548e992544a6f9d53afeda8e42a3c4b9e15b4ca7496aae615efd40be9a7
                                                                                                                                                                        • Instruction Fuzzy Hash: 9EC1B32AB0D6D285FF5D9A61D124BBE32D5EF85B84F0940B4DE2E4A2C9DF3CE446C600
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4F3E Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\srp\srp_vfy.c
                                                                                                                                                                        • API String ID: 0-1562427933
                                                                                                                                                                        • Opcode ID: 7a800fc909ce4ceb28e85ecdbd335bd13a30d86e5aaecafb8d55a8216a923512
                                                                                                                                                                        • Instruction ID: 44231bfc16b2b537860cdab325e20c7b7d103d369babed1c845b128dfad5c48a
                                                                                                                                                                        • Opcode Fuzzy Hash: 7a800fc909ce4ceb28e85ecdbd335bd13a30d86e5aaecafb8d55a8216a923512
                                                                                                                                                                        • Instruction Fuzzy Hash: F4D18F2AB09B9281EB999B22D461A7D36D4EF48F84F0440B5DD6D4B7CEEF3CE5068700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA72AC Relevance: 1.5, Strings: 1, Instructions: 297COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\bn\bn_exp.c
                                                                                                                                                                        • API String ID: 0-1093918245
                                                                                                                                                                        • Opcode ID: 58fda75826cebd11efdfccb8c542fd85f1fdc44cf7c3b0fd1be6faa4a1997644
                                                                                                                                                                        • Instruction ID: 1b324bd72f63b08ce6087cea3cb7f29b67e0179ef06381af7f46325070c3d9d8
                                                                                                                                                                        • Opcode Fuzzy Hash: 58fda75826cebd11efdfccb8c542fd85f1fdc44cf7c3b0fd1be6faa4a1997644
                                                                                                                                                                        • Instruction Fuzzy Hash: 6EA19515B0864385FB689A265930A7A73C5BF45BC0F888470ED6D5FBCDDE3CE44B8610
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA32E7 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\rsa\rsa_pk1.c
                                                                                                                                                                        • API String ID: 0-1840266846
                                                                                                                                                                        • Opcode ID: b694fcb47f22c6b031bfb22aada5d4542d7b94bf830cec2861c51578beacb261
                                                                                                                                                                        • Instruction ID: 7c8c067faee521fb71cf031eda82e7bde02bdca080220cccf440423a63d1db4a
                                                                                                                                                                        • Opcode Fuzzy Hash: b694fcb47f22c6b031bfb22aada5d4542d7b94bf830cec2861c51578beacb261
                                                                                                                                                                        • Instruction Fuzzy Hash: BF91117772C2918BD718CF29E465ABE77A0F785744F409139EA9A87AC9DE3CD409CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA50AB Relevance: 1.5, APIs: 1, Instructions: 240COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: 3ed4036d9b1085c8e9612c79fd766977092f2bd988c1f66242e4ecabbbc669c8
                                                                                                                                                                        • Instruction ID: f8eb7e2f55be61f58c29b0cfcb5d28082edc7864398134e8dddcfc34d3e963b1
                                                                                                                                                                        • Opcode Fuzzy Hash: 3ed4036d9b1085c8e9612c79fd766977092f2bd988c1f66242e4ecabbbc669c8
                                                                                                                                                                        • Instruction Fuzzy Hash: FE912A67708BC186EB168B65A4106BEBBA0FB85BD4F144671EFAA07789EF3CD145C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC59B90 Relevance: 1.5, Strings: 1, Instructions: 237COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\pem\pvkfmt.c
                                                                                                                                                                        • API String ID: 0-3212655678
                                                                                                                                                                        • Opcode ID: 23e36d8ca71714a8e7ff0b75fd2a1db85ecaf9358b026ce54b2e39240f33bba7
                                                                                                                                                                        • Instruction ID: 4bfe95808889dcf65f1c2e6f6f370c2db0c27d258cd0224441349ebd907c3afe
                                                                                                                                                                        • Opcode Fuzzy Hash: 23e36d8ca71714a8e7ff0b75fd2a1db85ecaf9358b026ce54b2e39240f33bba7
                                                                                                                                                                        • Instruction Fuzzy Hash: 9AA1E56A71C6828AEB68DB159420BBEA790FF41B84F4440B5EA5D4B7C9DF3DD009CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA542F Relevance: 1.5, APIs: 1, Instructions: 234COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a35673c394823c65308f449b2d01726725d2da29126279a831590c33ae2710ee
                                                                                                                                                                        • Instruction ID: 84f197723060725c135a1ed76d57dc8a5ba785626a1b5c404c461ca801bc1c9d
                                                                                                                                                                        • Opcode Fuzzy Hash: a35673c394823c65308f449b2d01726725d2da29126279a831590c33ae2710ee
                                                                                                                                                                        • Instruction Fuzzy Hash: A5913766718B8186DB158F69D010ABD7BA0FB85B88F408632EFAE17785EF3CD595C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC57BC0 Relevance: 1.5, Strings: 1, Instructions: 222COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\pem\pvkfmt.c
                                                                                                                                                                        • API String ID: 0-3212655678
                                                                                                                                                                        • Opcode ID: 458f2772297198591a1fe2ae5ef4cce91e9dfcc622c74d18374950ce6c9a7954
                                                                                                                                                                        • Instruction ID: 8fabaf63c71b4e6c0ec7d4ac61f004af165164f0d1dfcd0a6ce1e10b742f4c04
                                                                                                                                                                        • Opcode Fuzzy Hash: 458f2772297198591a1fe2ae5ef4cce91e9dfcc622c74d18374950ce6c9a7954
                                                                                                                                                                        • Instruction Fuzzy Hash: 5F81D71570D7828AEB599A17543197EB2E1AF84BC0F484474FE6E0BBCDEE7CE4468700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6FFF Relevance: 1.5, APIs: 1, Instructions: 218COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 657e8f9e049a6dd69271d1fac707f79abeb375130e9837873798fd2462894200
                                                                                                                                                                        • Instruction ID: 7668a2525df077651d04fabab1dc5ad0695d673fe2ecc3a77af0e3059dd92ee6
                                                                                                                                                                        • Opcode Fuzzy Hash: 657e8f9e049a6dd69271d1fac707f79abeb375130e9837873798fd2462894200
                                                                                                                                                                        • Instruction Fuzzy Hash: B981A576B05F159AEB58CB5AE9506AC33A5F748BC4F109036CE1D5BB98EF38E062C340
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3693 Relevance: 1.5, APIs: 1, Instructions: 203COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: 7967b813be7fc4e466cf3324491fea5721077392d3f96492e25d7bfa0a96bdaf
                                                                                                                                                                        • Instruction ID: a840072771bd1306bbb8f5354c0d31d05c89c0ab9e045372cc4a9a4a1b55d6c0
                                                                                                                                                                        • Opcode Fuzzy Hash: 7967b813be7fc4e466cf3324491fea5721077392d3f96492e25d7bfa0a96bdaf
                                                                                                                                                                        • Instruction Fuzzy Hash: 39714533B28A5582EB28CB14E861FE9B361FB94344F855279DA5E07AC9DF3CE545C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3FDA Relevance: 1.5, APIs: 1, Instructions: 202COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f44ec6583623cadabea8ff49e97309d2135f30d52f6322a303a011523387cc64
                                                                                                                                                                        • Instruction ID: 5052d788d41e7ed1775df978019f227f23f6218ba06dd1cd4ff27c97375c6be5
                                                                                                                                                                        • Opcode Fuzzy Hash: f44ec6583623cadabea8ff49e97309d2135f30d52f6322a303a011523387cc64
                                                                                                                                                                        • Instruction Fuzzy Hash: 69917B07A0E2E09DD3068BB550648FC7FB4962B74870ED49AEFE557B8BC118C295EB31
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5F10 Relevance: 1.4, APIs: 1, Instructions: 161COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: 1499dd352869757ebcecd2c17f8a3a4e143fdd48dbea7b0b7a3542c83bd5f992
                                                                                                                                                                        • Instruction ID: f54f87a11c98cdd1374fcd72c46da4d299a245994249baa38ec868b679f96cb1
                                                                                                                                                                        • Opcode Fuzzy Hash: 1499dd352869757ebcecd2c17f8a3a4e143fdd48dbea7b0b7a3542c83bd5f992
                                                                                                                                                                        • Instruction Fuzzy Hash: 955139667097C186DF158B669420A7EABA0FB49BD8F084972EFAD07BC9CE2CD551C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3486 Relevance: 1.4, APIs: 1, Instructions: 145COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2162964266-0
                                                                                                                                                                        • Opcode ID: 4d2774c63caf3f93dc05cb687ec856f6f43bbc9d03341f09af49d94cd95b7c4d
                                                                                                                                                                        • Instruction ID: 77ace18338c438561468d64a8236ea5d4c4036b0800b2b5aac4944456a953949
                                                                                                                                                                        • Opcode Fuzzy Hash: 4d2774c63caf3f93dc05cb687ec856f6f43bbc9d03341f09af49d94cd95b7c4d
                                                                                                                                                                        • Instruction Fuzzy Hash: 9E51CF26B08F8582EB148F29D4506AE73A4FB4AB88F548135EE5D0779DEF39D581C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4746 Relevance: 1.4, APIs: 1, Instructions: 145COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2162964266-0
                                                                                                                                                                        • Opcode ID: 37dc09c37b99c00ecdb2e6f73f9b58c04b83e71852e7fec29b480021338af4a7
                                                                                                                                                                        • Instruction ID: 7874a01d0d21de9b12bbe1bb285bdd6f428233d90ee636bfb2ed8ff5cc984cc5
                                                                                                                                                                        • Opcode Fuzzy Hash: 37dc09c37b99c00ecdb2e6f73f9b58c04b83e71852e7fec29b480021338af4a7
                                                                                                                                                                        • Instruction Fuzzy Hash: 4851D022B08B8582DB548F29E4516AE73B4FB8AB88F448135EF9D4779DDF39D581C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA68CA Relevance: 1.4, APIs: 1, Instructions: 142COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2221118986-0
                                                                                                                                                                        • Opcode ID: 5e94288c9bcf745e05a40f27e60fe26aff92f5ffb1426dc666a3bb0b8b9c7cc5
                                                                                                                                                                        • Instruction ID: 215e6a1cc8487d5f1ec68714c245d78e063aaac3ebea3ca9cf2e2cfcbf1da42f
                                                                                                                                                                        • Opcode Fuzzy Hash: 5e94288c9bcf745e05a40f27e60fe26aff92f5ffb1426dc666a3bb0b8b9c7cc5
                                                                                                                                                                        • Instruction Fuzzy Hash: AC515467718BC185DB59CF39D0506AE6BE0EB49B98F088471EE9D47789EE3CC981C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA60DC Relevance: 1.4, APIs: 1, Instructions: 130COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2162964266-0
                                                                                                                                                                        • Opcode ID: 90779fe433b001c33b4489c2d0ef97bce2bec0ee503a9c5bcea7a4bc7bd333a7
                                                                                                                                                                        • Instruction ID: 0c2dab1900fd82574d4f5e37f56b94ed7b6bcfff6a4b0dba7320655274590f60
                                                                                                                                                                        • Opcode Fuzzy Hash: 90779fe433b001c33b4489c2d0ef97bce2bec0ee503a9c5bcea7a4bc7bd333a7
                                                                                                                                                                        • Instruction Fuzzy Hash: D651F953F247C19DFB018778C4512FC7770AB77348F14536AEE9876A87EB29918A8310
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA7257 Relevance: 1.4, APIs: 1, Instructions: 101COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2162964266-0
                                                                                                                                                                        • Opcode ID: 811c84c3a106c7c826490b071ee316ac3392c0738f9ab2b23e0623a2fd00f0c5
                                                                                                                                                                        • Instruction ID: 46c246453519ea9cb2f5a3779ae9657f93dd3ef50fcd638e03d922802ac15108
                                                                                                                                                                        • Opcode Fuzzy Hash: 811c84c3a106c7c826490b071ee316ac3392c0738f9ab2b23e0623a2fd00f0c5
                                                                                                                                                                        • Instruction Fuzzy Hash: 78416D66608B4583DB358B29E4502AEB7E4FB4CB88F448225DFDE47B99EF3CE1418704
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC43B80 Relevance: 1.3, APIs: 1, Instructions: 91COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2162964266-0
                                                                                                                                                                        • Opcode ID: c85b4b3220d300b6dcc8b48aad6da7d456bbc34c8f7d18d89779c635de45cba6
                                                                                                                                                                        • Instruction ID: 5260dde76dfdc72e122c32e1988f6124e9da981c5cae30725ce18235ddcfc73c
                                                                                                                                                                        • Opcode Fuzzy Hash: c85b4b3220d300b6dcc8b48aad6da7d456bbc34c8f7d18d89779c635de45cba6
                                                                                                                                                                        • Instruction Fuzzy Hash: E0317E36B1CB8585DB609F26E45026EB7A4EB88BA4F480132EE9C03B99DF3CD255C704
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA53C1 Relevance: 1.3, Instructions: 1338COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f72b910ed5814a80dd555d0a55d161dcff1908adf8c9cb3c2a5987fe7f1f8b8b
                                                                                                                                                                        • Instruction ID: 8c9c82f451b45861e724cda5e527fca1e14dd912b4fca9d200b6d78c0085ffae
                                                                                                                                                                        • Opcode Fuzzy Hash: f72b910ed5814a80dd555d0a55d161dcff1908adf8c9cb3c2a5987fe7f1f8b8b
                                                                                                                                                                        • Instruction Fuzzy Hash: F592D1B37285644BE76CCB29B431E7A37A1F39DB88F84602EDE0747A44DD2D9951CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3A85 Relevance: .9, Instructions: 949COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5b853ff717ed4c0dbec40eaabb250b4c8432882082814baab27b07a214d9da2c
                                                                                                                                                                        • Instruction ID: 371db3a7a3697fed1bd577ef6cb4575b3d20f16c3cdf00e4ef9288a3f16496d8
                                                                                                                                                                        • Opcode Fuzzy Hash: 5b853ff717ed4c0dbec40eaabb250b4c8432882082814baab27b07a214d9da2c
                                                                                                                                                                        • Instruction Fuzzy Hash: 61727EB26141A48BD39CCF2CA46263E7691F388781F81512EEB97C7BC5CA3CE955CB44
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3832 Relevance: .9, Instructions: 947COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: db24ec6daae5074bcb24c051fc298fdcaa665f86419714f89859830d050ba49d
                                                                                                                                                                        • Instruction ID: cf39f6694b50071544439f9e8f8abf0ffc8e461b8da0e567706784d84ce617bb
                                                                                                                                                                        • Opcode Fuzzy Hash: db24ec6daae5074bcb24c051fc298fdcaa665f86419714f89859830d050ba49d
                                                                                                                                                                        • Instruction Fuzzy Hash: 897281B37244244BE76CDB29B831E7A3391F3ADB88F85612EEE0747A44DD2D5956CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2D0B Relevance: .9, Instructions: 936COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: cce99e404f8691b5be868a71d7e1732ce3cb72cc51e46c037228effbb8d3a574
                                                                                                                                                                        • Instruction ID: c9ccb45f617db39fdbe94122d9fb4c6ff831940c45d0eb412039762a81156e22
                                                                                                                                                                        • Opcode Fuzzy Hash: cce99e404f8691b5be868a71d7e1732ce3cb72cc51e46c037228effbb8d3a574
                                                                                                                                                                        • Instruction Fuzzy Hash: 5A72CF733301B4879394C63E4898C2E36D2E78A341BD6A719EED1CB785D93EE406DB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4633 Relevance: .9, Instructions: 936COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f9410af5c5d1851f89651bd0756eb86bbef2db8ac95b7fa20850733525bcbbb8
                                                                                                                                                                        • Instruction ID: 6a7ee0092b5fdf6623e2b52222c32e4ecb8587d8b50916453c46dc6cc458fa66
                                                                                                                                                                        • Opcode Fuzzy Hash: f9410af5c5d1851f89651bd0756eb86bbef2db8ac95b7fa20850733525bcbbb8
                                                                                                                                                                        • Instruction Fuzzy Hash: 0E72CF733301B4879394C63E4898C2E36D2E78A341BD6A719EED1CB785D93EE406DB64
