Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
Analysis ID:1445130
MD5:a3f767e76c8c6baa9a154d576c7ba49d
SHA1:c9a2479bd372fd3ae569b67fc132eac6d5ad9ef0
SHA256:eb9a9a49e21219cdc673eb0b3266c2f4c2a759df7c17f4c19ede70e1d5b01dc5
Tags:exe
Infos:

Detection

XenoRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected XenoRAT
.NET source code contains potential unpacker
AI detected suspicious sample
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
PE file has nameless sections
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000003.00000002.1631548350.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XenoRATYara detected XenoRATJoe Security
    00000004.00000002.1655942411.0000000002796000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XenoRATYara detected XenoRATJoe Security
      00000004.00000002.1655942411.0000000002563000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XenoRATYara detected XenoRATJoe Security
        00000011.00000002.2274209658.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XenoRATYara detected XenoRATJoe Security
          00000000.00000002.1646627649.0000000002F91000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XenoRATYara detected XenoRATJoe Security
            Click to see the 4 entries
            SourceRuleDescriptionAuthorStrings
            4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
              3.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.400000.0.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
                17.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2dfde70.0.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
                  0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2f9d600.1.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
                    4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.raw.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
                      Click to see the 2 entries

                      System Summary

                      barindex
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F, CommandLine: "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, ParentProcessId: 6388, ParentProcessName: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, ProcessCommandLine: "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F, ProcessId: 7756, ProcessName: schtasks.exe

                      Persistence and Installation Behavior

                      barindex
                      Source: Process startedAuthor: Joe Security: Data: Command: "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F, CommandLine: "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, ParentProcessId: 6388, ParentProcessName: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, ProcessCommandLine: "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F, ProcessId: 7756, ProcessName: schtasks.exe
                      No Snort rule has matched

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeAvira: detected
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeAvira: detection malicious, Label: HEUR/AGEN.1357819
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeReversingLabs: Detection: 65%
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeReversingLabs: Detection: 51%
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJoe Sandbox ML: detected
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJoe Sandbox ML: detected
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4x nop then jmp 00D417B0h1_2_00D40B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4x nop then jmp 013717B0h2_2_01370B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4x nop then jmp 010A17B0h3_2_010A0B60
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4x nop then jmp 029917B0h6_2_02990B60
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4x nop then jmp 028017B0h8_2_02800B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4x nop then jmp 030B17B0h18_2_030B0B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4x nop then jmp 011A17B0h19_2_011A0B60
                      Source: global trafficTCP traffic: 192.168.2.4:49738 -> 176.67.83.30:1283
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficDNS traffic detected: DNS query: dns.dobiamfollollc.online
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000012.00000002.2266764355.0000000001659000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://go.micO