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA10AA Relevance: .9, Instructions: 886COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 00861b91baafa90710116cef1f3193f5e4630aa33d7e283941048f3771d0c605
                                                                                                                                                                        • Instruction ID: 9477ac5d9e34ef8442194c619677caad804d4651159bf4ba832793b4f0bfb1fb
                                                                                                                                                                        • Opcode Fuzzy Hash: 00861b91baafa90710116cef1f3193f5e4630aa33d7e283941048f3771d0c605
                                                                                                                                                                        • Instruction Fuzzy Hash: 828204736300688BE3928F2E5418EAB3799FB5978DF83A205EB819B645C53DFD05CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA378D Relevance: .9, Instructions: 886COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 292777a953c9535b84e357e6739cd9d8105579c0b8feae30729318ecb86c5128
                                                                                                                                                                        • Instruction ID: 08d596b224f38bce32951488b9c568def066a74c7142b4d15b42d17d87b6963f
                                                                                                                                                                        • Opcode Fuzzy Hash: 292777a953c9535b84e357e6739cd9d8105579c0b8feae30729318ecb86c5128
                                                                                                                                                                        • Instruction Fuzzy Hash: 158214736300688BE3928F2E5418EAB3799FB5978DF83A205EB819B645C53DFD05CB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABD6310 Relevance: .9, Instructions: 881COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 19315b98f5cd458771c0638d41154ad42e43e3075076644c4b8e7c98e88e6ebf
                                                                                                                                                                        • Instruction ID: dd5d3e0d76238ba88f474291572ba03c088dc79ba2c71c071ec78d520d7184d2
                                                                                                                                                                        • Opcode Fuzzy Hash: 19315b98f5cd458771c0638d41154ad42e43e3075076644c4b8e7c98e88e6ebf
                                                                                                                                                                        • Instruction Fuzzy Hash: 75620753B157E84ACE558BADB8273A96EA4D3953C1F486036EBDD03F96DA3CE211C310
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6CBC Relevance: .7, Instructions: 705COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4036a71b09bcfbd494ebe4bb27adcd7657560767430df20915ec1542b7b8d30b
                                                                                                                                                                        • Instruction ID: e52ccf6d90350a17b59ff11030d3199c8e0903d56d9545d59ca6bc08556c0fbc
                                                                                                                                                                        • Opcode Fuzzy Hash: 4036a71b09bcfbd494ebe4bb27adcd7657560767430df20915ec1542b7b8d30b
                                                                                                                                                                        • Instruction Fuzzy Hash: B552A1737301B44BE3518B2E985CD6A3798F3567C9FD2520AFB818BA41C93DA906DF90
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5B73 Relevance: .6, Instructions: 592COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3cef6a4629197e9c0bdf84d1fab91b86f3d72881661dc8e501ccca497ba73e17
                                                                                                                                                                        • Instruction ID: 13b0559754d866b426fb2534a96a421ba8c699e2e7fc5664e9fda6b06d342fb7
                                                                                                                                                                        • Opcode Fuzzy Hash: 3cef6a4629197e9c0bdf84d1fab91b86f3d72881661dc8e501ccca497ba73e17
                                                                                                                                                                        • Instruction Fuzzy Hash: 32327DB6F90A6596DB048F16E90178D7B64F319BC8F898526DF9C83B54EB38E472C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA177B Relevance: .6, Instructions: 566COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 248a1b1f953c07950550d0fed5197040e7e2b796ea8bde93e7e2abbcde639fa0
                                                                                                                                                                        • Instruction ID: 098c497afc4a1579de7937fe05807e8bf1e034d6d105558040626f82ef23fa78
                                                                                                                                                                        • Opcode Fuzzy Hash: 248a1b1f953c07950550d0fed5197040e7e2b796ea8bde93e7e2abbcde639fa0
                                                                                                                                                                        • Instruction Fuzzy Hash: 4722D4A2210BE58AF720DFA8A451ACFBB31F349789F59611AEFD927744C738D119D310
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6C21 Relevance: .6, Instructions: 554COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e590900a6e0120ee690f1286acccf1daa36367a4752bc1c9946b47df92236b43
                                                                                                                                                                        • Instruction ID: 525a39010797306839bfa6544dc609ee27d2423a94a45ae7b7525911d8ab20d3
                                                                                                                                                                        • Opcode Fuzzy Hash: e590900a6e0120ee690f1286acccf1daa36367a4752bc1c9946b47df92236b43
                                                                                                                                                                        • Instruction Fuzzy Hash: BD329512E08F9A52E6274B39D4036B66710EFB7BC8F00E717FED871592DF75A9899200
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABD2850 Relevance: .5, Instructions: 540COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 20a1c6215b183fcb32d5c067edaab6608c2d04b4218f86c1f68138d02e417ffa
                                                                                                                                                                        • Instruction ID: 15cb02b01848efbf4d81eeb87833f65b5137ce3b247945ec09ec60a66c7f94bb
                                                                                                                                                                        • Opcode Fuzzy Hash: 20a1c6215b183fcb32d5c067edaab6608c2d04b4218f86c1f68138d02e417ffa
                                                                                                                                                                        • Instruction Fuzzy Hash: EB42B2935196D1CEE721CF39C8627ED7BA0E361348F444656D7C81B98BDA2CC2AED720
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1D83 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9364b6cf415b0bf4474d27a0c7904f60d690c1347ac814cc56d9874b251e818b
                                                                                                                                                                        • Instruction ID: a3a21ca5a984248f8a119968ea58623514b084daff568d48aa411c23bc56da14
                                                                                                                                                                        • Opcode Fuzzy Hash: 9364b6cf415b0bf4474d27a0c7904f60d690c1347ac814cc56d9874b251e818b
                                                                                                                                                                        • Instruction Fuzzy Hash: 5D020C732250F08BE32A8B3D6C65D7A3A91F3963837865119EF939BAC5C43CE905D760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4D04 Relevance: .5, Instructions: 479COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 83737f194ead3c4296f9afd4f03f6282291e46c6f76d94dc84c4d8b2b546e96f
                                                                                                                                                                        • Instruction ID: 957e3e31fa124b71f1106d3514d4b507ed34abfa5cfde9ecbc7894ed00f39d06
                                                                                                                                                                        • Opcode Fuzzy Hash: 83737f194ead3c4296f9afd4f03f6282291e46c6f76d94dc84c4d8b2b546e96f
                                                                                                                                                                        • Instruction Fuzzy Hash: B222CEB7A482A0ABD7158F2582A05AE3FA1F7177607888352DBD54378AC73DB537CB10
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA114F Relevance: .5, Instructions: 464COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: aa32eeea1beafbe02c917f28a136cd0c9fbf24de7bb31c927031117a00a23c85
                                                                                                                                                                        • Instruction ID: f2d6a078dd97e19e18b0e81edf863b825b14ccc8b7c0f6528e9d95df468cad5a
                                                                                                                                                                        • Opcode Fuzzy Hash: aa32eeea1beafbe02c917f28a136cd0c9fbf24de7bb31c927031117a00a23c85
                                                                                                                                                                        • Instruction Fuzzy Hash: 0122CF12E18FD991E2139B3991035B66320FFB77C8F04E316FED8B1593EF65A6999200
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA23F1 Relevance: .4, Instructions: 432COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c527e7ab8babe2e87635d1d24e2a0aba8fa974909ae1099a2522755bb05623c8
                                                                                                                                                                        • Instruction ID: 63dab132c2ab71319053f4217e807aa7c30c6b1c3529cf9550e6528c14169b18
                                                                                                                                                                        • Opcode Fuzzy Hash: c527e7ab8babe2e87635d1d24e2a0aba8fa974909ae1099a2522755bb05623c8
                                                                                                                                                                        • Instruction Fuzzy Hash: 2612B212E1CFC951E2135B3991035B66320BFBB2D8F00D326FFD8715A3EB66B695A211
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABD74F0 Relevance: .4, Instructions: 380COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 52f8d7f2cd8b28d26ac1b59818e75e15c4d0890c6e77090747d4ffe09635e767
                                                                                                                                                                        • Instruction ID: 21428ba9dc9b44f114fef398b568baa7992cbec123181c7440599090eed4ade7
                                                                                                                                                                        • Opcode Fuzzy Hash: 52f8d7f2cd8b28d26ac1b59818e75e15c4d0890c6e77090747d4ffe09635e767
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C024772B14B9189EB10CFA9E8412DD77B1FB88788B509226EE8C67B59EF38D155C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA362F Relevance: .4, Instructions: 379COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5cc30a081efe11a797ff2686d0ae94bcc47158b4d466771f7ecddba3d7ba8655
                                                                                                                                                                        • Instruction ID: 7f67cbc33f0a39cd8722664a49b0c847179a2ba79c4b6f0cc748c24a2fc3db9d
                                                                                                                                                                        • Opcode Fuzzy Hash: 5cc30a081efe11a797ff2686d0ae94bcc47158b4d466771f7ecddba3d7ba8655
                                                                                                                                                                        • Instruction Fuzzy Hash: 81E1C22360C1E04EE365CF3D581466EBFE1F396788F49815AEAE99778AC53CC605CB20
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA592F Relevance: .4, Instructions: 368COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4a4633fdc87e7b634ad160c1f4ae9304ce922ffa51860aedbafa1eabd1bcf066
                                                                                                                                                                        • Instruction ID: 85d78c1d5d4f4eb5ba6b4fadf5e8955880e3d9e669b084eec584f4c674e5d132
                                                                                                                                                                        • Opcode Fuzzy Hash: 4a4633fdc87e7b634ad160c1f4ae9304ce922ffa51860aedbafa1eabd1bcf066
                                                                                                                                                                        • Instruction Fuzzy Hash: F7020826718B8A92DB149F16E10199EB720F789BC8F445112EFDC63B6DCF39E54ACB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1622 Relevance: .4, Instructions: 354COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e46ec02a18b919f8193dc932ec7cdf28da9960692f62ecf363d4081756637bd2
                                                                                                                                                                        • Instruction ID: 22ea6564811fad1b7108c986b441596455f04d89520c7ee8ce5ee641cd3e6ae4
                                                                                                                                                                        • Opcode Fuzzy Hash: e46ec02a18b919f8193dc932ec7cdf28da9960692f62ecf363d4081756637bd2
                                                                                                                                                                        • Instruction Fuzzy Hash: 93D11632B2126C4BD781CB2E9C68E6A37E4FB88787BC65115EB898B745C53CE511DF20
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5E25 Relevance: .4, Instructions: 351COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e6ed80f6c992a17ac94c220819185da579957008e33c89f1e2df6ea0ff46f3c8
                                                                                                                                                                        • Instruction ID: d7eb70bc83bb301337048e7e51429cf9fecf86086f1ba71311579194daebf8d4
                                                                                                                                                                        • Opcode Fuzzy Hash: e6ed80f6c992a17ac94c220819185da579957008e33c89f1e2df6ea0ff46f3c8
                                                                                                                                                                        • Instruction Fuzzy Hash: AAC12533B1859147EB1CCB2484E58BC3792F796360BA4467ADA6B47BC9DE3CE906C710
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6EBF Relevance: .3, Instructions: 345COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 05887614e0bc767a11a4e176b6bfca2ae9b9d72950885c49ab4f471e5032be22
                                                                                                                                                                        • Instruction ID: a459f44a5db8e5c150e654b2e967ad3b7780dae09a5351251c953d8db6f65443
                                                                                                                                                                        • Opcode Fuzzy Hash: 05887614e0bc767a11a4e176b6bfca2ae9b9d72950885c49ab4f471e5032be22
                                                                                                                                                                        • Instruction Fuzzy Hash: 28D1E423B0C1E08EE315CF7990A09FD3FA2F7563897548296DE9A63B8EC539850DCB50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5BF0 Relevance: .3, Instructions: 341COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4ac70c7ab748f141723d1f55619a708a4900ff5a298b2287073e8ba4c3cf3fd7
                                                                                                                                                                        • Instruction ID: ded87fd99bbd85f948e587b41c6f2e013ce08a319060061493e4df7992f9f696
                                                                                                                                                                        • Opcode Fuzzy Hash: 4ac70c7ab748f141723d1f55619a708a4900ff5a298b2287073e8ba4c3cf3fd7
                                                                                                                                                                        • Instruction Fuzzy Hash: 5AD18C9BC28FDA45F313533D54436A2E610AFFB5D9A60E303FDF471A62EB50B2956220
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABE1170 Relevance: .3, Instructions: 339COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a07ab6f18259561bfeab30513e20a5cb0a150631511bcf00e3bfcac924954b0f
                                                                                                                                                                        • Instruction ID: a2e8dfaa7a1057c80e696c28e68fb4c3b2644c165d60c51e2bc00547e287d3d8
                                                                                                                                                                        • Opcode Fuzzy Hash: a07ab6f18259561bfeab30513e20a5cb0a150631511bcf00e3bfcac924954b0f
                                                                                                                                                                        • Instruction Fuzzy Hash: E1D16C72B157488FDB94CFA9B881A9977E5F75C788B101129FE4D93B18EB38E450CB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA638E Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 9cc3889d782c79d9e543db25d085ac0869dd65f29ec2f818788b96b0f612c187
                                                                                                                                                                        • Instruction ID: 26067a9693c08b7a1b87bcd372b14de97302043f5228fd43b615edf297c9aaa9
                                                                                                                                                                        • Opcode Fuzzy Hash: 9cc3889d782c79d9e543db25d085ac0869dd65f29ec2f818788b96b0f612c187
                                                                                                                                                                        • Instruction Fuzzy Hash: 62D13C7AB0964685FB998F279060B7E72D5AF44F94F188075DE7D872C8DF38E882C610
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1B31 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ce08ce7c573c959832e82406a1388de925696ea788e23b2bd1abcf4d74806b4b
                                                                                                                                                                        • Instruction ID: ea107127765e00a72bd583c4420ba2cb93dae9aaeb767acea8364ffa29b53c81
                                                                                                                                                                        • Opcode Fuzzy Hash: ce08ce7c573c959832e82406a1388de925696ea788e23b2bd1abcf4d74806b4b
                                                                                                                                                                        • Instruction Fuzzy Hash: A9C1DC2361C5D08EE325CF3D581056EBFE0F395789B49C266EAD99778AC93CC605CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2D74 Relevance: .3, Instructions: 322COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6a70e13ef3b91c95bb774ee8859c960c5bcb5a8d07da860ee05cdc35c86286c8
                                                                                                                                                                        • Instruction ID: e6e4f099b16a0f7f866d2ced2118c6f047303c8b0113b4edcd594eb744235fa3
                                                                                                                                                                        • Opcode Fuzzy Hash: 6a70e13ef3b91c95bb774ee8859c960c5bcb5a8d07da860ee05cdc35c86286c8
                                                                                                                                                                        • Instruction Fuzzy Hash: 3DC1CB2361C5D08ED325CF3D581056EBFE0F395749B49C266EAD99B78AC93CC605CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1424 Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: fe0b305a810c3dd714dee24831cf5fc5cc81c13efff43961c7af98f988b3d733
                                                                                                                                                                        • Instruction ID: c0fe90e7d869f508cd1a942ff38b4279f7df8c61970cc143a869093804ce8786
                                                                                                                                                                        • Opcode Fuzzy Hash: fe0b305a810c3dd714dee24831cf5fc5cc81c13efff43961c7af98f988b3d733
                                                                                                                                                                        • Instruction Fuzzy Hash: 03C1DA2361C6D08ED3258F3D581056EBFE0F395789B49C266EAD9DB78AC93CC605CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA707C Relevance: .3, Instructions: 320COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 362c51a3f55d89ac045ac24c520604487287d39d6e2e2aded9eb9b8f2a5d527a
                                                                                                                                                                        • Instruction ID: 034be43c3f61dd544a1bc4db6ec8c7d7b4241a6369d31b2d004ae417cffc89f3
                                                                                                                                                                        • Opcode Fuzzy Hash: 362c51a3f55d89ac045ac24c520604487287d39d6e2e2aded9eb9b8f2a5d527a
                                                                                                                                                                        • Instruction Fuzzy Hash: E8D1EB2361C1D08ED325CF3D581056EBFE0F395788B49C266EAD99779AC93CC606CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5047 Relevance: .3, Instructions: 311COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5b95e5e77d96c19dc5ce115033c0fd58265ed22e8ea848b81b2ee8901b299b68
                                                                                                                                                                        • Instruction ID: edc708cfe5e9e920e9af0de99676b266448faf8cd3ec98ece4c0565201099b3f
                                                                                                                                                                        • Opcode Fuzzy Hash: 5b95e5e77d96c19dc5ce115033c0fd58265ed22e8ea848b81b2ee8901b299b68
                                                                                                                                                                        • Instruction Fuzzy Hash: 49F1FC16D1CFC583E6254B3996017BA7720FBBA348F01E716EFDD219A5DB28F2E59200
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2135 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a890de17be83d001fcb758339d8193a180c65fdcf0563b7d04b8630fdc579976
                                                                                                                                                                        • Instruction ID: 6ca5b99aaa8a7a90f3cc99fa547a5fa018b2f073028681cb38d828068f06201f
                                                                                                                                                                        • Opcode Fuzzy Hash: a890de17be83d001fcb758339d8193a180c65fdcf0563b7d04b8630fdc579976
                                                                                                                                                                        • Instruction Fuzzy Hash: B0C1C72360C2D08EE315CF3E58105AEBFE1F396785F49816AEAD99B78AC53CD605C760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA21B7 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 27e62f737758dae337447b602359adbf09852cdc41acd6917bbaa959044eb385
                                                                                                                                                                        • Instruction ID: 58eecaaa6140750a123e6eaa5e8125f8ab4751858a5eb0bf44cf79961e32f291
                                                                                                                                                                        • Opcode Fuzzy Hash: 27e62f737758dae337447b602359adbf09852cdc41acd6917bbaa959044eb385
                                                                                                                                                                        • Instruction Fuzzy Hash: D1B1A42361C1E08BE3198F3D581056DBFE1E3C6785B48826AFBD587B9AC53CD615CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3189 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ccc2bbd3da922a6cfbb63aa8388989369f02ee8ac7ec75532c65717351cc38c8
                                                                                                                                                                        • Instruction ID: 71747d00f516b7494e97d5c582f7e6e4e9c362c823a6fb6f9ebea77ddb27286c
                                                                                                                                                                        • Opcode Fuzzy Hash: ccc2bbd3da922a6cfbb63aa8388989369f02ee8ac7ec75532c65717351cc38c8
                                                                                                                                                                        • Instruction Fuzzy Hash: C4B1E72360C1E08EE325CF3D581456EBFE0F395789B49C16AEAD99B78AC53CD605CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC2E870 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 8177bd9618e0cec05dd59f69a05c4f7dc10c6440cb20bc0738baf0f23956fc9d
                                                                                                                                                                        • Instruction ID: a1d35980e87cbc292c6d8743d24617e4e0be7e37695a6824a84e3944153ffb72
                                                                                                                                                                        • Opcode Fuzzy Hash: 8177bd9618e0cec05dd59f69a05c4f7dc10c6440cb20bc0738baf0f23956fc9d
                                                                                                                                                                        • Instruction Fuzzy Hash: 41E13E73E247918AE755CF78E4405DD77B0F788748F10A219EF9AA3A09EB38E655CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABD7CD0 Relevance: .3, Instructions: 282COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 161828ea132f36b4e1cddbfcf72eb70efdb21485d1ddb4dd7562e77e6ae49246
                                                                                                                                                                        • Instruction ID: a8cd4e6e7fc1cbb6a1b415fbdcdcbfb389bbab0e2929d0e0962c54956006a690
                                                                                                                                                                        • Opcode Fuzzy Hash: 161828ea132f36b4e1cddbfcf72eb70efdb21485d1ddb4dd7562e77e6ae49246
                                                                                                                                                                        • Instruction Fuzzy Hash: 15C10863719BD686DB10CB68E8516EC7BB0F785388F405262EAEC17A99DF3CC609C750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4C37 Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7565459d3e1c1f22596448eb96ac7d59455b646c121016a3576d8c2f9717a4ad
                                                                                                                                                                        • Instruction ID: c93623d93ea14813de381329f19141c7fae8eb1fcceb0701e9160b121ca67aa4
                                                                                                                                                                        • Opcode Fuzzy Hash: 7565459d3e1c1f22596448eb96ac7d59455b646c121016a3576d8c2f9717a4ad
                                                                                                                                                                        • Instruction Fuzzy Hash: 9AA114733284B14BD358CB3D986197D3FE0E34A345B84826AE6FAC76D5CA2DD102DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1EA1 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2c58c16c67685a1dd4f5efaf869e70213c6cd1f1574c49cdc9d546bd8485df39
                                                                                                                                                                        • Instruction ID: c4a2abfec0f224dabe1a15b56297a318b98e9b6835105301aa8cdc3dc5ff5ea6
                                                                                                                                                                        • Opcode Fuzzy Hash: 2c58c16c67685a1dd4f5efaf869e70213c6cd1f1574c49cdc9d546bd8485df39
                                                                                                                                                                        • Instruction Fuzzy Hash: 78816C21B5C6C157EF25492CECC85A8B202EB553B67988376DEFA173CDC46CD409C3A9
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAABD260 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c22f4c2f8a87cdd9f0ed309bebd387621a261441b6d8ac56699f3d37615408d9
                                                                                                                                                                        • Instruction ID: aceeacaf4eec8d7125a9944c835fd28587914a0899704d22a3649487d8433507
                                                                                                                                                                        • Opcode Fuzzy Hash: c22f4c2f8a87cdd9f0ed309bebd387621a261441b6d8ac56699f3d37615408d9
                                                                                                                                                                        • Instruction Fuzzy Hash: 17B16922D1DB8246F70F3A3544636A4A2305FA2294F50CB73FDBD719EBDF29B6895110
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA60A0 Relevance: .2, Instructions: 235COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 79f4814f67f255b74c1f4b6e4feda20f529e9aca074f6cd34a0ff66a5a62cbfc
                                                                                                                                                                        • Instruction ID: ec198e921edde6579148bd4de4df0973a63d3a53678f657d771d6831b56759f1
                                                                                                                                                                        • Opcode Fuzzy Hash: 79f4814f67f255b74c1f4b6e4feda20f529e9aca074f6cd34a0ff66a5a62cbfc
                                                                                                                                                                        • Instruction Fuzzy Hash: 99813963A0C1E449E3398B7C981067EFFD0F385781F488266DBE9C7686DA2CD129D760
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4AC5 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7e40b39b3bd9499e3926c3a4bffdd5d0a505ff9723240a16d2e82412089b0ecc
                                                                                                                                                                        • Instruction ID: eeaf0baacfa65376ec51ca1e67c452d3c7407d264e251d82af3b248c1aa35a58
                                                                                                                                                                        • Opcode Fuzzy Hash: 7e40b39b3bd9499e3926c3a4bffdd5d0a505ff9723240a16d2e82412089b0ecc
                                                                                                                                                                        • Instruction Fuzzy Hash: 2B81B3737342A047B36DCF2AA925E1ABB92E7D5781B92F028DF1A57F45C97CC9018B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABE17A0 Relevance: .2, Instructions: 228COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 460b0f4e791674332b2adbce976b3d5cd249c1c5dd72393c4ef6c54103ffa2da
                                                                                                                                                                        • Instruction ID: 6ee6af121905cdbdb7ebb43654c295865b9ca271bd102cadaaadc0ab281f84de
                                                                                                                                                                        • Opcode Fuzzy Hash: 460b0f4e791674332b2adbce976b3d5cd249c1c5dd72393c4ef6c54103ffa2da
                                                                                                                                                                        • Instruction Fuzzy Hash: F3815FF7F122488FDB94CF4AD888A19BBE6F75C7D47109029EA0D87755E638E990CB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAB0FA00 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d3f1eabcfadb4821f448e016ea46659a27905afe1450c1c6435b865bfba55d3c
                                                                                                                                                                        • Instruction ID: a554b2ac082d35495140170c379944d3bdf6c84e7b7e4ef89ce628d2cf59cd7a
                                                                                                                                                                        • Opcode Fuzzy Hash: d3f1eabcfadb4821f448e016ea46659a27905afe1450c1c6435b865bfba55d3c
                                                                                                                                                                        • Instruction Fuzzy Hash: F0713972710E6486E610DFA2A76099FB3A0F709784B8AF02ADF5D57A00CF38E531E204
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAB82EB0 Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d8fe7171f63d2047d9c62e5803d7c37ea8d54f7fac5b1bf867863a77c533f711
                                                                                                                                                                        • Instruction ID: a2cf7f1949e12b109be1e2b3924cf0505cf942e539fe5dc904baa8648d9b18ac
                                                                                                                                                                        • Opcode Fuzzy Hash: d8fe7171f63d2047d9c62e5803d7c37ea8d54f7fac5b1bf867863a77c533f711
                                                                                                                                                                        • Instruction Fuzzy Hash: F461F373728A8986D718CF09E8516BAB394F785780F849229EE4E87B88CF3DD155CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4101 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3657c22d657d82545d51f264321db67b52188f81d3a5a75bcf40b78b309aa663
                                                                                                                                                                        • Instruction ID: 99b39f71ef83100a2ff8d9ca8b877f11b539d74588299db47768d89d02295a09
                                                                                                                                                                        • Opcode Fuzzy Hash: 3657c22d657d82545d51f264321db67b52188f81d3a5a75bcf40b78b309aa663
                                                                                                                                                                        • Instruction Fuzzy Hash: 92A11716E18FC592E2264F399502AFAB720FFA5348F04A312EFD922555DF39E296D700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABD0010 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b3f0b026ceecc755196254419a2848c0d52d1bd8592fb85b9ebfe20176f2fdec
                                                                                                                                                                        • Instruction ID: 86232f6b99a95d9d883457f2e0231d4c7a863bc969485018d684053923846106
                                                                                                                                                                        • Opcode Fuzzy Hash: b3f0b026ceecc755196254419a2848c0d52d1bd8592fb85b9ebfe20176f2fdec
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C61D6936252D44FC3458F5C5C0864E3FA8E33529074E4399EAD0E3783D538EB56C395
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAACB850 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7abf04df097b58dc43d448dae1bea91e9e2838f1560663f91aa421f345a576dc
                                                                                                                                                                        • Instruction ID: b6ec8c0b12e48edf617b13d67031b5c9b57d50ce9050f71a431deeb6cb85752d
                                                                                                                                                                        • Opcode Fuzzy Hash: 7abf04df097b58dc43d448dae1bea91e9e2838f1560663f91aa421f345a576dc
                                                                                                                                                                        • Instruction Fuzzy Hash: B68163731251309FD399EF3AC5A4AAB33E2F388315F43D61AEF4217A89D63069059B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAACB4C0 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ce8632f9f139cc3efc9ec3a1f564e0de36c16f64674d7716defb8e5bb9a0a39c
                                                                                                                                                                        • Instruction ID: 01705fbdbd8d748e71a9e56f34212b9fb5b24055c33c271b7d451bd6130b4fbd
                                                                                                                                                                        • Opcode Fuzzy Hash: ce8632f9f139cc3efc9ec3a1f564e0de36c16f64674d7716defb8e5bb9a0a39c
                                                                                                                                                                        • Instruction Fuzzy Hash: FB8174331251309FD399EF3AC5A4EAB33D6F388315F43D61AEF4217A89D630A9059B94
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA59F7 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2a673e9c318c80664d27a4e96135dd0378f1b33b10d45d9c4861db18491c323c
                                                                                                                                                                        • Instruction ID: fc0dc3931555922423d3448c75b8fc5040cb4bcea8213b2b27d49ce7978b87ec
                                                                                                                                                                        • Opcode Fuzzy Hash: 2a673e9c318c80664d27a4e96135dd0378f1b33b10d45d9c4861db18491c323c
                                                                                                                                                                        • Instruction Fuzzy Hash: 686119E6F50F9883EB548B9EA402B886760F719FC5F555116DE2C67301EA3DE9A3C340
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA11CC Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5d76a38581f68d09caf72309198d4b5009230d7334d63c8824f1aa152769df62
                                                                                                                                                                        • Instruction ID: 85992922b99869014f4eff8eccdf3356bf7323ce4a368d3d95508e504e3e1503
                                                                                                                                                                        • Opcode Fuzzy Hash: 5d76a38581f68d09caf72309198d4b5009230d7334d63c8824f1aa152769df62
                                                                                                                                                                        • Instruction Fuzzy Hash: 22712467B0CBD081EB158B29E4645BE7BA0E78AB84F558071EFAD07B89DE3CD195C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAC5200 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 03282caaa59ae584afb1fdd952aba01ea79758bb020cc3ce56a3aa0079c67ab1
                                                                                                                                                                        • Instruction ID: 8b3ae0e7974b5e92bf7573c3dc83c9bcacd0631a65351bdad4203b6ff97ac760
                                                                                                                                                                        • Opcode Fuzzy Hash: 03282caaa59ae584afb1fdd952aba01ea79758bb020cc3ce56a3aa0079c67ab1
                                                                                                                                                                        • Instruction Fuzzy Hash: B051C961B20A9486ED41DF35B95928BE351EB857D4F2CA621CF953BB0DCF38E406E700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4165 Relevance: .2, Instructions: 174COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a519008620bcacfaeb8f593aa0cea9cc14275d2eaec8c00c3863f3990a319042
                                                                                                                                                                        • Instruction ID: 6f0f01e56198a3960c0a452a6979e47b4e6d43abb1d39b180a5d0f24efa5626c
                                                                                                                                                                        • Opcode Fuzzy Hash: a519008620bcacfaeb8f593aa0cea9cc14275d2eaec8c00c3863f3990a319042
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D913312E18FC592E7264B2D95026FAB720FFA5388F04A311EFD912665DF39E696C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA30C1 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 6e996fe2cc516c9ab083854352fedda4aea82bc9f2aef65b8ec3ebd6a6286bee
                                                                                                                                                                        • Instruction ID: 1164eb4da445252bbdfe5d38ee0940a3fa513a0105ef1e37dc62e38bf9c1d1d4
                                                                                                                                                                        • Opcode Fuzzy Hash: 6e996fe2cc516c9ab083854352fedda4aea82bc9f2aef65b8ec3ebd6a6286bee
                                                                                                                                                                        • Instruction Fuzzy Hash: AF717923B10BA289FB11CFB8D8545EC37B0FB59788B545626DE9D22B89EF34C559C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2289 Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c11e39c713196dabc3c0658c47b57e4a7c782c2e0f7de0809d8d2a43aa4e3805
                                                                                                                                                                        • Instruction ID: bf1acd2fa181f4c273921a9a098ffe5100dbff3a51988b32bd2041b17a7575e4
                                                                                                                                                                        • Opcode Fuzzy Hash: c11e39c713196dabc3c0658c47b57e4a7c782c2e0f7de0809d8d2a43aa4e3805
                                                                                                                                                                        • Instruction Fuzzy Hash: C261892360E2E04AD32987295865A7D7FA4F396341F46C16AEFF5C3B86D92CC109DB21
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA26E9 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 461379863cf9d15cd0dc00e8c09273370a335ca85961ed77b4b926f1e1469c99
                                                                                                                                                                        • Instruction ID: 5b7eaef74777ad9476622c5d5c43957e9d9ad09cd5648c1d11bb96e17a018f86
                                                                                                                                                                        • Opcode Fuzzy Hash: 461379863cf9d15cd0dc00e8c09273370a335ca85961ed77b4b926f1e1469c99
                                                                                                                                                                        • Instruction Fuzzy Hash: 6051981360E2E08BD31DCB3D586547D7FE4E396341B4A826AEBF583A86C91CC505DF20
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3B93 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 903803bdf3e4223b36ae970d97dbd80649d4c317271844b74a0748cbcf42c85f
                                                                                                                                                                        • Instruction ID: 82ede42d70e35360092a7f9e64d314fc5a92bc6eac3a1c4edd9988a8e94f64f1
                                                                                                                                                                        • Opcode Fuzzy Hash: 903803bdf3e4223b36ae970d97dbd80649d4c317271844b74a0748cbcf42c85f
                                                                                                                                                                        • Instruction Fuzzy Hash: 4D51A31360E2E08AD31DCA3D586487D7FE4D296341B0A926AEBF683B96C91CC505DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA53A8 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 5576b53a55b6a16d035483c57be646310a6da15e82da9b3f3581a8cc63de7624
                                                                                                                                                                        • Instruction ID: 33395908bdc84fd71105cf50c253541a64dde041e523b50ba4deac865c939eda
                                                                                                                                                                        • Opcode Fuzzy Hash: 5576b53a55b6a16d035483c57be646310a6da15e82da9b3f3581a8cc63de7624
                                                                                                                                                                        • Instruction Fuzzy Hash: 5851A32361E2E08BD31DCA3D586487D7FE4D392241B4A927EEBF587786C92CC505DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2982 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 98c5f2bf02dd495cbf6e201563b4dd346741a85430376688e6ac2595f40065e4
                                                                                                                                                                        • Instruction ID: f5a53cda2450f96c94dfbff6eca6eacf4d6fe2bc65f5edc4adc21a80a31b201a