                      System Summary

                      barindex
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: section name: Jl'8*3
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.1.drStatic PE information: section name: Jl'8*3
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: section name:
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.1.drStatic PE information: section name:
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6D2B8 NtWriteVirtualMemory,0_2_02F6D2B8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6D098 NtResumeThread,0_2_02F6D098
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6CEE0 NtReadVirtualMemory,0_2_02F6CEE0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6D460 NtSetContextThread,0_2_02F6D460
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6D2B0 NtWriteVirtualMemory,0_2_02F6D2B0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6D091 NtResumeThread,0_2_02F6D091
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6CEDC NtReadVirtualMemory,0_2_02F6CEDC
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6D459 NtSetContextThread,0_2_02F6D459
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBD460 NtSetContextThread,4_2_04DBD460
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBCEE0 NtReadVirtualMemory,4_2_04DBCEE0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBD098 NtResumeThread,4_2_04DBD098
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBD2B8 NtWriteVirtualMemory,4_2_04DBD2B8
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBD459 NtSetContextThread,4_2_04DBD459
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBCEDC NtReadVirtualMemory,4_2_04DBCEDC
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBD091 NtResumeThread,4_2_04DBD091
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBD2B0 NtWriteVirtualMemory,4_2_04DBD2B0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DBEAD00_2_02DBEAD0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DBAEF80_2_02DBAEF8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DBC6500_2_02DBC650
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB6BA00_2_02DB6BA0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB58B00_2_02DB58B0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB08480_2_02DB0848
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB4DE00_2_02DB4DE0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB61B80_2_02DB61B8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DBB1A00_2_02DBB1A0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB3D270_2_02DB3D27
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DBA2F80_2_02DBA2F8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DBFA480_2_02DBFA48
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB66380_2_02DB6638
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB66280_2_02DB6628
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB9FF00_2_02DB9FF0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB6B900_2_02DB6B90
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB9B600_2_02DB9B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DBA8D80_2_02DBA8D8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB08380_2_02DB0838
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB4DD10_2_02DB4DD1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB9D980_2_02DB9D98
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB61A80_2_02DB61A8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB3DAD0_2_02DB3DAD
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB89780_2_02DB8978
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02DB95100_2_02DB9510
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6C2500_2_02F6C250
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6DA100_2_02F6DA10
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6B0F80_2_02F6B0F8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F618B00_2_02F618B0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F612D00_2_02F612D0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F67A880_2_02F67A88
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6C2450_2_02F6C245
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6DA0E0_2_02F6DA0E
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F60B380_2_02F60B38
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F60B280_2_02F60B28
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6B0E90_2_02F6B0E9
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F618750_2_02F61875
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F600400_2_02F60040
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F610480_2_02F61048
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6102A0_2_02F6102A
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F601770_2_02F60177
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F60CE50_2_02F60CE5
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_0545C1680_2_0545C168
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_05459FA00_2_05459FA0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_05454E300_2_05454E30
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_0545E4C00_2_0545E4C0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_054507610_2_05450761
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_054507700_2_05450770
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_054510280_2_05451028
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_054510380_2_05451038
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_054593780_2_05459378
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_054512480_2_05451248
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_054512580_2_05451258
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_0545E2880_2_0545E288
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_0545EF600_2_0545EF60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_05450E0A0_2_05450E0A
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_05450E180_2_05450E18
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_05454E200_2_05454E20
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_0545DBC00_2_0545DBC0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_055A00400_2_055A0040
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_055A00060_2_055A0006
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 1_2_00D40B601_2_00D40B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 2_2_01370B602_2_01370B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 2_2_013720302_2_01372030
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 2_2_013748682_2_01374868
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 2_2_013736682_2_01373668
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 2_2_013736582_2_01373658
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 3_2_010A0B603_2_010A0B60
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008558B04_2_008558B0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008508484_2_00850848
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_00853DAD4_2_00853DAD
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008561B84_2_008561B8
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_00854DE04_2_00854DE0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0085EAD04_2_0085EAD0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0085AEF84_2_0085AEF8
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0085B2204_2_0085B220
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0085C6504_2_0085C650
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_00856BA04_2_00856BA0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0085A8D84_2_0085A8D8
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008508384_2_00850838
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_00859D984_2_00859D98
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008561A84_2_008561A8
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_00854DD14_2_00854DD1
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008595104_2_00859510
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008589784_2_00858978
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0085A2F84_2_0085A2F8
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008566284_2_00856628
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_008566384_2_00856638
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0085FA484_2_0085FA48
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_00856B904_2_00856B90
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_00859FF04_2_00859FF0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_00859B604_2_00859B60
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0239C1684_2_0239C168
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_02394E304_2_02394E30
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_02399FA04_2_02399FA0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_023912584_2_02391258
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_023912524_2_02391252
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0239E2884_2_0239E288
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_023993784_2_02399378