                                                                                                                                                                        • Opcode Fuzzy Hash: 98c5f2bf02dd495cbf6e201563b4dd346741a85430376688e6ac2595f40065e4
                                                                                                                                                                        • Instruction Fuzzy Hash: 3051932361E2E08BD31DCA3D586487D7FE4D396240B4A827EEBF583786C92CC509DB61
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA25EF Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: f3d2ae0fb2ae41ea0100e537ef6f97cfc73e435d6e71bb5b2ac385d2960ed7af
                                                                                                                                                                        • Instruction ID: 415554da0387633b7313cf77fb605cafcd2f50cb280e90337340c250246d1c4b
                                                                                                                                                                        • Opcode Fuzzy Hash: f3d2ae0fb2ae41ea0100e537ef6f97cfc73e435d6e71bb5b2ac385d2960ed7af
                                                                                                                                                                        • Instruction Fuzzy Hash: F151812361E2E08BD31DCA3D586487D7FE4D392340B4A92AAEBF583787C92CC505DB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA72C5 Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 8d1ef424232b176ee8407845387620f614d821929b75d77cfcae84685c004c19
                                                                                                                                                                        • Instruction ID: 1ae14d992102d01e6fcb8b4e003ab7c6689e5f54a798f01bcd03016ec295152f
                                                                                                                                                                        • Opcode Fuzzy Hash: 8d1ef424232b176ee8407845387620f614d821929b75d77cfcae84685c004c19
                                                                                                                                                                        • Instruction Fuzzy Hash: 3251F71361D6D48AD321CB6D684095EBFB4E3E7380F49816AFFD887B8AC92CD515CB60
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA35FD Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: da9b93f8e8c2708fe92dac5bd56709be68f878fa41d2f0a959a3d98330d83e20
                                                                                                                                                                        • Instruction ID: cdd307b51e3aaa5ff6022dbf3ce7e1f68baf08583a3c26d5e896ee101165e636
                                                                                                                                                                        • Opcode Fuzzy Hash: da9b93f8e8c2708fe92dac5bd56709be68f878fa41d2f0a959a3d98330d83e20
                                                                                                                                                                        • Instruction Fuzzy Hash: F651DBF3B62B9485D7918FA9E444BC837A8F329F95F215125EB4C6B351DB328A62C301
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABD6010 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 720de07fca5af9850bdfbebacd101da6a708df0e93d31f6781f0f6b7cb206d1e
                                                                                                                                                                        • Instruction ID: 927aa8b8e8763f18bcd13fb19bbf7d9485e2421b259ad963d0d11c245a544550
                                                                                                                                                                        • Opcode Fuzzy Hash: 720de07fca5af9850bdfbebacd101da6a708df0e93d31f6781f0f6b7cb206d1e
                                                                                                                                                                        • Instruction Fuzzy Hash: 84511A73B146948BE770CF2CD445AAAB3A0FB59784F51A225EB8D47E16DB39E181CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA57D1 Relevance: .2, Instructions: 151COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e7b429bc3c5dc52eba19228ed4ed037c7ba74b3883854889dc996976c0b582ef
                                                                                                                                                                        • Instruction ID: 6336179594395d30d0e144f783a03129c9061685fe579785bd15d92b82c04dc6
                                                                                                                                                                        • Opcode Fuzzy Hash: e7b429bc3c5dc52eba19228ed4ed037c7ba74b3883854889dc996976c0b582ef
                                                                                                                                                                        • Instruction Fuzzy Hash: D45145677097E183EB48CB78657496E2B51F395380F85C478CF8E5BB8ACA38D912C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1CFD Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3fe2bddeaab777d9ccc5ba678a69a2e4d0addb5fb7177fd537703ecc17820515
                                                                                                                                                                        • Instruction ID: bd826f873ae86d74df43e9e17e2745587a8521728963d32d8406f1a848718f00
                                                                                                                                                                        • Opcode Fuzzy Hash: 3fe2bddeaab777d9ccc5ba678a69a2e4d0addb5fb7177fd537703ecc17820515
                                                                                                                                                                        • Instruction Fuzzy Hash: 7A512D13B1E2E08EF306CBBD4C108AD3FB4A76638474981A9EED4A7787C538C615C7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5D8A Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 84c1fcf324d5e04f6f6b71c3e45ea2e62efe35192ccc39626a7f0f18a22d070c
                                                                                                                                                                        • Instruction ID: 41381e9b7b0cb19edd26cf74bdc953dac2907e024d8692b4ec95edd11be0cf74
                                                                                                                                                                        • Opcode Fuzzy Hash: 84c1fcf324d5e04f6f6b71c3e45ea2e62efe35192ccc39626a7f0f18a22d070c
                                                                                                                                                                        • Instruction Fuzzy Hash: F751FB13B1E2E08EF306CBBD4C109AD3FB4A7663887498169DED4A7747C538D615C7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA29CD Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ecacd768df3258682bf6c6f5d5a2bf8a88b370bc77fe60cc97f9a9d8e42927d9
                                                                                                                                                                        • Instruction ID: 1298961e0b7b4535aa8b82f946d0641415e8302398ea29a464076544852c8b97
                                                                                                                                                                        • Opcode Fuzzy Hash: ecacd768df3258682bf6c6f5d5a2bf8a88b370bc77fe60cc97f9a9d8e42927d9
                                                                                                                                                                        • Instruction Fuzzy Hash: 75511C13B1E2E48EF305CBBD4C108AD3FB4A76634474A8169EED897787C938D615C3A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6564 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 952c9eaf195a9ef5a18a027aae4236090fe2b1d5ac3522b351654d9b80199602
                                                                                                                                                                        • Instruction ID: fe2dd4ed35813d069a6336223658cfd082bce97eab6b4d66c44f9806d8e490ea
                                                                                                                                                                        • Opcode Fuzzy Hash: 952c9eaf195a9ef5a18a027aae4236090fe2b1d5ac3522b351654d9b80199602
                                                                                                                                                                        • Instruction Fuzzy Hash: BA511C17B1E2E48EF306CBBD4C008AD3FB4A7663447498169EED4A7747C538C615C7A1
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA704A Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3b7520ecd34a5f98c0d4df2dd33c16ee396c24eb9d19151283d5ae67f4b90e27
                                                                                                                                                                        • Instruction ID: 7ee8cf5fb8ba4cfec323c2a06dc6288ca79d4738e87d23266121ca48a4530f9a
                                                                                                                                                                        • Opcode Fuzzy Hash: 3b7520ecd34a5f98c0d4df2dd33c16ee396c24eb9d19151283d5ae67f4b90e27
                                                                                                                                                                        • Instruction Fuzzy Hash: 2051EA13B1E2E48DF306CBBD4C109AD3FB4A76634474A91A9EED897747C538D615C3A0
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABCD170 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: dc212c888b553e55b04c6f47be32d5d674f3bd31990d748fc3adc2244303a04a
                                                                                                                                                                        • Instruction ID: ba2ac6894d74f51dbc1d211eeaed28eff402abef5b46bdf4b40d30b00f130db3
                                                                                                                                                                        • Opcode Fuzzy Hash: dc212c888b553e55b04c6f47be32d5d674f3bd31990d748fc3adc2244303a04a
                                                                                                                                                                        • Instruction Fuzzy Hash: 7A41EE837163CC8F8E158B6E004158D6F61E236F85368E05ACA8C5B363D53EE75BD362
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC41AD0 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 119be9f4298c1c49e9878a0f19aeec92f5bf66c85eedddf3c7e4808b9ae99f76
                                                                                                                                                                        • Instruction ID: 8588810f4a41205c22de072c50b9efbc1da64dc9e06d7875331cf4ee782cc036
                                                                                                                                                                        • Opcode Fuzzy Hash: 119be9f4298c1c49e9878a0f19aeec92f5bf66c85eedddf3c7e4808b9ae99f76
                                                                                                                                                                        • Instruction Fuzzy Hash: B0415E73601B9886D680DFA5B855F9A72B8F369B80F659129EE8C57700EF35C0A6C340
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC42C40 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: a2c02205b39493cf62bbc7d8e78f2a05d3fd49df28b2545b728861bff9a15a74
                                                                                                                                                                        • Instruction ID: 7797ab7b7ffa328e43049e76bb0689204aed0d9caf33b9b1f4285935392d8140
                                                                                                                                                                        • Opcode Fuzzy Hash: a2c02205b39493cf62bbc7d8e78f2a05d3fd49df28b2545b728861bff9a15a74
                                                                                                                                                                        • Instruction Fuzzy Hash: 7C4162061491F10ACA5A863A25E04FC7F96C2B37D2328D08A6AE943F83C11ED15FFB21
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4E4E Relevance: .1, Instructions: 132COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b4a9fb93aeffd8a9e016f8861177fa6345238ca5ca846a4b62d3c9ca57fab3a7
                                                                                                                                                                        • Instruction ID: 073d3c1678a60229c64c0c0903f5875a5ddb2b632c913df1115d0dc3e5558a66
                                                                                                                                                                        • Opcode Fuzzy Hash: b4a9fb93aeffd8a9e016f8861177fa6345238ca5ca846a4b62d3c9ca57fab3a7
                                                                                                                                                                        • Instruction Fuzzy Hash: 0941E1B3B11A9486DB08CF91E958BAAB795FB49BD0F46D035EE1D4B748DA3CC4468700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2FCC Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 20c8d0589bec831213212e3f7cbf7ef1e433c42a2f360bed5577cb369c259f78
                                                                                                                                                                        • Instruction ID: 8a62c2476eef5538acd55cbf50c79cd55bdb10ffc36237718f3b8433e86f555e
                                                                                                                                                                        • Opcode Fuzzy Hash: 20c8d0589bec831213212e3f7cbf7ef1e433c42a2f360bed5577cb369c259f78
                                                                                                                                                                        • Instruction Fuzzy Hash: 5B415B21B1DA9181F758862698B5FBE6684AB66BD0F401176ED7E466CBCE2C90078700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1B22 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d6dd90a89ce78f8d45f28a40d9e8fe1b6b765d4ba78be16380ef703e1f29ca77
                                                                                                                                                                        • Instruction ID: 03cad82934bb63a5aa47784850c4507ea32bf9b3c29d21f4cdae4f4fa1ffa426
                                                                                                                                                                        • Opcode Fuzzy Hash: d6dd90a89ce78f8d45f28a40d9e8fe1b6b765d4ba78be16380ef703e1f29ca77
                                                                                                                                                                        • Instruction Fuzzy Hash: 3151C173B242A09BD3968B1A9668D7C3BB0F349746F804126EB9487385CB3DB531DF50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABCC7D0 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: b74434e6aa90bdce6413021d468f3d842a0f8ac57f3fed7a6fcf81888fbc3070
                                                                                                                                                                        • Instruction ID: e70e497514102b011e45e5c89234a4610a5fe54e502217bcec57300eb83186a8
                                                                                                                                                                        • Opcode Fuzzy Hash: b74434e6aa90bdce6413021d468f3d842a0f8ac57f3fed7a6fcf81888fbc3070
                                                                                                                                                                        • Instruction Fuzzy Hash: BE5150739146548B834DCB74E5ABE2A77B9F75C708346411ED30B8B690EB36A8A0CF48
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA54CA Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 14efd8d30a8620383b0e79dd59ab1c5b7501d8afd74394381d985a99d6e04e27
                                                                                                                                                                        • Instruction ID: 0fc66d76d36cb02aad6f32d3b1a477d63cd090056fc48dd5e4c0b9e1cefa78f9
                                                                                                                                                                        • Opcode Fuzzy Hash: 14efd8d30a8620383b0e79dd59ab1c5b7501d8afd74394381d985a99d6e04e27
                                                                                                                                                                        • Instruction Fuzzy Hash: E151A7336097C189C31ACF39E41406EBFF0EB19F98F598056DBD94A64BD939D645D700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA144C Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 3a1182903bee9b7a27cb63d3a20abcca90ffd1180783f80a8cd9b9aedfbdbf3c
                                                                                                                                                                        • Instruction ID: c63c0c465b6d9e9080611dcda80ec7c2ef492e14e0251d5653d2fa5f804afdfa
                                                                                                                                                                        • Opcode Fuzzy Hash: 3a1182903bee9b7a27cb63d3a20abcca90ffd1180783f80a8cd9b9aedfbdbf3c
                                                                                                                                                                        • Instruction Fuzzy Hash: F641B2133193C94BEB728B69641029FAF71E716740F485476DBDA07B87CA2CE646D350
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA213F Relevance: .1, Instructions: 113COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: e4107bbf735f91f2b7c5bb607433a89c45eb3ce9f042368fa393681f19f6c0c5
                                                                                                                                                                        • Instruction ID: 4ee6e56ed786500a8b431e446598e7f038c75e99290daca2b149c86aaf042ee7
                                                                                                                                                                        • Opcode Fuzzy Hash: e4107bbf735f91f2b7c5bb607433a89c45eb3ce9f042368fa393681f19f6c0c5
                                                                                                                                                                        • Instruction Fuzzy Hash: 79413011B0D75294FF69AA664020D7962E4AF44F90F4A04B4EE3D4B7CADE3CE886D394
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1299 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 24f010ea10d87ed0f317818c8fe6d74d42e3d08d1fdfa25a44f37d4d3028d5e1
                                                                                                                                                                        • Instruction ID: 83c333eb94fd5cb194c312731ac5ffae74020201377d205781dbb55cc88d2103
                                                                                                                                                                        • Opcode Fuzzy Hash: 24f010ea10d87ed0f317818c8fe6d74d42e3d08d1fdfa25a44f37d4d3028d5e1
                                                                                                                                                                        • Instruction Fuzzy Hash: 9B31A1223384A447F39C9B3D992672B6291E748790B48E535FF9BC7B85DD3DE9028740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA736A Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: fa6b3c4da8e76f20a067b5e0686a14633988b3a053e57c4eaa587954a81eacff
                                                                                                                                                                        • Instruction ID: 3b4a27bd851e5ea845da319f9b7ba0162bd90bf8759b34cfea7bc2ae82420f6b
                                                                                                                                                                        • Opcode Fuzzy Hash: fa6b3c4da8e76f20a067b5e0686a14633988b3a053e57c4eaa587954a81eacff
                                                                                                                                                                        • Instruction Fuzzy Hash: 7E418311E0CFD991E6174B3D80015A5B360FFAA388F15D723EEED32665EB26B6C69700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABDB200 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7fca9b6a075317aea0b53f7282f0756d0f32c20695e67cee59560f4fcd1ba869
                                                                                                                                                                        • Instruction ID: add6514476a6e93cb26baff0d623849a47b1f0714cc224844935e41cd3c7c996
                                                                                                                                                                        • Opcode Fuzzy Hash: 7fca9b6a075317aea0b53f7282f0756d0f32c20695e67cee59560f4fcd1ba869
                                                                                                                                                                        • Instruction Fuzzy Hash: 0031F9B7B215088B835CCF2CC854E1836A6E7AD7303698338AA79C77D1E632DD168B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABE0300 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7fca9b6a075317aea0b53f7282f0756d0f32c20695e67cee59560f4fcd1ba869
                                                                                                                                                                        • Instruction ID: add6514476a6e93cb26baff0d623849a47b1f0714cc224844935e41cd3c7c996
                                                                                                                                                                        • Opcode Fuzzy Hash: 7fca9b6a075317aea0b53f7282f0756d0f32c20695e67cee59560f4fcd1ba869
                                                                                                                                                                        • Instruction Fuzzy Hash: 0031F9B7B215088B835CCF2CC854E1836A6E7AD7303698338AA79C77D1E632DD168B50
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA22FC Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 07669dcaead11e4931340cc79a8e1c7ed10ce0cfa608345c8128d0189fa1ca85
                                                                                                                                                                        • Instruction ID: c8f4ec9f4dda6ed9b4651475bf89d123d19906eb1f54466904f6e2d3890b9ed9
                                                                                                                                                                        • Opcode Fuzzy Hash: 07669dcaead11e4931340cc79a8e1c7ed10ce0cfa608345c8128d0189fa1ca85
                                                                                                                                                                        • Instruction Fuzzy Hash: 6A31052571899182F7588635A4B5BBE6385EB5ABD0F904276EA7D47BCACE2CE0078700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAABBD60 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 68ac0775dc30f38a570489319f63683b92d5c31ea8843212379d79efd49bd917
                                                                                                                                                                        • Instruction ID: 33c2f3e95fde070f0ec785a6686aa310456d1fc4a4865ac34ebf8dc317802615
                                                                                                                                                                        • Opcode Fuzzy Hash: 68ac0775dc30f38a570489319f63683b92d5c31ea8843212379d79efd49bd917
                                                                                                                                                                        • Instruction Fuzzy Hash: C8311E16E0CF9E21F623567980076722B006EB71D8501C73BBD9AF05B3D7927A85B633
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA69E7 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 0f797b01b13762a13c40d2bc7081beb66a8ecb38cb0659edd2c917edd1d2c5fb
                                                                                                                                                                        • Instruction ID: 08f990df1561ae6bc90dc86ed906efc541ea2d8f28c5c6612534fa2427e5951f
                                                                                                                                                                        • Opcode Fuzzy Hash: 0f797b01b13762a13c40d2bc7081beb66a8ecb38cb0659edd2c917edd1d2c5fb
                                                                                                                                                                        • Instruction Fuzzy Hash: 613184A2710ADA56E6248F95A424FDBA731F3497C4F59D226EFAD2B394CA3CE511C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAABF060 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 431b0cce88c67b035c579013af1d0ad80956c9d49ed1eaeddc619c3c6ed5a903
                                                                                                                                                                        • Instruction ID: 4b07e1b0c69968996844e0e5ec7335b60f8e6a6e94432398ecbce3a56b565d12
                                                                                                                                                                        • Opcode Fuzzy Hash: 431b0cce88c67b035c579013af1d0ad80956c9d49ed1eaeddc619c3c6ed5a903
                                                                                                                                                                        • Instruction Fuzzy Hash: 8931692AD2DFDB91F713873E6417515E614AFF3285E90E31FBAA830822FB119385A304
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAABC480 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 165343b3f803d3887f29b7eefaf3dab498cc3b01aef20d0588d9697677100d96
                                                                                                                                                                        • Instruction ID: 35d341ba1490a876b21df434c50fbb7eea4a9e59ea7a0b75d096500d37b5ae8e
                                                                                                                                                                        • Opcode Fuzzy Hash: 165343b3f803d3887f29b7eefaf3dab498cc3b01aef20d0588d9697677100d96
                                                                                                                                                                        • Instruction Fuzzy Hash: 0431F825E04FBE21F62356BAC0075622A00DDB7FD8A05E71BBD98F0593DFB15E88A211
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA560F Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: d0a265494cc289f792e04f4adcf76948caeccfd8dec12919cc2fa2921aa5721d
                                                                                                                                                                        • Instruction ID: 31a0c97bee28e33ee64ad6f13079c109594ba9ad7b3d05ddc9cc6128516eb7b3
                                                                                                                                                                        • Opcode Fuzzy Hash: d0a265494cc289f792e04f4adcf76948caeccfd8dec12919cc2fa2921aa5721d
                                                                                                                                                                        • Instruction Fuzzy Hash: 12312876A18F8585EB10CB26F84054AB7A4FB99790F549326FEDC63F28DB38E0508B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAABF200 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 894b0bca0b57870562596fbc21cdd3e56a195e8c461054e93435bc2fd229c60a
                                                                                                                                                                        • Instruction ID: 2c258d4396ff5555c552c6b9334c13b848ff085d383b1a882303e63f1304aef2
                                                                                                                                                                        • Opcode Fuzzy Hash: 894b0bca0b57870562596fbc21cdd3e56a195e8c461054e93435bc2fd229c60a
                                                                                                                                                                        • Instruction Fuzzy Hash: 8B315965E19B4341F70E677C9422ABDB2006F96384F49D3B3E97C354DADF1CA58B6120
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1F96 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c56049ef55df1bed64075c7b2ee351ad48fcbcaa83dace2eab609ff0c5008b53
                                                                                                                                                                        • Instruction ID: 0a265903a336a997ef5342f184202cf4c2ea496a9fb21e4af6be5c153dd3bba5
                                                                                                                                                                        • Opcode Fuzzy Hash: c56049ef55df1bed64075c7b2ee351ad48fcbcaa83dace2eab609ff0c5008b53
                                                                                                                                                                        • Instruction Fuzzy Hash: A8010CC3B9908A037F5DD1E59C7BAB7455A835A7C8284F63AEE1BDF748E40CC2015140
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAABEF00 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ebab95500577ce37b1b2c874fa715f999f4a3419e051b64e36bc7016ad53c4e1
                                                                                                                                                                        • Instruction ID: 5b199d05943c6954735baceace1f42edfb4c189dcbbced163594756b8d6a063f
                                                                                                                                                                        • Opcode Fuzzy Hash: ebab95500577ce37b1b2c874fa715f999f4a3419e051b64e36bc7016ad53c4e1
                                                                                                                                                                        • Instruction Fuzzy Hash: FA21172AD2DFDB51F713833E5407615D6009FF3285E90E72FBDA834C66E71547816218
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAABBF20 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: c3f98d9e5306d07fe8af27d0ff221f34ffd1b350a3616510dad9dc81ff8bcabe
                                                                                                                                                                        • Instruction ID: 9efb14940893a86cc99256c01dbbfd088b3b051810f072bb3ef76d1e19dc3bc9
                                                                                                                                                                        • Opcode Fuzzy Hash: c3f98d9e5306d07fe8af27d0ff221f34ffd1b350a3616510dad9dc81ff8bcabe
                                                                                                                                                                        • Instruction Fuzzy Hash: D9110D15D0CF9E21F663457A800796166006EB71E8900DB3BBD9AF05B3D753B9817A32
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAABC620 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 4a05bc55b2066a7187323e953b078a103b482693bcdf281379c1a7783cf3f727
                                                                                                                                                                        • Instruction ID: 54ffe3e11799cf8f7a430a8c9485b5bbeea782a2f6af4b0a43ad698953ca6d16
                                                                                                                                                                        • Opcode Fuzzy Hash: 4a05bc55b2066a7187323e953b078a103b482693bcdf281379c1a7783cf3f727
                                                                                                                                                                        • Instruction Fuzzy Hash: 1B110A15D04FBE21F663457AC0079211600DEB7ED8900FB1BBD98F0693EFB159886210
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA710D Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 667a397946a3a5037185f5473f8c2ac103c19c82a33308ece0f0ef67371eb0bd
                                                                                                                                                                        • Instruction ID: 980d0ed00edd57eab6b945e54f343ac28d1910c7738cb7bf57ee397ca8ba2fff
                                                                                                                                                                        • Opcode Fuzzy Hash: 667a397946a3a5037185f5473f8c2ac103c19c82a33308ece0f0ef67371eb0bd
                                                                                                                                                                        • Instruction Fuzzy Hash: 670108EAC24FAA41E313633D6843286DA109FF3988520E307FDF834E55F70575D06220
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4241 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: ef918091fb096f7f3b15b52f56d1f20409e7fcd6a29bffb6e9c2c8edbbbe5802
                                                                                                                                                                        • Instruction ID: 17f711a20758e46e16a57336a47f534cab34bf9eacaa88ae8f34bd910ba0ee14
                                                                                                                                                                        • Opcode Fuzzy Hash: ef918091fb096f7f3b15b52f56d1f20409e7fcd6a29bffb6e9c2c8edbbbe5802
                                                                                                                                                                        • Instruction Fuzzy Hash: 5BF0E9327283E145C759CE366418F692DD19791BC8F52C030D90CC3F89F92ED5018B40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA572C Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 55c2a1e253ae0d4be43f02913abd1952e0faa7daf1409bf0e3cf9f60e9e50613
                                                                                                                                                                        • Instruction ID: c821cd0503e6f2b1813f9dd61e0239f1a3774e67ea8b96f2105924d63aa62a07
                                                                                                                                                                        • Opcode Fuzzy Hash: 55c2a1e253ae0d4be43f02913abd1952e0faa7daf1409bf0e3cf9f60e9e50613
                                                                                                                                                                        • Instruction Fuzzy Hash: ABE0DF767183A585C79ACE332128E792A91A314B85F83C070991DC3BCAEE2EC601CB80
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA5510 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: facf699ffab6e1cfd1b6e3877df3e380d04299735e128777ad5c88a7e3681a46
                                                                                                                                                                        • Instruction ID: 121889a9ab0b219e3992bef319e5e861e4ae66996397ba503f1622f434ca83af
                                                                                                                                                                        • Opcode Fuzzy Hash: facf699ffab6e1cfd1b6e3877df3e380d04299735e128777ad5c88a7e3681a46
                                                                                                                                                                        • Instruction Fuzzy Hash: 1BD0C989E09F5E02FD1685B19677FA346214DF33CC950E367BD1A7B855DB248580B100
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA32F6 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 7c56cf6a6487dceeb00cd67b5ea337eb2185dad23aeb4fdd049dd72e8a09a134
                                                                                                                                                                        • Instruction ID: 31fa9a0e19cb6a05d4ff54693c75b40b4e067aaf2c176158850d1ea04dedf83b
                                                                                                                                                                        • Opcode Fuzzy Hash: 7c56cf6a6487dceeb00cd67b5ea337eb2185dad23aeb4fdd049dd72e8a09a134
                                                                                                                                                                        • Instruction Fuzzy Hash: BDA002F8B1465639AF780261126177406431A483C69E294B094B9111888A1CA1909190
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAC540C0 Relevance: 49.7, APIs: 19, Strings: 14, Instructions: 223stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 666 7ffdfac540c0-7ffdfac540df call 7ffdfaaa1ef1 669 7ffdfac540e2-7ffdfac540ec 666->669 670 7ffdfac540ee-7ffdfac540f3 669->670 671 7ffdfac540f5-7ffdfac54101 669->671 670->669 670->671 672 7ffdfac54333 671->672 673 7ffdfac54107-7ffdfac54118 strcmp 671->673 676 7ffdfac54338-7ffdfac5434c 672->676 674 7ffdfac541b1-7ffdfac541c2 strcmp 673->674 675 7ffdfac5411e-7ffdfac5412f strcmp 673->675 677 7ffdfac541c4-7ffdfac541cb 674->677 678 7ffdfac54237-7ffdfac54248 strcmp 674->678 675->672 679 7ffdfac54135-7ffdfac54146 strcmp 675->679 682 7ffdfac541d0-7ffdfac541d7 677->682 680 7ffdfac54261-7ffdfac54272 strcmp 678->680 681 7ffdfac5424a-7ffdfac5425b strcmp 678->681 679->672 683 7ffdfac5414c 679->683 684 7ffdfac54274-7ffdfac54285 strcmp 680->684 685 7ffdfac5428b-7ffdfac5429c strcmp 680->685 681->672 681->680 682->682 686 7ffdfac541d9-7ffdfac541dc 682->686 687 7ffdfac54153-7ffdfac5415a 683->687 684->672 684->685 688 7ffdfac5429e-7ffdfac542af strcmp 685->688 689 7ffdfac542b5-7ffdfac542c6 strcmp 685->689 690 7ffdfac541de-7ffdfac541f6 strcmp 686->690 691 7ffdfac541aa-7ffdfac541ac 686->691 687->687 692 7ffdfac5415c-7ffdfac5415f 687->692 688->672 688->689 693 7ffdfac542db-7ffdfac542ec strcmp 689->693 694 7ffdfac542c8-7ffdfac542d9 strcmp 689->694 690->691 695 7ffdfac541f8-7ffdfac541ff 690->695 691->676 692->691 696 7ffdfac54161-7ffdfac54179 strcmp 692->696 697 7ffdfac54301-7ffdfac5431b strcmp 693->697 698 7ffdfac542ee-7ffdfac542ff strcmp 693->698 694->672 694->693 695->691 699 7ffdfac54201-7ffdfac54205 695->699 696->691 700 7ffdfac5417b-7ffdfac54182 696->700 702 7ffdfac5434d-7ffdfac5435e strcmp 697->702 703 7ffdfac5431d-7ffdfac5431f 697->703 698->672 698->697 699->691 701 7ffdfac54207-7ffdfac5421a call 7ffdfaaa4e7b 699->701 700->691 704 7ffdfac54184-7ffdfac54188 700->704 701->691 720 7ffdfac5421c-7ffdfac54232 call 7ffdfaaa245a 701->720 705 7ffdfac54360 702->705 706 7ffdfac54378-7ffdfac54390 strcmp 702->706 708 7ffdfac54320-7ffdfac5432b 703->708 704->691 709 7ffdfac5418a-7ffdfac5419a call 7ffdfaaa4e7b 704->709 710 7ffdfac54363-7ffdfac5436e 705->710 711 7ffdfac54392-7ffdfac54395 706->711 712 7ffdfac543b8-7ffdfac543bb 706->712 708->702 714 7ffdfac5432d-7ffdfac54331 708->714 709->691 721 7ffdfac5419c-7ffdfac541a4 709->721 710->706 717 7ffdfac54370-7ffdfac54374 710->717 718 7ffdfac543a0-7ffdfac543ab 711->718 719 7ffdfac543c0-7ffdfac543cb 712->719 714->672 714->708 717->710 722 7ffdfac54376 717->722 718->712 723 7ffdfac543ad-7ffdfac543b1 718->723 719->691 724 7ffdfac543d1-7ffdfac543d5 719->724 720->676 721->672 721->691 722->672 723->718 726 7ffdfac543b3 723->726 724->719 727 7ffdfac543d7-7ffdfac543da 724->727 726->672 729 7ffdfac543e0-7ffdfac543eb 727->729 730 7ffdfac543ed-7ffdfac543f1 729->730 731 7ffdfac543f7-7ffdfac543fd 729->731 730->729 732 7ffdfac543f3 730->732 731->676 732->731
                                                                                                                                                                        APIs
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC54111
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC54128
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC5413F
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC54172
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC541BB
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC541EF
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC54241
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC54254
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC5426B
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC5427E
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC54295
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC542A8
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC542BF
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC542D2
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC542E5
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC542F8
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC5430B
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC54357
                                                                                                                                                                        • strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00007FFDFAC54D03,?,?,?,?,?,?,?,?,00007FFDFAC52D3B), ref: 00007FFDFAC54382
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strcmp
                                                                                                                                                                        • String ID: ANY PRIVATE KEY$CERTIFICATE$CERTIFICATE REQUEST$CMS$DH PARAMETERS$ENCRYPTED PRIVATE KEY$NEW CERTIFICATE REQUEST$PARAMETERS$PKCS #7 SIGNED DATA$PKCS7$PRIVATE KEY$TRUSTED CERTIFICATE$X509 CERTIFICATE$X9.42 DH PARAMETERS
                                                                                                                                                                        • API String ID: 1004003707-1119032718
                                                                                                                                                                        • Opcode ID: 88557610c1077b526ed49270ffd766f7b77ef80781f962a522a209ea931fc564
                                                                                                                                                                        • Instruction ID: a314a700d6e2b9e7a829b9b0a92ad0d58692eca6e98338d95473efa2ddc25997
                                                                                                                                                                        • Opcode Fuzzy Hash: 88557610c1077b526ed49270ffd766f7b77ef80781f962a522a209ea931fc564
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F91EF19F1C64388FB5C5B299A70A7C26A3DF55BD4F4450B0E9BE872DEEE5CE4458200
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1B77 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 204stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 936 7ffdfaaa1b77-7ffdfac53326 call 7ffdfaaa1ef1 940 7ffdfac5332c-7ffdfac53331 936->940 941 7ffdfac535b8 936->941 940->941 942 7ffdfac53337-7ffdfac53339 940->942 943 7ffdfac535bd-7ffdfac535d5 941->943 942->941 944 7ffdfac5333f-7ffdfac53352 strncmp 942->944 945 7ffdfac53354-7ffdfac53370 call 7ffdfaaa4057 944->945 946 7ffdfac5337c-7ffdfac53396 strspn 944->946 948 7ffdfac53375-7ffdfac53377 945->948 946->948 949 7ffdfac53398-7ffdfac533a2 946->949 948->943 949->948 950 7ffdfac533a4-7ffdfac533cf strspn strncmp 949->950 951 7ffdfac535ec-7ffdfac5360e call 7ffdfaaa4057 950->951 952 7ffdfac533d5-7ffdfac533ec strspn 950->952 951->943 952->951 954 7ffdfac533f2-7ffdfac53408 strspn 952->954 956 7ffdfac53431-7ffdfac5344a strncmp 954->956 957 7ffdfac5340a-7ffdfac5342c call 7ffdfaaa4057 954->957 958 7ffdfac53473-7ffdfac534cc strspn strcspn call 7ffdfaaa211c strspn 956->958 959 7ffdfac5344c-7ffdfac5346e call 7ffdfaaa4057 956->959 957->943 966 7ffdfac534f3-7ffdfac534fd call 7ffdfaaa1ad2 958->966 967 7ffdfac534ce-7ffdfac534ee call 7ffdfaaa4057 958->967 959->943 972 7ffdfac534ff-7ffdfac53507 966->972 973 7ffdfac53530 966->973 967->943 975 7ffdfac5355b-7ffdfac53568 call 7ffdfaaa1ad2 972->975 976 7ffdfac53509-7ffdfac5352b call 7ffdfaaa4057 972->976 974 7ffdfac53532-7ffdfac53535 973->974 973->975 974->975 978 7ffdfac53537-7ffdfac53559 call 7ffdfaaa4057 974->978 984 7ffdfac5356a-7ffdfac53573 memset 975->984 985 7ffdfac53578-7ffdfac5357c 975->985 976->943 978->943 984->985 985->941 986 7ffdfac5357e 985->986 987 7ffdfac53580-7ffdfac5358d call 7ffdfaaa6131 986->987 990 7ffdfac5358f-7ffdfac53596 987->990 991 7ffdfac535d6-7ffdfac535e3 987->991 992 7ffdfac5359b-7ffdfac535b6 990->992 993 7ffdfac53598 990->993 991->951 992->941 992->987 993->992
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strspn$strncmp
                                                                                                                                                                        • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                                                                                                                                                        • API String ID: 1384302209-3505811795
                                                                                                                                                                        • Opcode ID: 7985cfdb996600f2f998fb0a24256cf60aa534b4d69326ebc210f6f3ee5533b5
                                                                                                                                                                        • Instruction ID: ebdff03a88d3382804dfbfa5279c852da2705800d6bc4225c1e4e6f0df62a11d
                                                                                                                                                                        • Opcode Fuzzy Hash: 7985cfdb996600f2f998fb0a24256cf60aa534b4d69326ebc210f6f3ee5533b5
                                                                                                                                                                        • Instruction Fuzzy Hash: 5591B161B1C6439AEB188B25D87497D37A1EF00784F8040B4EA6E477D9EF7CE94AD740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4E3F Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 205registryfileCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1443 7ffdfaaa4e3f-7ffdfabade10 call 7ffdfaaa1ef1 GetStdHandle 1447 7ffdfabade84-7ffdfabadea5 call 7ffdfabae290 1443->1447 1448 7ffdfabade12-7ffdfabade1d GetFileType 1443->1448 1454 7ffdfabadea7 1447->1454 1455 7ffdfabadeb1-7ffdfabadeca call 7ffdfaaa1ef1 1447->1455 1448->1447 1449 7ffdfabade1f-7ffdfabade7f call 7ffdfaaa12ee __stdio_common_vsprintf WriteFile 1448->1449 1457 7ffdfabae0fe-7ffdfabae11c call 7ffdfaaa3a76 1449->1457 1454->1455 1460 7ffdfabaded8-7ffdfabadeee MultiByteToWideChar 1455->1460 1461 7ffdfabadecc-7ffdfabaded3 1455->1461 1464 7ffdfabadfcd-7ffdfabadfd3 1460->1464 1465 7ffdfabadef4-7ffdfabadefa 1460->1465 1463 7ffdfabae04b-7ffdfabae08b call 7ffdfaaa12ee __stdio_common_vswprintf call 7ffdfaaa23d3 1461->1463 1483 7ffdfabae0e7-7ffdfabae0f8 MessageBoxW 1463->1483 1484 7ffdfabae08d-7ffdfabae0a0 RegisterEventSourceW 1463->1484 1464->1463 1469 7ffdfabadfd5-7ffdfabadfee 1464->1469 1467 7ffdfabadf00-7ffdfabadf04 1465->1467 1468 7ffdfabadfad-7ffdfabadfb0 1465->1468 1472 7ffdfabadf0a-7ffdfabadf23 1467->1472 1473 7ffdfabadfb2-7ffdfabadfb9 1467->1473 1468->1464 1468->1473 1470 7ffdfabadff0-7ffdfabadff6 1469->1470 1474 7ffdfabadff8-7ffdfabae009 1470->1474 1475 7ffdfabae043-7ffdfabae049 1470->1475 1477 7ffdfabadf25-7ffdfabadf28 1472->1477 1478 7ffdfabadf2e-7ffdfabadf48 1472->1478 1479 7ffdfabadfc0-7ffdfabadfcb 1473->1479 1474->1475 1480 7ffdfabae00b-7ffdfabae01f 1474->1480 1475->1463 1475->1470 1477->1478 1477->1479 1482 7ffdfabadf50-7ffdfabadfab 1478->1482 1479->1468 1480->1475 1482->1468 1482->1482 1483->1457 1484->1457 1485 7ffdfabae0a2-7ffdfabae0e5 ReportEventW DeregisterEventSource 1484->1485 1485->1457
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Event$FileSource$ByteCharDeregisterHandleMultiRegisterReportTypeWideWrite__stdio_common_vsprintf__stdio_common_vswprintf
                                                                                                                                                                        • String ID: $OpenSSL$OpenSSL: FATAL$no stack?