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_023910384_2_02391038
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_023910284_2_02391028
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_023907704_2_02390770
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_023907614_2_02390761
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0239E4C04_2_0239E4C0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0239DBC04_2_0239DBC0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_02394E204_2_02394E20
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_02390E184_2_02390E18
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_02390E0A4_2_02390E0A
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_0239EF604_2_0239EF60
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBB0F84_2_04DBB0F8
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBC2504_2_04DBC250
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBDA104_2_04DBDA10
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB0CE54_2_04DB0CE5
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB7F704_2_04DB7F70
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB7F604_2_04DB7F60
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBB0E94_2_04DBB0E9
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB18B04_2_04DB18B0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB10484_2_04DB1048
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB00404_2_04DB0040
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB18754_2_04DB1875
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB00074_2_04DB0007
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB102A4_2_04DB102A
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB01774_2_04DB0177
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB12D04_2_04DB12D0
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB12C14_2_04DB12C1
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBC2454_2_04DBC245
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB0B384_2_04DB0B38
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DB0B284_2_04DB0B28
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 6_2_02990B606_2_02990B60
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 8_2_02800B608_2_02800B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159594B17_2_0159594B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01594DE017_2_01594DE0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_015961B817_2_015961B8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159084817_2_01590848
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01596BA017_2_01596BA0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159C65017_2_0159C650
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159B22017_2_0159B220
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159EAD017_2_0159EAD0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159AEF817_2_0159AEF8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01593AB817_2_01593AB8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159897817_2_01598978
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159951017_2_01599510
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01594DDB17_2_01594DDB
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01599D9817_2_01599D98
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_015961A817_2_015961A8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159083817_2_01590838
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159A8D817_2_0159A8D8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01599B6017_2_01599B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01599FF017_2_01599FF0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01596B9B17_2_01596B9B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159FA4817_2_0159FA48
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159663817_2_01596638
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159662817_2_01596628
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_0159A2F817_2_0159A2F8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7C16817_2_04F7C168
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F74E3017_2_04F74E30
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F79FA017_2_04F79FA0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7E4C017_2_04F7E4C0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7077017_2_04F70770
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7076B17_2_04F7076B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7103317_2_04F71033
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7103817_2_04F71038
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7E28817_2_04F7E288
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7125817_2_04F71258
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7124B17_2_04F7124B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7937817_2_04F79378
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F74E2017_2_04F74E20
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F70E1817_2_04F70E18
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F70E0B17_2_04F70E0B
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7EF6017_2_04F7EF60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F7DBC017_2_04F7DBC0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 18_2_030B0B6018_2_030B0B60
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 19_2_011A0B6019_2_011A0B60
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 80
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000000.00000000.1623214485.0000000000C30000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameserver1.exe6 vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000000.00000002.1646627649.0000000002F91000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSolid_manager.exe< vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000000.00000002.1649905134.000000000E140000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameserver1.exe6 vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000001.00000002.1633892569.0000000000D58000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000003.00000002.1631548350.000000000040E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSolid_manager.exe< vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000004.00000002.1655942411.0000000002796000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSolid_manager.exe< vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000004.00000002.1655942411.0000000002563000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSolid_manager.exe< vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000004.00000002.1654372753.000000000086E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000011.00000002.2274209658.0000000002DF1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSolid_manager.exe< vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000013.00000002.2267471877.00000000011B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeBinary or memory string: OriginalFilenameserver1.exe6 vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.1.drBinary or memory string: OriginalFilenameserver1.exe6 vs SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: Section: Jl'8*3 ZLIB complexity 1.0003455931635388
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.1.drStatic PE information: Section: Jl'8*3 ZLIB complexity 1.0003455931635388
                      Source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2f9d600.1.raw.unpack, Encryption.csCryptographic APIs: 'CreateDecryptor'
                      Source: 4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.raw.unpack, Encryption.csCryptographic APIs: 'CreateDecryptor'
                      Source: 17.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2dfde70.0.raw.unpack, Encryption.csCryptographic APIs: 'CreateDecryptor'
                      Source: classification engineClassification label: mal100.troj.evad.winEXE@27/4@1/1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.logJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMutant created: NULL
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess1228
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7764:120:WilError_03
                      Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7912
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMutant created: \Sessions\1\BaseNamedObjects\Solid_rat_nd8889g-admin
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeFile created: C:\Users\user\AppData\Local\Temp\tmp6D0A.tmpJump to behavior
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeReversingLabs: Detection: 51%
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe"
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe "C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe"
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 80
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 80
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe "C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /FJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                      Data Obfuscation