                                                                                                                                                                        • API String ID: 2603057392-2963566556
                                                                                                                                                                        • Opcode ID: f345fe9751aee154af01c3e1e6d1fa697fd8000db767964d7236d7de487c6ed0
                                                                                                                                                                        • Instruction ID: 2a4ea35b70ec2a45d40e768a4e2b1d216babcbf68c72722607e1d5107034bbc7
                                                                                                                                                                        • Opcode Fuzzy Hash: f345fe9751aee154af01c3e1e6d1fa697fd8000db767964d7236d7de487c6ed0
                                                                                                                                                                        • Instruction Fuzzy Hash: 1591E532B08B8285EB249F24D860AB93760FF45B94F844675EA6D0BBD9EF3CD655C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1C1C Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 267stringCOMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        • Executed
                                                                                                                                                                        • Not Executed
                                                                                                                                                                        control_flow_graph 1486 7ffdfaaa1c1c-7ffdfab51adc call 7ffdfaaa1ef1 1490 7ffdfab51ae1-7ffdfab51aec call 7ffdfab535a0 1486->1490 1491 7ffdfab51ade 1486->1491 1494 7ffdfab51aee-7ffdfab51b1b call 7ffdfaaa4057 1490->1494 1495 7ffdfab51b1c-7ffdfab51b66 call 7ffdfaaa58df call 7ffdfaaa1fc3 1490->1495 1491->1490 1502 7ffdfab51eef-7ffdfab51f04 call 7ffdfaaa3a67 1495->1502 1503 7ffdfab51b6c-7ffdfab51b73 1495->1503 1512 7ffdfab51f0c-7ffdfab51f1d call 7ffdfaaa4057 1502->1512 1503->1502 1505 7ffdfab51b79-7ffdfab51b8a strcmp 1503->1505 1507 7ffdfab51e52-7ffdfab51e63 strcmp 1505->1507 1508 7ffdfab51b90-7ffdfab51bbd call 7ffdfaaa58df call 7ffdfaaa1fc3 1505->1508 1510 7ffdfab51ec0-7ffdfab51edd call 7ffdfaaa3a67 call 7ffdfab52cb0 1507->1510 1511 7ffdfab51e65-7ffdfab51e76 strcmp 1507->1511 1526 7ffdfab51bc3-7ffdfab51bca 1508->1526 1527 7ffdfab51e30-7ffdfab51e4d call 7ffdfaaa3a67 1508->1527 1522 7ffdfab51f24-7ffdfab51f47 1510->1522 1532 7ffdfab51edf-7ffdfab51eed 1510->1532 1511->1510 1515 7ffdfab51e78-7ffdfab51ebe call 7ffdfaaa4057 call 7ffdfaaa688e call 7ffdfaaa3a67 1511->1515 1517 7ffdfab51f22 1512->1517 1515->1517 1517->1522 1526->1527 1530 7ffdfab51bd0-7ffdfab51bfb call 7ffdfab53980 call 7ffdfaaa3a67 1526->1530 1527->1512 1540 7ffdfab51c01-7ffdfab51c0c call 7ffdfaaa6226 1530->1540 1541 7ffdfab51dfa-7ffdfab51e2b call 7ffdfaaa4057 call 7ffdfaaa3a67 1530->1541 1532->1512 1540->1541 1547 7ffdfab51c12-7ffdfab51c2e call 7ffdfaaa1fc3 call 7ffdfab535a0 1540->1547 1541->1517 1553 7ffdfab51c64-7ffdfab51c8f call 7ffdfaaa58df call 7ffdfaaa1fc3 1547->1553 1554 7ffdfab51c30-7ffdfab51c5f call 7ffdfaaa4057 call 7ffdfaaa3a67 1547->1554 1563 7ffdfab51c95-7ffdfab51c9c 1553->1563 1564 7ffdfab51db6-7ffdfab51df5 call 7ffdfaaa3a67 call 7ffdfaaa4057 call 7ffdfaaa3a67 1553->1564 1554->1517 1563->1564 1565 7ffdfab51ca2-7ffdfab51cb3 strcmp 1563->1565 1564->1517 1567 7ffdfab51d22-7ffdfab51d42 call 7ffdfaaa3a67 call 7ffdfab52cb0 1565->1567 1568 7ffdfab51cb5-7ffdfab51cc6 strcmp 1565->1568 1583 7ffdfab51d44-7ffdfab51d73 call 7ffdfaaa4057 call 7ffdfaaa3a67 1567->1583 1584 7ffdfab51d78-7ffdfab51d7e 1567->1584 1568->1567 1572 7ffdfab51cc8-7ffdfab51d1d call 7ffdfaaa4057 call 7ffdfaaa688e call 7ffdfaaa3a67 * 2 1568->1572 1572->1517 1583->1517 1585 7ffdfab51da2-7ffdfab51db1 call 7ffdfaaa3a67 1584->1585 1586 7ffdfab51d80-7ffdfab51d9d call 7ffdfaaa1fc3 call 7ffdfaaa50bf call 7ffdfaaa697e 1584->1586 1585->1522 1586->1522
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strcmp$strncmp
                                                                                                                                                                        • String ID: ..\s\crypto\asn1\asn_mime.c$application/pkcs7-mime$application/pkcs7-signature$application/x-pkcs7-mime$application/x-pkcs7-signature$boundary$content-type$multipart/signed$type:
                                                                                                                                                                        • API String ID: 1244041713-3630080479
                                                                                                                                                                        • Opcode ID: 7ebc3a45523df780ecbf5d5eee50afa3b023d1eb5b1fbd1f84c6fabd0e5d4c90
                                                                                                                                                                        • Instruction ID: 92795076ebc92c998df18401312bc2ac7279468d999b5928ece62c481b84f63b
                                                                                                                                                                        • Opcode Fuzzy Hash: 7ebc3a45523df780ecbf5d5eee50afa3b023d1eb5b1fbd1f84c6fabd0e5d4c90
                                                                                                                                                                        • Instruction Fuzzy Hash: 2CC19F25B0878285FB18EB12A460EB973A1AF45784F8480B1ED6E0B7CDDF3DE54AD710
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1F69 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 135COMMON
                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\rand\randfile.c$Filename=$i
                                                                                                                                                                        • API String ID: 0-1799673945
                                                                                                                                                                        • Opcode ID: d7f36f4794d6ba907c6c513c1f62da698ca1f3092e5ade115dbaf2aa9cf71f1b
                                                                                                                                                                        • Instruction ID: 25d60a87445adb2bd600ba68634300f3dfcec0fd9d3eccbc666b57c5c72771cd
                                                                                                                                                                        • Opcode Fuzzy Hash: d7f36f4794d6ba907c6c513c1f62da698ca1f3092e5ade115dbaf2aa9cf71f1b
                                                                                                                                                                        • Instruction Fuzzy Hash: F7519065B0CA4686F728DB55D8A0ABE33A1EF85B80F4401B6D92D077DDEF3CE9068700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA7207 Relevance: 16.7, APIs: 4, Strings: 7, Instructions: 159stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strchr
                                                                                                                                                                        • String ID: ..\s\crypto\ocsp\ocsp_lib.c$/$/$443$[$http$https
                                                                                                                                                                        • API String ID: 2830005266-535551730
                                                                                                                                                                        • Opcode ID: a8318d1881b0d8cdf11a3fa592aafedcee6c195215a9fff3506a0abcbceb07e1
                                                                                                                                                                        • Instruction ID: c79b18e4dfdf6434037c82e09d942fd9cb13f35686deb917425aabd0428428d7
                                                                                                                                                                        • Opcode Fuzzy Hash: a8318d1881b0d8cdf11a3fa592aafedcee6c195215a9fff3506a0abcbceb07e1
                                                                                                                                                                        • Instruction Fuzzy Hash: C4618C29B0DB4284FB59DF15D820A793BA0EB45B84F4880B6DE6D073D9EE7DE649C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA32AB Relevance: 16.6, APIs: 5, Strings: 6, Instructions: 127stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: atoi$strcmp
                                                                                                                                                                        • String ID: ..\s\crypto\ts\ts_conf.c$accuracy$microsecs$millisecs$p$secs
                                                                                                                                                                        • API String ID: 4175852868-1596076588
                                                                                                                                                                        • Opcode ID: ae98376ed62e7f2547e13ed3231a9dc688f41d63b3bfb75b3373190d81aa6424
                                                                                                                                                                        • Instruction ID: e171de2f5a58c5a1ca6f487b4fe1d41e1e165fb3e3902e9cf91dab0ed770295f
                                                                                                                                                                        • Opcode Fuzzy Hash: ae98376ed62e7f2547e13ed3231a9dc688f41d63b3bfb75b3373190d81aa6424
                                                                                                                                                                        • Instruction Fuzzy Hash: D851A426B1864796EB0C9B259820DB93790FF48B88F4044B5DD2E0B7DDEF3CE54A8640
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA23D3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 94libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: InformationObjectUser$AddressErrorHandleLastModuleProcProcessStationWindowwcsstr
                                                                                                                                                                        • String ID: Service-0x$_OPENSSL_isservice
                                                                                                                                                                        • API String ID: 459917433-1672312481
                                                                                                                                                                        • Opcode ID: b0e2507b54a2fee0f286af568643ff84d15fb4472f624db1291a1182b8891a4e
                                                                                                                                                                        • Instruction ID: bfd4941fe77f37a81893b9b5ed7cf71b4a2cb1a91c46579455f386d0e8c097bb
                                                                                                                                                                        • Opcode Fuzzy Hash: b0e2507b54a2fee0f286af568643ff84d15fb4472f624db1291a1182b8891a4e
                                                                                                                                                                        • Instruction Fuzzy Hash: 09412F21B09B8296EB589F24D860BB82390FF447B4B884775E97D4B7E8EF3CE5548300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFABACB60 Relevance: 15.2, APIs: 1, Strings: 9, Instructions: 238stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                        • String ID: %-8d$, path=$, retcode=$, value=$..\s\crypto\conf\conf_mod.c$OPENSSL_finish$OPENSSL_init$module=$path
                                                                                                                                                                        • API String ID: 1114863663-3652895664
                                                                                                                                                                        • Opcode ID: 328974a9d0dd05278137339c314be4e945527353f66c5ff622b00b876df73be2
                                                                                                                                                                        • Instruction ID: 3c0a42d445ed900297895ec9b096de2e83bab68b50a0323cbb34aa6e15f74a10
                                                                                                                                                                        • Opcode Fuzzy Hash: 328974a9d0dd05278137339c314be4e945527353f66c5ff622b00b876df73be2
                                                                                                                                                                        • Instruction Fuzzy Hash: 3BA18E61B0865281FB6C9B51A924AB97390EF49BC4F8441B5DD2D0FBEDEF3CE54A8700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4B3D Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 127stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                        • String ID: , value=$..\s\crypto\x509v3\v3_conf.c$/$ASN1:$DER:$critical,$name=
                                                                                                                                                                        • API String ID: 1114863663-1429737502
                                                                                                                                                                        • Opcode ID: fa9dcb5958271daa3e2a324d8ca326ef0272130a5644930e9fe95100a0dccc46
                                                                                                                                                                        • Instruction ID: bb424a7cf7ad29854122852c4ac13ee8c0d2763f4e7ba0ede5a821c69e4fb38d
                                                                                                                                                                        • Opcode Fuzzy Hash: fa9dcb5958271daa3e2a324d8ca326ef0272130a5644930e9fe95100a0dccc46
                                                                                                                                                                        • Instruction Fuzzy Hash: B041CF6AB08A8641EB189B22AD20A7EA6A0FF45BD4F0841B5DD7D077DDEF3CE5058700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA41D8 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117networkCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastsetsockopt
                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock2.c$o
                                                                                                                                                                        • API String ID: 1729277954-1872632005
                                                                                                                                                                        • Opcode ID: 34993e59505dbed600dca64135d27a9ba0d4750b564e5c6ba914b5e12530ade6
                                                                                                                                                                        • Instruction ID: 22b7282432b64bb15e9281bed06645d8049df6e71bfa3857e095ba07fb0dc8cd
                                                                                                                                                                        • Opcode Fuzzy Hash: 34993e59505dbed600dca64135d27a9ba0d4750b564e5c6ba914b5e12530ade6
                                                                                                                                                                        • Instruction Fuzzy Hash: 0051A031B1854286E7289F21E824ABD77B0FB80784F4441B9E6690BBDDDF3DE50ACB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1D48 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99libraryloaderCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: HandleModule$AddressProc
                                                                                                                                                                        • String ID: OPENSSL_Applink$OPENSSL_Uplink(%p,%02X): $_ssl.pyd$_ssl_d.pyd
                                                                                                                                                                        • API String ID: 1883125708-1130596517
                                                                                                                                                                        • Opcode ID: c4aead17072fba216eea99f021f7cf45f47fd7f2a5a9cbf259b3f8ced4e703a5
                                                                                                                                                                        • Instruction ID: 34fd05c4b4aeecdb65730d297f5d9f5cff468de14e14c05a8065b960a3090831
                                                                                                                                                                        • Opcode Fuzzy Hash: c4aead17072fba216eea99f021f7cf45f47fd7f2a5a9cbf259b3f8ced4e703a5
                                                                                                                                                                        • Instruction Fuzzy Hash: B4515829E08B4281E7198F24ED6097823A0FF58768B4557B5E97C132EAFF7CA6D08700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3779 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 85stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strcmpstrncmpstrtoul
                                                                                                                                                                        • String ID: MASK:$default$nombstr$pkix$utf8only
                                                                                                                                                                        • API String ID: 1175158921-3483942737
                                                                                                                                                                        • Opcode ID: a21ae9ee1a6a80a1cd62bd08bae20b9b71c674710c0f9c2fb243c96c79f53681
                                                                                                                                                                        • Instruction ID: c263e1bef7f0c53cc608dfb37f19cb275b76df2dd90548a4061e6d287de321d2
                                                                                                                                                                        • Opcode Fuzzy Hash: a21ae9ee1a6a80a1cd62bd08bae20b9b71c674710c0f9c2fb243c96c79f53681
                                                                                                                                                                        • Instruction Fuzzy Hash: FF314C26B1858392EB594F2CE460BB83760EB44750F8442B2EB7D476D9EF1CE994C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA60D2 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: Fiber$Switch$CreateDeletememmove
                                                                                                                                                                        • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                        • API String ID: 81049052-1471988776
                                                                                                                                                                        • Opcode ID: 40f06b43fbc30a05a482f3e3b11576d9dfc5ae25777a8524cf6d1b26ae7016b1
                                                                                                                                                                        • Instruction ID: 0d173ac1f9def965edbf3c24c369a31a0c08a308d0c4e8c3d98481d560400b26
                                                                                                                                                                        • Opcode Fuzzy Hash: 40f06b43fbc30a05a482f3e3b11576d9dfc5ae25777a8524cf6d1b26ae7016b1
                                                                                                                                                                        • Instruction Fuzzy Hash: FCA17F36B09A4281EB28DF15E860ABC73A0EF44B84F4440B5DAAD477D9EF3CE55AC700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFACA23E0 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 190stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memsetstrncpy
                                                                                                                                                                        • String ID: , failure codes: $, status text: $..\s\crypto\ts\ts_rsp_verify.c$status code: $unknown code$unspecified
                                                                                                                                                                        • API String ID: 388311670-2553778726
                                                                                                                                                                        • Opcode ID: 06e949da8f358eb90edf0a53e514aba080c43a51bb511aabf86b07503dcb7183
                                                                                                                                                                        • Instruction ID: 1a82943617253c4801a728737bccf298ead1e10922e8d676f5a455a0094281ca
                                                                                                                                                                        • Opcode Fuzzy Hash: 06e949da8f358eb90edf0a53e514aba080c43a51bb511aabf86b07503dcb7183
                                                                                                                                                                        • Instruction Fuzzy Hash: 8681C325B0DA9286EB18DB11A970BBD73A0FF85B80F444075DA6D4B7D9EF3CE44A9700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA54C5 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 121stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strchr$memmove
                                                                                                                                                                        • String ID: characters$ to $..\s\crypto\ui\ui_lib.c$You must type in
                                                                                                                                                                        • API String ID: 1080442166-3422546668
                                                                                                                                                                        • Opcode ID: 058cebb37ec07b436eb0b80b8ced75f7358d0c981b7b5530fb3ba3095bcba817
                                                                                                                                                                        • Instruction ID: 4081810b37b59ca3cef35d691ca2b8575184505b8c1a981488c6bf07b8299a83
                                                                                                                                                                        • Opcode Fuzzy Hash: 058cebb37ec07b436eb0b80b8ced75f7358d0c981b7b5530fb3ba3095bcba817
                                                                                                                                                                        • Instruction Fuzzy Hash: FC519F66B0868286EB298F24C470A7C37A0FB45B88F4441B6DAAD0B7DDDF3DE945C740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3CFC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                        • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                        • API String ID: 3017659097-909561481
                                                                                                                                                                        • Opcode ID: 3564a23d9009054fde0f4ae5454aa868b952d91882c1740c2338a73e89e2a2eb
                                                                                                                                                                        • Instruction ID: c98cf85b8a83f09ecb5fe67d60068b04cf21952ec7c12370d29b7e5dd0e2bf63
                                                                                                                                                                        • Opcode Fuzzy Hash: 3564a23d9009054fde0f4ae5454aa868b952d91882c1740c2338a73e89e2a2eb
                                                                                                                                                                        • Instruction Fuzzy Hash: D341BF32709A4296EB199B11E8609BD77A4FF88B88F404075DE5D0B79DEF3CE90AC700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2E46 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 91COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: EnvironmentVariable
                                                                                                                                                                        • String ID: OPENSSL_ia32cap$~$~$~$~
                                                                                                                                                                        • API String ID: 1431749950-1981414212
                                                                                                                                                                        • Opcode ID: f54770ac84b8c5300f15358e4cffcff24408fff1c96f1f72ed2546603f76ac2f
                                                                                                                                                                        • Instruction ID: 18902eae24d892e447351231df03017c5e599a644ae59a1950832c3d4714612b
                                                                                                                                                                        • Opcode Fuzzy Hash: f54770ac84b8c5300f15358e4cffcff24408fff1c96f1f72ed2546603f76ac2f
                                                                                                                                                                        • Instruction Fuzzy Hash: B3414925F0865786E7189B01A860AB823E4EB44B80FC442B5EA6D4B6DCEF3CE8858740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA39B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74fileCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _chmod_stat64i32fclosefwrite
                                                                                                                                                                        • String ID: ..\s\crypto\rand\randfile.c$Filename=
                                                                                                                                                                        • API String ID: 4260490851-2201148535
                                                                                                                                                                        • Opcode ID: a95ded9534ea7df868ca19642a373200ab91fdf834699646da2acd60deafdf5a
                                                                                                                                                                        • Instruction ID: a0f7ac7a4c6f9563ee0d4af04a9580aea68f4920a3e721728b790822d72d6f34
                                                                                                                                                                        • Opcode Fuzzy Hash: a95ded9534ea7df868ca19642a373200ab91fdf834699646da2acd60deafdf5a
                                                                                                                                                                        • Instruction Fuzzy Hash: 27315E65B0868696EB18DB65E860AB97391FF45B84F4040B6EA2D077D9EF3CE509CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA648D Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                        • String ID: ASN1:$DER:$critical,
                                                                                                                                                                        • API String ID: 1114863663-369496153
                                                                                                                                                                        • Opcode ID: ddb8bcea3cefd020a4e8a34bae29a66c7c6434e734eea52e0975a0b147bfa819
                                                                                                                                                                        • Instruction ID: 841dc2f2e85f4b0c4822735139f3b88449037e3ae585878da84d13323530ab23
                                                                                                                                                                        • Opcode Fuzzy Hash: ddb8bcea3cefd020a4e8a34bae29a66c7c6434e734eea52e0975a0b147bfa819
                                                                                                                                                                        • Instruction Fuzzy Hash: 6841BE26B0869651EB189B22AD60B7AB690EF04BD4F0840B5DD7E5B7DDEE3CE4058740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4DF4 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 108stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                        • String ID: ASN1:$DER:$critical,
                                                                                                                                                                        • API String ID: 1114863663-369496153
                                                                                                                                                                        • Opcode ID: 9dcb5025aebed33bc3ac4bc51b42553d44f8733820fabb1b2b7665fe447d2112
                                                                                                                                                                        • Instruction ID: e41aec5ff84c7daa60798e0e5aaf683fd83f3ab0e7e89384395fd66621eff1eb
                                                                                                                                                                        • Opcode Fuzzy Hash: 9dcb5025aebed33bc3ac4bc51b42553d44f8733820fabb1b2b7665fe447d2112
                                                                                                                                                                        • Instruction Fuzzy Hash: 5341E226B18A8241EB189F26AC60B7DA690FB44BD4F4441B0DD7E077DDEF3CE4068740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAB67060 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: getnameinfohtonsmemset
                                                                                                                                                                        • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                        • API String ID: 165288700-1606403076
                                                                                                                                                                        • Opcode ID: d2f848d746c8b10697f0348c3f562ec89d997c7dadc394e330dc32da209875ca
                                                                                                                                                                        • Instruction ID: 43d9a8e9d82601826fd2c0054b40c6c99f6035af16c486aec6dc994343015ffb
                                                                                                                                                                        • Opcode Fuzzy Hash: d2f848d746c8b10697f0348c3f562ec89d997c7dadc394e330dc32da209875ca
                                                                                                                                                                        • Instruction Fuzzy Hash: 1051A631B1868286FB289B11D430AB973B0EF40744F8440B6EBAD47ADDEF3DE9859750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1064 Relevance: 7.8, APIs: 2, Strings: 3, Instructions: 275stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmovestrncpy
                                                                                                                                                                        • String ID: ..\s\crypto\x509\x509_obj.c$0123456789ABCDEF$NO X509_NAME
                                                                                                                                                                        • API String ID: 3054264757-3422593365
                                                                                                                                                                        • Opcode ID: 9b9efaebcae82d5b25afce34890e7de1e927facac3b25ebeea1ebe1cac246e78
                                                                                                                                                                        • Instruction ID: 8ea7bf784751d4cc4d6c827e194a0caee8940e06da7733b3c98cb033ca36025e
                                                                                                                                                                        • Opcode Fuzzy Hash: 9b9efaebcae82d5b25afce34890e7de1e927facac3b25ebeea1ebe1cac246e78
                                                                                                                                                                        • Instruction Fuzzy Hash: 75B1E42AB08682C6EB188B16D460B7EB790EF44BD8F184176DA6E477CDDF7DE4158B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1762 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: $$..\s\crypto\rsa\rsa_sign.c
                                                                                                                                                                        • API String ID: 0-1864662394
                                                                                                                                                                        • Opcode ID: c751d3307513e39319ecf114557034e610dfcf687af4d694799f3e9cfe2fe3f8
                                                                                                                                                                        • Instruction ID: 91c1f851051c3a62b88f71f5537d493b7c839946ee8b66cbbed9ae9b85313923
                                                                                                                                                                        • Opcode Fuzzy Hash: c751d3307513e39319ecf114557034e610dfcf687af4d694799f3e9cfe2fe3f8
                                                                                                                                                                        • Instruction Fuzzy Hash: 38918C65B0C68286E7389B11E5A0BBD66A0FB44784F408075EEAD0BBCDDF7CE546C750
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1ED3 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID: ..\s\crypto\pem\pem_lib.c$;$Enter PEM pass phrase:
                                                                                                                                                                        • API String ID: 2162964266-3733131234
                                                                                                                                                                        • Opcode ID: bdc686fb8aba523b28e55b03942bb12ed9c37acd52b0f3eb95ac45e93db571c2
                                                                                                                                                                        • Instruction ID: dc90afe5777e1e76da580ded8e7a8ddb58281a217c5df41119356f5711b7d115
                                                                                                                                                                        • Opcode Fuzzy Hash: bdc686fb8aba523b28e55b03942bb12ed9c37acd52b0f3eb95ac45e93db571c2
                                                                                                                                                                        • Instruction Fuzzy Hash: E7718266B187828AE724DB21E860BAE73A1FB84794F400175EA6D47BCDDF3DD505CB04
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                        • API String ID: 0-2182492907
                                                                                                                                                                        • Opcode ID: a21e16a31418f07282d25edeaa0778b21aaeaf0b2f8f3a223d1cb19ff97c027d
                                                                                                                                                                        • Instruction ID: 36ec5df6ad33f9407c717da51db6404492819e0a43d5eb3df6eabc087a684eca
                                                                                                                                                                        • Opcode Fuzzy Hash: a21e16a31418f07282d25edeaa0778b21aaeaf0b2f8f3a223d1cb19ff97c027d
                                                                                                                                                                        • Instruction Fuzzy Hash: 82516E35B0964286EB68DB11D820AB977A1EF44784F8050B5DA6D4BBDDDF3DE50ACB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4E99 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: BIO[%p]: $bio callback - unknown type (%d)
                                                                                                                                                                        • API String ID: 0-3830480438
                                                                                                                                                                        • Opcode ID: 699163805d29df9977be80dd9ffb715912bd989fc9fb7757e887052be467a951
                                                                                                                                                                        • Instruction ID: 66cf8aac8fdac916c92f37df4330d31ff8a4f7f780adc830cd73acb92180dff3
                                                                                                                                                                        • Opcode Fuzzy Hash: 699163805d29df9977be80dd9ffb715912bd989fc9fb7757e887052be467a951
                                                                                                                                                                        • Instruction Fuzzy Hash: AC312662B0968196EB158B55AC64FFA77A0BF89784F4040B2EE1E877D9DE3CE4468300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3841 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 82COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock.c$J$host=
                                                                                                                                                                        • API String ID: 0-1729655730
                                                                                                                                                                        • Opcode ID: 01b0efafc7697a4f7d6a1a530da6b0f90e7318cc905d80235fe94a0ed0c4634c
                                                                                                                                                                        • Instruction ID: c53803436004debe2999e0dd57c379409c074e61eb10c69cf1d8cd82911949b9
                                                                                                                                                                        • Opcode Fuzzy Hash: 01b0efafc7697a4f7d6a1a530da6b0f90e7318cc905d80235fe94a0ed0c4634c
                                                                                                                                                                        • Instruction Fuzzy Hash: 7831A336B0868282EB18DB55F46096EB3A0FB85784F4400B5EB6D47BDEDF3DE5498B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastsocket
                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                                                                                                                                        • API String ID: 1120909799-2051290508
                                                                                                                                                                        • Opcode ID: 7734bc7eb848a8c2f13e03d8370f2b6d25dc2938cf9324aa6d1bac55b8e4a966
                                                                                                                                                                        • Instruction ID: 1e8d8c4829f9d9614d721268e342edc492de806277adaeb60cb8bbae18a4b84b
                                                                                                                                                                        • Opcode Fuzzy Hash: 7734bc7eb848a8c2f13e03d8370f2b6d25dc2938cf9324aa6d1bac55b8e4a966
                                                                                                                                                                        • Instruction Fuzzy Hash: 8801C031B1858283E7159B21E8109ADB2A0FB40794F5042B9F67C47BD9CF3DD9068B40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFACC99F0 Relevance: 6.5, APIs: 5, Instructions: 232COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memcmp
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 1475443563-0
                                                                                                                                                                        • Opcode ID: 06533f56ebbf768209d34c10d8a7c5afb5f4e7864eca73073be81a017dffc2ce
                                                                                                                                                                        • Instruction ID: d2e1367ffbb55654f8d9d8b1c6c53fe37d1a0a868fb072b29d14afb510205af2
                                                                                                                                                                        • Opcode Fuzzy Hash: 06533f56ebbf768209d34c10d8a7c5afb5f4e7864eca73073be81a017dffc2ce
                                                                                                                                                                        • Instruction Fuzzy Hash: FE91B969B1869785FB189B66D970EBD63A1BF807C4F415071DE1E5BACDEE38E805C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA643D Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 395COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memset
                                                                                                                                                                        • String ID: ..\s\crypto\sm2\sm2_crypt.c$@
                                                                                                                                                                        • API String ID: 2221118986-485510600
                                                                                                                                                                        • Opcode ID: e9862524d1ff96f566527fb32dfb355c57ce2c3c52bc228e4c09870db02e8ce1
                                                                                                                                                                        • Instruction ID: 90b04f789999af4bd9108e06c47700f8251f1473e13ebdaafc70f34315327da8
                                                                                                                                                                        • Opcode Fuzzy Hash: e9862524d1ff96f566527fb32dfb355c57ce2c3c52bc228e4c09870db02e8ce1
                                                                                                                                                                        • Instruction Fuzzy Hash: 2D026376708A82C2EB18DB16E4509AE77A1FB85B84F408175DE9D0BBD9EF3DE505CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA382D Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 226COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: )$..\s\crypto\evp\p5_crpt.c
                                                                                                                                                                        • API String ID: 0-3563398421
                                                                                                                                                                        • Opcode ID: a0ff16798964d517f23f621a694b9ffa1db1e9190bfdfc635015992b37e2d6c0
                                                                                                                                                                        • Instruction ID: 7ec9d1193db9677e804893c98e276c488ae67167f3a9aee9f58e07ae8c6da1d3
                                                                                                                                                                        • Opcode Fuzzy Hash: a0ff16798964d517f23f621a694b9ffa1db1e9190bfdfc635015992b37e2d6c0
                                                                                                                                                                        • Instruction Fuzzy Hash: 2791B56AB1C68396EB68DB219460ABE73D0EF85784F444071EE6D4BACDDF3CE5468700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA153C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID: ..\s\crypto\ct\ct_oct.c
                                                                                                                                                                        • API String ID: 2162964266-1972679481
                                                                                                                                                                        • Opcode ID: b885fa47e468da9b16c87dde5e70d81386f37443fae1ec03b6a383eb205fe392
                                                                                                                                                                        • Instruction ID: ff4242bc8403d248b800fd2184bbed1516dd5191ec5591dd99895cfeaace1b8f
                                                                                                                                                                        • Opcode Fuzzy Hash: b885fa47e468da9b16c87dde5e70d81386f37443fae1ec03b6a383eb205fe392
                                                                                                                                                                        • Instruction Fuzzy Hash: 3F71936270D69189E719CF3680205BC3BB0EB15B48F4441B6DEAD0B7CEEE2DE65AC710
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAB53980 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strncmp
                                                                                                                                                                        • String ID: content-type
                                                                                                                                                                        • API String ID: 1114863663-3266185539
                                                                                                                                                                        • Opcode ID: 9993c0ef518779a903614a9766ef975673d6a6566461ebac18f00c730ac575ac
                                                                                                                                                                        • Instruction ID: 5b9744d901306c2ad8852247506ca44c2f88b686ca2534926ddf3f5e090c4aa8