                      barindex
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeUnpacked PE file: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.bf0000.0.unpack Jl'8*3:EW;.text:ER;.rsrc:R;Unknown_Section3:ER;.reloc:R; vs Unknown_Section0:EW;Unknown_Section1:ER;Unknown_Section2:R;Unknown_Section3:ER;Unknown_Section4:R;
                      Source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2f9d600.1.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2f9d600.1.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler
                      Source: 4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
                      Source: 4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler
                      Source: 17.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2dfde70.0.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
                      Source: 17.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2dfde70.0.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: section name: Jl'8*3
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: section name:
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.1.drStatic PE information: section name: Jl'8*3
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.1.drStatic PE information: section name:
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_00C18E46 push edx; retf 0_2_00C18E47
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_00C143D0 push eax; retf 0_2_00C143DA
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_00C1419D push esi; iretd 0_2_00C1419E
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_00C15753 push edx; iretd 0_2_00C15754
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_00C15F70 push cs; ret 0_2_00C15F93
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_00C15978 push ebp; ret 0_2_00C15979
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_00C17B02 push ebx; retf 0_2_00C17B0C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_02F6E5BA push esp; iretd 0_2_02F6E5BB
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 0_2_05457359 push ecx; retf 0_2_0545735C
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 1_2_00D40625 push esp; iretd 1_2_00D40627
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_02397359 push ecx; retf 4_2_0239735C
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBE5BA push esp; iretd 4_2_04DBE5BB
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 4_2_04DBEFEC push eax; retf 4_2_04DBEFED
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01594DD1 push es; ret 17_2_01594DD2
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01595CE8 push cs; ret 17_2_01595CEA
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_01595FB0 push cs; ret 17_2_01595FBA
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeCode function: 17_2_04F77359 push ecx; retf 17_2_04F7735C
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeStatic PE information: section name: Jl'8*3 entropy: 7.999279086590635
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.1.drStatic PE information: section name: Jl'8*3 entropy: 7.999279086590635
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeFile created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to dropped file

                      Boot Survival

                      barindex
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2D50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2F90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2ED0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 5570000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 6570000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 66A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 76A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 7A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 8A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 9A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: ACB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: BCB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: C140000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: D140000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: EE20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: FE20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 10E20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 11E20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 12E20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 13E20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: D40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2980000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 4980000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 1330000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2CB0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 14E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 10A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2B90000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 29E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 850000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2550000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2350000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 4BE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 5BE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 5D10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 6D10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 7160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 8160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 5D10000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 7160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 8160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 9160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: A160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: B160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: B5F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 59C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 7160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 8160000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2950000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2B50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 4B50000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2760000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2850000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2760000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 1590000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2DF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 4EF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 5570000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 6570000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 66A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 76A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 7A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 8A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 66A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 7A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 8A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 9B30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: AB30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: BB30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: BFC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 6350000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 7A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 8A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 30B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 32A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 30E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 11A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 2DC0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: 13F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeWindow / User API: threadDelayed 2290Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeWindow / User API: threadDelayed 7560Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 5284Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 6480Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep count: 32 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -61000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -60849s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 5816Thread sleep count: 2290 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 5816Thread sleep count: 7560 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -60719s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -60593s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -60484s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -60375s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -60257s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -60084s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -59650s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -59544s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -59422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -59310s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -59187s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -59077s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58968s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58859s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58421s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58203s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -58093s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57765s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57546s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57425s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57309s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57196s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -57078s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56968s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56859s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56750s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56640s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56531s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56312s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56203s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -56093s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55984s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55875s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55765s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55656s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55546s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55437s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55328s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55218s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -55109s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -54965s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 1704Thread sleep time: -54844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 5780Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 3756Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 6016Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 7180Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 7836Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 7920Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe TID: 7940Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 61000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 60849Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 60719Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 60593Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 60484Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 60375Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 60257Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 60084Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 59650Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 59544Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 59422Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 59310Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 59187Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 59077Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58968Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58859Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58750Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58640Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58531Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58421Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58312Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58203Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 58093Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57984Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57875Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57765Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57656Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57546Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57425Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57309Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57196Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 57078Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56968Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56859Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56750Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56640Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56531Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56422Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56312Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56203Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 56093Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55984Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55875Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55765Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55656Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55546Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55437Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55328Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55218Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 55109Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 54965Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 54844Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000002.00000002.2877590756.0000000000D23000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<e
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000001.00000002.1634037423.0000000000DBB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                      Source: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000001.00000002.1634037423.0000000000DBB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess queried: DebugPortJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess queried: DebugPort
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess queried: DebugPort
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory written: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory written: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeMemory written: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe "C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /FJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Source: Yara matchFile source: 4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2dfde70.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2f9d600.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2dfde70.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2f9d600.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1631548350.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1655942411.0000000002796000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1655942411.0000000002563000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2274209658.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1646627649.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe PID: 7108, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe PID: 6484, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe PID: 2764, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe PID: 7816, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Source: Yara matchFile source: 4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 3.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2dfde70.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2f9d600.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2565f28.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 17.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2dfde70.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe.2f9d600.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000003.00000002.1631548350.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1655942411.0000000002796000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1655942411.0000000002563000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000011.00000002.2274209658.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1646627649.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe PID: 7108, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe PID: 6484, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe PID: 2764, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe PID: 7816, type: MEMORYSTR
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                      Scheduled Task/Job
                      1
                      Scheduled Task/Job
                      111
                      Process Injection
                      1
                      Masquerading
                      OS Credential Dumping111
                      Security Software Discovery
                      Remote Services11
                      Archive Collected Data
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading
                      1
                      Scheduled Task/Job
                      1
                      Disable or Modify Tools
                      LSASS Memory41
                      Virtualization/Sandbox Evasion
                      Remote Desktop ProtocolData from Removable Media1
                      Non-Standard Port
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                      DLL Side-Loading
                      41
                      Virtualization/Sandbox Evasion
                      Security Account Manager1
                      Application Window Discovery
                      SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                      Process Injection
                      NTDS1
                      File and Directory Discovery
                      Distributed Component Object ModelInput Capture1
                      Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      Deobfuscate/Decode Files or Information
                      LSA Secrets12
                      System Information Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
                      Obfuscated Files or Information
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                      Software Packing
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      DLL Side-Loading
                      Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1445130 Sample: SecuriteInfo.com.Win32.Coin... Startdate: 21/05/2024 Architecture: WINDOWS Score: 100 50 dns.dobiamfollollc.online 2->50 54 Antivirus / Scanner detection for submitted sample 2->54 56 Sigma detected: Scheduled temp file as task from temp location 2->56 58 Multi AV Scanner detection for submitted file 2->58 60 6 other signatures 2->60 10 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 1 2->10         started        13 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 2->13         started        signatures3 process4 signatures5 62 Detected unpacking (changes PE section rights) 10->62 64 Uses schtasks.exe or at.exe to add and modify task schedules 10->64 66 Injects a PE file into a foreign processes 10->66 15 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 4 10->15         started        18 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 5 10->18         started        21 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 2 10->21         started        23 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 13->23         started        25 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 2 13->25         started        27 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 2 13->27         started        process6 dnsIp7 46 SecuriteInfo.com.W...gen.22200.11178.exe, PE32 15->46 dropped 29 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 15->29         started        52 dns.dobiamfollollc.online 176.67.83.30, 1283, 49738, 49739 HIGHWINDS2US United States 18->52 48 C:\Users\user\AppData\Local\...\tmp6D0A.tmp, ASCII 18->48 dropped 32 schtasks.exe 1 18->32         started        34 WerFault.exe 23->34         started        file8 process9 signatures10 68 Antivirus detection for dropped file 29->68 70 Multi AV Scanner detection for dropped file 29->70 72 Machine Learning detection for dropped file 29->72 74 Injects a PE file into a foreign processes 29->74 36 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 29->36         started        38 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 2 29->38         started        40 SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe 2 29->40         started        42 conhost.exe 32->42         started        process11 process12 44 WerFault.exe 2 36->44         started       