                                                                                                                                                                        • Opcode Fuzzy Hash: 9993c0ef518779a903614a9766ef975673d6a6566461ebac18f00c730ac575ac
                                                                                                                                                                        • Instruction Fuzzy Hash: 38511712B2CA8345FB6897269470B7A7290BF54B94F8452B0DE7D877CDEF2DD5068700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1C76 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 57stringCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: strcmp
                                                                                                                                                                        • String ID: ..\s\crypto\pem\pem_pkey.c$DH PARAMETERS$X9.42 DH PARAMETERS
                                                                                                                                                                        • API String ID: 1004003707-3633731555
                                                                                                                                                                        • Opcode ID: 030a65f3e35046576361d430bfd6d990099fe8f2133a894fb164c9d84277bcde
                                                                                                                                                                        • Instruction ID: cdf791848775ef6585b558d02ab27f61342117835996fb6751099753be3aea48
                                                                                                                                                                        • Opcode Fuzzy Hash: 030a65f3e35046576361d430bfd6d990099fe8f2133a894fb164c9d84277bcde
                                                                                                                                                                        • Instruction Fuzzy Hash: C521D125B08A82C5EB18DB10E4609AEB7A0EF84794F444171EAAC47BDDEF7CE149CB00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA4408 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 40COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmovememset
                                                                                                                                                                        • String ID: $$..\s\crypto\rsa\rsa_none.c
                                                                                                                                                                        • API String ID: 1288253900-779172340
                                                                                                                                                                        • Opcode ID: 38a7f707f1668c1bc20995bd0a57dced195f40200d2c2c45eace83041bad23b2
                                                                                                                                                                        • Instruction ID: 3f9d382962fa458da6d2c39fda2366917f58ff8b5f885d2e35f7f27b455a40ba
                                                                                                                                                                        • Opcode Fuzzy Hash: 38a7f707f1668c1bc20995bd0a57dced195f40200d2c2c45eace83041bad23b2
                                                                                                                                                                        • Instruction Fuzzy Hash: 9501D425B1824286E714DF26A99486DBB61EF84BD0F148170FBAC47BDEDF3CE6418740
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFB2B4068 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1918587756.00007FFDFADF1000.00000020.00000001.01000000.00000007.sdmp, Offset: 00007FFDFADF0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1918524100.00007FFDFADF0000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1919078257.00007FFDFB2BD000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1919334841.00007FFDFB3FC000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1919396762.00007FFDFB409000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1919484697.00007FFDFB40B000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1919547301.00007FFDFB40E000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfadf0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                        • Opcode ID: b9609afeda63a5527f2aa64bd41ebe1908b862c42ea318077f1b7df8a9acb3c6
                                                                                                                                                                        • Instruction ID: d1ee62d5461c723461d8527aca26b42485628df7058e9bc07fd17018112ad94c
                                                                                                                                                                        • Opcode Fuzzy Hash: b9609afeda63a5527f2aa64bd41ebe1908b862c42ea318077f1b7df8a9acb3c6
                                                                                                                                                                        • Instruction Fuzzy Hash: BC117326B15F028AEB04CF60E8546B833A4F718B58F040E35DA6D867B8DF38D1958340
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FF6B1D14408 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1914726553.00007FF6B17A1000.00000020.00000001.01000000.00000004.sdmp, Offset: 00007FF6B17A0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1914714341.00007FF6B17A0000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1915048950.00007FF6B1D31000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1915208843.00007FF6B1D5A000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1915208843.00007FF6B1D8E000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1915390018.00007FF6B1D92000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff6b17a0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                        • Opcode ID: 8e9a0748eda3973a8fa9fcf67cd80dbee6d41e33a1df220591ca4557fc286ce7
                                                                                                                                                                        • Instruction ID: 646322bbaa30a5b9aab655088cc148433d14f107dc0425abe3e68479502ff1a9
                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9a0748eda3973a8fa9fcf67cd80dbee6d41e33a1df220591ca4557fc286ce7
                                                                                                                                                                        • Instruction Fuzzy Hash: 18110626B15F06DAEB008B64E8952B833A4FB59768F440F31DB6D867A8DF78D1958240
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6A23 Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 330COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID: ..\s\crypto\engine\eng_ctrl.c$b
                                                                                                                                                                        • API String ID: 0-1836817417
                                                                                                                                                                        • Opcode ID: 637200c1ffe7b35fb40bf7025227ca8bb63ae6a0959190e154cfb847138dec9e
                                                                                                                                                                        • Instruction ID: 28e6e3491d65d40e4d9fca710e85da699e110ae56b942545be1a352f3f896c0d
                                                                                                                                                                        • Opcode Fuzzy Hash: 637200c1ffe7b35fb40bf7025227ca8bb63ae6a0959190e154cfb847138dec9e
                                                                                                                                                                        • Instruction Fuzzy Hash: 89E1C025B0825282F7688B12D460F7EB6B1FF80B44F588179DAAD87AC9DF3CE945D700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA2743 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _time64
                                                                                                                                                                        • String ID: %02d%02d%02d%02d%02d%02dZ$%04d%02d%02d%02d%02d%02dZ
                                                                                                                                                                        • API String ID: 1670930206-2648760357
                                                                                                                                                                        • Opcode ID: 35c0674a6fc9a5195c317095fe527ac94bcdae6bb520b7aade9e85fd0519ba43
                                                                                                                                                                        • Instruction ID: 9f8d2780413f026248e711b994de0b88bd66084d549a908ae6da4365a20debe4
                                                                                                                                                                        • Opcode Fuzzy Hash: 35c0674a6fc9a5195c317095fe527ac94bcdae6bb520b7aade9e85fd0519ba43
                                                                                                                                                                        • Instruction Fuzzy Hash: 1C516332B1C7828AE764DF15E45066AB7E0FB88780F544135EA9D87B9DEF3CE5458B00
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA1613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: getaddrinfo
                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                        • API String ID: 300660673-2547254400
                                                                                                                                                                        • Opcode ID: cee4118a91f4e298bb24630199019e17d2161ccb3740edd78188986782efcc03
                                                                                                                                                                        • Instruction ID: ad47015033e7e62ab4a6784bc9021f1ccaa19d4f331df66d91a4e19e9eee6b37
                                                                                                                                                                        • Opcode Fuzzy Hash: cee4118a91f4e298bb24630199019e17d2161ccb3740edd78188986782efcc03
                                                                                                                                                                        • Instruction Fuzzy Hash: 3041C672B18682C7E7588F12A861ABDB790FB84740F4041B5FA9947BC9DF3CD8458F40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA3387 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastgetsockname
                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                        • API String ID: 566540725-540685895
                                                                                                                                                                        • Opcode ID: 3f7e4d637075843b50ffdfd6546d49ef448eefcf8eb4d6d42073b27a69ad320d
                                                                                                                                                                        • Instruction ID: ffcf475224d27873933fa6966ef8ce5e25bb11473ed7ca9f20c9956c69dc8dd3
                                                                                                                                                                        • Opcode Fuzzy Hash: 3f7e4d637075843b50ffdfd6546d49ef448eefcf8eb4d6d42073b27a69ad320d
                                                                                                                                                                        • Instruction Fuzzy Hash: 0E218371B1454687E718DB21D824AED77A0FF80714F8041B5E66C076D8DF3DE58ADB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA251D Relevance: 5.3, APIs: 4, Instructions: 301COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID:
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID:
                                                                                                                                                                        • Opcode ID: 2ab70523127c85397b16234b165925c659837f5bfa7a0202ee04cf5bea613ef6
                                                                                                                                                                        • Instruction ID: f6629bdd462d364f7206cc70998fd22d0daa101752d6d30fd159df0ccc2ba001
                                                                                                                                                                        • Opcode Fuzzy Hash: 2ab70523127c85397b16234b165925c659837f5bfa7a0202ee04cf5bea613ef6
                                                                                                                                                                        • Instruction Fuzzy Hash: D2C1E7B6B0868086D724CF1AA454BAEB7A1FB89BC0F444136EE5D5BB9DDF7CD0058B40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA15AF Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: _time64
                                                                                                                                                                        • String ID: !$..\s\crypto\ct\ct_policy.c
                                                                                                                                                                        • API String ID: 1670930206-3401457818
                                                                                                                                                                        • Opcode ID: f8ad8f7d64f1f5fb2bc396660ebdd1b69d3ea8b5320bd96bda6debcd379a685e
                                                                                                                                                                        • Instruction ID: cdbec91572c1734264bc1ac6337cc4a53f9e85d4ae372c288f335a00deb7160d
                                                                                                                                                                        • Opcode Fuzzy Hash: f8ad8f7d64f1f5fb2bc396660ebdd1b69d3ea8b5320bd96bda6debcd379a685e
                                                                                                                                                                        • Instruction Fuzzy Hash: 10F04931B1A606C6EB199B24E821BB933A0EF40704F840475DA2D073DAEF3CE65ADB40
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA6BEA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Strings
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: ErrorLastioctlsocket
                                                                                                                                                                        • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                        • API String ID: 1021210092-540685895
                                                                                                                                                                        • Opcode ID: 4461a209f28e95a1d17e1fe27fd0101058cda89b9424f7b2e88bf19f5e6d7981
                                                                                                                                                                        • Instruction ID: c4e38a503aa2d7d14626f64adfba72ac05ed17df6db71a14596d0554d7abb3bf
                                                                                                                                                                        • Opcode Fuzzy Hash: 4461a209f28e95a1d17e1fe27fd0101058cda89b9424f7b2e88bf19f5e6d7981
                                                                                                                                                                        • Instruction Fuzzy Hash: AEE09A61B2960386F71A5B609864F7963A0EF04305F0001B8E92D877D8EF2DAA498A10
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFACDB3F0 Relevance: 5.2, APIs: 4, Instructions: 239COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        • memchr.VCRUNTIME140(00007FFDFACDB35B,00000000,?,00000000,00007FFDFACDA5F9), ref: 00007FFDFACDB52B
                                                                                                                                                                        • memchr.VCRUNTIME140(00007FFDFACDB35B,00000000,?,00000000,00007FFDFACDA5F9), ref: 00007FFDFACDB573
                                                                                                                                                                        • memchr.VCRUNTIME140(00007FFDFACDB35B,00000000,?,00000000,00007FFDFACDA5F9), ref: 00007FFDFACDB58D
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memchr
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 3297308162-0
                                                                                                                                                                        • Opcode ID: 894b152478e49585909b4f884bd3c79ebd5a6dd4ef0c1a77e308b87e5181a23f
                                                                                                                                                                        • Instruction ID: ef87777c8aed0d57171a1aec92a8be776fbcd80da120d9085c19609f9106e07d
                                                                                                                                                                        • Opcode Fuzzy Hash: 894b152478e49585909b4f884bd3c79ebd5a6dd4ef0c1a77e308b87e5181a23f
                                                                                                                                                                        • Instruction Fuzzy Hash: 5591E969B0868181EB18DB17D4A093DA7E1FB89BC4F484075EF6D837D9CE2DE845C700
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Function 00007FFDFAAA53E4 Relevance: 5.0, APIs: 4, Instructions: 48COMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000001.00000002.1916066516.00007FFDFAAA1000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FFDFAAA0000, based on PE: true
                                                                                                                                                                        • Associated: 00000001.00000002.1915897522.00007FFDFAAA0000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAAAD000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB05000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB19000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB2A000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB30000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFAB3D000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1916066516.00007FFDFACED000.00000020.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFACEF000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD1A000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD4B000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD71000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1917030049.00007FFDFAD97000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918095103.00007FFDFADBF000.00000008.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918260696.00007FFDFADC0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADC7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE3000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        • Associated: 00000001.00000002.1918310238.00007FFDFADE7000.00000002.00000001.01000000.0000000E.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdfaaa0000_wwndjlajmlkzqaqa.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: memmove
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2162964266-0
                                                                                                                                                                        • Opcode ID: a23466d681eb0a4b59ef0f4ee0ccc74a58dbd7c3bc8a430191d22eb2a2f2a2f8
                                                                                                                                                                        • Instruction ID: 558244cab6160950f53f7ec2cd4c0d3e29701fb33812a324ba0e21bfc18af0b9
                                                                                                                                                                        • Opcode Fuzzy Hash: a23466d681eb0a4b59ef0f4ee0ccc74a58dbd7c3bc8a430191d22eb2a2f2a2f8
                                                                                                                                                                        • Instruction Fuzzy Hash: 2111E626B04642D2D754DB26E2901ED7360FF487D0F844572EBAD47BDAEF28E995C300
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%

                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                        Function 00007FF72F1ABB48 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                        APIs
                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                        • Source File: 00000004.00000002.2069471890.00007FF72F1A1000.00000020.00000001.01000000.00000019.sdmp, Offset: 00007FF72F1A0000, based on PE: true
                                                                                                                                                                        • Associated: 00000004.00000002.2069448682.00007FF72F1A0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                        • Associated: 00000004.00000002.2069508425.00007FF72F1C0000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                        • Associated: 00000004.00000002.2069553370.00007FF72F1CC000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                        • Associated: 00000004.00000002.2069553370.00007FF72F1D8000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                        • Associated: 00000004.00000002.2069553370.00007FF72F1DA000.00000004.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                        • Associated: 00000004.00000002.2069629570.00007FF72F1DD000.00000002.00000001.01000000.00000019.sdmpDownload File
                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                        • Snapshot File: hcaresult_4_2_7ff72f1a0000_XxWACzmWyB.jbxd
                                                                                                                                                                        Similarity
                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                        • String ID:
                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                        • Opcode ID: 015d8f8df3734927533f18fda09b55c5bd130b200fb83a53c341d3f3889cf401
                                                                                                                                                                        • Instruction ID: 94af931d7cba0dd6ee8e297406da40a3c1a11953e85933876abf7d7583f1a5ec
                                                                                                                                                                        • Opcode Fuzzy Hash: 015d8f8df3734927533f18fda09b55c5bd130b200fb83a53c341d3f3889cf401
                                                                                                                                                                        • Instruction Fuzzy Hash: 59115E26B14F4189EB00DF60FC452B873A4FB18B58F850E31DA6D867A4DF78D5A88751
                                                                                                                                                                        Uniqueness

                                                                                                                                                                        Uniqueness Score: -1.00%