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe51%ReversingLabsWin32.Trojan.CoinminerX
                      SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe100%AviraHEUR/AGEN.1357819
                      SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe100%Joe Sandbox ML
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe100%AviraHEUR/AGEN.1357819
                      C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe66%ReversingLabsWin32.Trojan.CoinminerX
                      No Antivirus matches
                      No Antivirus matches
                      SourceDetectionScannerLabelLink
                      http://go.micO0%Avira URL Cloudsafe
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      dns.dobiamfollollc.online
                      176.67.83.30
                      truefalse
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        http://go.micOSecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, 00000012.00000002.2266764355.0000000001659000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs
                        IPDomainCountryFlagASNASN NameMalicious
                        176.67.83.30
                        dns.dobiamfollollc.onlineUnited States
                        33438HIGHWINDS2USfalse
                        Joe Sandbox version:40.0.0 Tourmaline
                        Analysis ID:1445130
                        Start date and time:2024-05-21 16:37:08 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 6m 28s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:24
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Detection:MAL
                        Classification:mal100.troj.evad.winEXE@27/4@1/1
                        EGA Information:
                        • Successful, ratio: 30%
                        HCA Information:
                        • Successful, ratio: 84%
                        • Number of executed functions: 222
                        • Number of non-executed functions: 37
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, PID 6336 because it is empty
                        • Execution Graph export aborted for target SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, PID 6364 because it is empty
                        • Execution Graph export aborted for target SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, PID 6388 because it is empty
                        • Execution Graph export aborted for target SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, PID 6484 because it is empty
                        • Execution Graph export aborted for target SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, PID 6840 because it is empty
                        • Execution Graph export aborted for target SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, PID 7876 because it is empty
                        • Execution Graph export aborted for target SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe, PID 7884 because it is empty
                        • Not all processes where analyzed, report is missing behavior information
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • VT rate limit hit for: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        TimeTypeDescription
                        10:37:54API Interceptor206366x Sleep call for process: SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe modified
                        15:38:57Task SchedulerRun new task: bns path: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        No context
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        dns.dobiamfollollc.onlineDekont - (Mayis).exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Dekont-Mayis.exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Dekont-Mayis.exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Dekont-Mayis.exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Dekont-Mayis.exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Odeme -(Mayis).exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Odeme -(Mayis).exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Odeme -(Mayis).exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Odeme -(Mayis).exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        Odeme -(Mayis).exeGet hashmaliciousXenoRATBrowse
                        • 91.92.243.131
                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        HIGHWINDS2US0bNqwLK242.elfGet hashmaliciousMiraiBrowse
                        • 74.209.136.48
                        t7bAVQ2wpF.elfGet hashmaliciousUnknownBrowse
                        • 151.139.81.128
                        https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3YffzGet hashmaliciousHTMLPhisherBrowse
                        • 2.58.15.240
                        https://click.pstmrk.it/3s/t.co%2FRieqFTtqmt/gMTC/7_W0AQ/AQ/880c85de-cc11-4181-9f68-0f08d9f1e222/1/rCUNy3YffzGet hashmaliciousHTMLPhisherBrowse
                        • 2.58.15.240
                        Ns1xkTsDQO.elfGet hashmaliciousMiraiBrowse
                        • 74.209.136.61
                        begi6epHVb.elfGet hashmaliciousMiraiBrowse
                        • 23.111.12.97
                        Udx2BpoMA3.elfGet hashmaliciousMiraiBrowse
                        • 74.209.136.74
                        NS5jNpjR8t.elfGet hashmaliciousMiraiBrowse
                        • 74.209.136.41
                        7oT3AVmeSf.elfGet hashmaliciousUnknownBrowse
                        • 209.197.10.6
                        WV2xV7QUXv.exeGet hashmaliciousUnknownBrowse
                        • 2.58.15.85
                        No context
                        No context
                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:dropped
                        Size (bytes):706
                        Entropy (8bit):5.349842958726647
                        Encrypted:false
                        SSDEEP:12:Q3La/hz92n4M0kvoDLI4MWuCqDLI4MWuPTAq1KDLI4M9XKbbDLI4MWuPJKAVKhav:MLU84jE4K5E4KH1qE4qXKDE4KhKiKhk
                        MD5:873FA73F7EAAC5A90DC38988855C5032
                        SHA1:694CDB950E35FE9EDBAE22377CBB1630F8F1DB84
                        SHA-256:501001FA544E6D1C28EE3BAAAB9CC953E4421AD91222FF68C44CB5BC015D6E02
                        SHA-512:3DE429FD9A218A6B491E0D9346A31E9B0418331649452B0AA161452DE6D2DA535AAA3E0FE18FE73B0A7AF77DE7C43DAD77E2C72ADFAC153A1E5EB279FAEB32B0
                        Malicious:false
                        Reputation:moderate, very likely benign file
                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..
                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        File Type:ASCII text
                        Category:dropped
                        Size (bytes):1065
                        Entropy (8bit):3.9415522388372555
                        Encrypted:false
                        SSDEEP:12:FLJ+DW2SFFkFmMMLGId1L6AEJl7XpShhJKShe/Q0QK1++ahQdxv3n:FLJ+S3Mmd1L6ztMhEMOQ0Q+amxvn
                        MD5:3A1AB22E56BE0A4106221F1D2F4F7B90
                        SHA1:859F280A3D0546EDA83BD996649D6A3BDDF50637
                        SHA-256:DDB5C4C41BC1463FC9E0519659EB84B1D82FA92BDB5707F92519472E403A7CCC
                        SHA-512:C3C19056822ED00E2702F931C7E63C41C07CD79D1C8175955B675CBD67EE657A2F1568AB68D31260FCB35402A332AA5E7727F0F1EDFDE05CFC5010CF232893F3
                        Malicious:true
                        Reputation:low
                        Preview:. <Task xmlns='http://schemas.microsoft.com/windows/2004/02/mit/task'>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. </LogonTrigger>. </Triggers>. <Principals>. <Principal id='Author'>. <LogonType>InteractiveToken</LogonType>. <RunLevel>HighestAvailable</RunLevel>. </Principal>. </Principals>. <Settings>. <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>. </Settings>. <Actions>. <Exec>. <Command>C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe</Command>.
                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):248320
                        Entropy (8bit):7.718380451484677
                        Encrypted:false
                        SSDEEP:6144:94OlpLX5KTcVgpod/a3gctM7lresEobLr49+I:igX5Pg2dC3ft+wsEobLr49j
                        MD5:A3F767E76C8C6BAA9A154D576C7BA49D
                        SHA1:C9A2479BD372FD3AE569B67FC132EAC6D5AD9EF0
                        SHA-256:EB9A9A49E21219CDC673EB0B3266C2F4C2A759DF7C17F4C19EDE70E1D5B01DC5
                        SHA-512:6E567B6DAB41A56EB777A06644E1F6BA0D80131EBCD03443E3B526EF5F7DFAAA3F41EE175A26E976D1B6DEEF4967D677EC71F87CC63A26559E39E1A6C46042AB
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 66%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....aKf............................. ... ... ....@.. .......................`............`.................................DA..W............................@....................................................... ............... ..H...........Jl.'8*.3|.... ......................@....text...X.... ...................... ..`.rsrc...............................@..@............. ...................... ..`.reloc.......@......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................
                        Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:modified
                        Size (bytes):26
                        Entropy (8bit):3.95006375643621
                        Encrypted:false
                        SSDEEP:3:ggPYV:rPYV
                        MD5:187F488E27DB4AF347237FE461A079AD
                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                        Malicious:false
                        Reputation:high, very likely benign file
                        Preview:[ZoneTransfer]....ZoneId=0
                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):7.718380451484677
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                        • Win32 Executable (generic) a (10002005/4) 49.96%
                        • Win16/32 Executable Delphi generic (2074/23) 0.01%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        • DOS Executable Generic (2002/1) 0.01%
                        File name:SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        File size:248'320 bytes
                        MD5:a3f767e76c8c6baa9a154d576c7ba49d
                        SHA1:c9a2479bd372fd3ae569b67fc132eac6d5ad9ef0
                        SHA256:eb9a9a49e21219cdc673eb0b3266c2f4c2a759df7c17f4c19ede70e1d5b01dc5
                        SHA512:6e567b6dab41a56eb777a06644e1f6ba0d80131ebcd03443e3b526ef5f7dfaaa3f41ee175a26e976d1b6deef4967d677ec71f87cc63a26559e39e1a6c46042ab
                        SSDEEP:6144:94OlpLX5KTcVgpod/a3gctM7lresEobLr49+I:igX5Pg2dC3ft+wsEobLr49j
                        TLSH:AD346BDD726072DEC867C8729EA81D74FA61787B431F5243A42715ADAE4C89BCF180F2
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....aKf............................. ... ... ....@.. .......................`............`................................
                        Icon Hash:90cececece8e8eb0
                        Entrypoint:0x44200a
                        Entrypoint Section:
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x664B619F [Mon May 20 14:43:43 2024 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                        Instruction
                        jmp dword ptr [00442000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x341440x57.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x400000xd13.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x440000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x420000x8
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x320000x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        Jl'8*30x20000x2e97c0x2ea00ad283d10ba2ee9e457237af82bfa25f2False1.0003455931635388data7.999279086590635IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .text0x320000xc8580xca00ad82d73a1d5a0749a92abb72a7901521False0.4183168316831683data5.122478822051792IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rsrc0x400000xd130xe00a3907b94e8b3c9177779ece3916ecbb0False0.3685825892857143data4.727336372543403IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        0x420000x100x200bcc7a700feb925491de9a8f6b7fbe49dFalse0.044921875data0.14263576814887827IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .reloc0x440000xc0x2001b7daa91007c3b092e7bc824ff1dd2a0False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_VERSION0x400a00x3a0data0.4202586206896552
                        RT_MANIFEST0x404400x8d3XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.3935369632580788
                        DLLImport
                        mscoree.dll_CorExeMain
                        TimestampSource PortDest PortSource IPDest IP
                        May 21, 2024 16:39:00.075273991 CEST497381283192.168.2.4176.67.83.30
                        May 21, 2024 16:39:00.080286980 CEST128349738176.67.83.30192.168.2.4
                        May 21, 2024 16:39:00.080368996 CEST497381283192.168.2.4176.67.83.30
                        May 21, 2024 16:39:21.485315084 CEST128349738176.67.83.30192.168.2.4
                        May 21, 2024 16:39:21.485440016 CEST497381283192.168.2.4176.67.83.30
                        May 21, 2024 16:39:31.483042002 CEST497391283192.168.2.4176.67.83.30
                        May 21, 2024 16:39:31.488018036 CEST128349739176.67.83.30192.168.2.4
                        May 21, 2024 16:39:31.488126993 CEST497391283192.168.2.4176.67.83.30
                        May 21, 2024 16:39:52.850025892 CEST128349739176.67.83.30192.168.2.4
                        May 21, 2024 16:39:52.850178957 CEST497391283192.168.2.4176.67.83.30
                        May 21, 2024 16:39:58.887217045 CEST497401283192.168.2.4176.67.83.30
                        May 21, 2024 16:39:58.933902025 CEST128349740176.67.83.30192.168.2.4
                        May 21, 2024 16:39:58.935529947 CEST497401283192.168.2.4176.67.83.30
                        TimestampSource PortDest PortSource IPDest IP
                        May 21, 2024 16:38:59.747541904 CEST5449553192.168.2.41.1.1.1
                        May 21, 2024 16:39:00.072156906 CEST53544951.1.1.1192.168.2.4
                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        May 21, 2024 16:38:59.747541904 CEST192.168.2.41.1.1.10x673Standard query (0)dns.dobiamfollollc.onlineA (IP address)IN (0x0001)false
                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        May 21, 2024 16:39:00.072156906 CEST1.1.1.1192.168.2.40x673No error (0)dns.dobiamfollollc.online176.67.83.30A (IP address)IN (0x0001)false

                        Click to jump to process

                        Click to jump to process

                        Click to dive into process behavior distribution

                        Click to jump to process

                        Target ID:0
                        Start time:10:37:54
                        Start date:21/05/2024
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe"
                        Imagebase:0xbf0000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000000.00000002.1646627649.0000000002F91000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        Target ID:1
                        Start time:10:37:54
                        Start date:21/05/2024
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0x6a0000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Target ID:2
                        Start time:10:37:54
                        Start date:21/05/2024
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0x6e0000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        Target ID:3
                        Start time:10:37:54
                        Start date:21/05/2024
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0x7d0000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000003.00000002.1631548350.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        Target ID:4
                        Start time:10:37:55
                        Start date:21/05/2024
                        Path:C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe"
                        Imagebase:0x1e0000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000004.00000002.1655942411.0000000002796000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000004.00000002.1655942411.0000000002563000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 66%, ReversingLabs
                        Reputation:low
                        Has exited:true

                        Target ID:5
                        Start time:10:37:55
                        Start date:21/05/2024
                        Path:C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0x70000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:false

                        Target ID:6
                        Start time:10:37:55
                        Start date:21/05/2024
                        Path:C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0x910000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Target ID:8
                        Start time:10:37:56
                        Start date:21/05/2024
                        Path:C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\AppData\Roaming\XenoManager\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0x4e0000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Target ID:10
                        Start time:10:37:56
                        Start date:21/05/2024
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 80
                        Imagebase:0xf70000
                        File size:483'680 bytes
                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Target ID:15
                        Start time:10:38:55
                        Start date:21/05/2024
                        Path:C:\Windows\SysWOW64\schtasks.exe
                        Wow64 process (32bit):true
                        Commandline:"schtasks.exe" /Create /TN "bns" /XML "C:\Users\user\AppData\Local\Temp\tmp6D0A.tmp" /F
                        Imagebase:0x5a0000
                        File size:187'904 bytes
                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Target ID:16
                        Start time:10:38:55
                        Start date:21/05/2024
                        Path:C:\Windows\System32\conhost.exe
                        Wow64 process (32bit):false
                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Imagebase:0x7ff7699e0000
                        File size:862'208 bytes
                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Target ID:17
                        Start time:10:38:57
                        Start date:21/05/2024
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0xbd0000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000011.00000002.2274209658.0000000002DF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        Target ID:18
                        Start time:10:38:58
                        Start date:21/05/2024
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0xf50000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Target ID:19
                        Start time:10:38:58
                        Start date:21/05/2024
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0xa30000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Target ID:20
                        Start time:10:38:58
                        Start date:21/05/2024
                        Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CoinminerX-gen.22200.11178.exe
                        Imagebase:0x30000
                        File size:248'320 bytes
                        MD5 hash:A3F767E76C8C6BAA9A154D576C7BA49D
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Target ID:22
                        Start time:10:38:58
                        Start date:21/05/2024
                        Path:C:\Windows\SysWOW64\WerFault.exe
                        Wow64 process (32bit):true
                        Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 80
                        Imagebase:0xf70000
                        File size:483'680 bytes
                        MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:high
                        Has exited:true

                        Reset < >

                          Execution Graph

                          Execution Coverage:20.5%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:16.6%
                          Total number of Nodes:301
                          Total number of Limit Nodes:8
                          execution_graph 16700 2db4cd0 16701 2db4d1d VirtualProtect 16700->16701 16702 2db4d89 16701->16702 16706 545f538 16707 545f55a 16706->16707 16754 2f6b612 16707->16754 16759 2f6ba72 16707->16759 16767 2f6b1b1 16707->16767 16772 2f6b91c 16707->16772 16777 2f6b0f8 16707->16777 16782 2f6bc86 16707->16782 16787 2f6b5a5 16707->16787 16792 2f6b1e5 16707->16792 16797 2f6b443 16707->16797 16805 2f6beb2 16707->16805 16810 2f6be41 16707->16810 16815 2f6b38d 16707->16815 16820 2f6b96d 16707->16820 16831 2f6b66a 16707->16831 16836 2f6b0e9 16707->16836 16708 545f634 16710 545f694 16708->16710 16841 2f6e0ac 16708->16841 16846 2f6da10 16708->16846 16851 2f6dbb8 16708->16851 16859 2f6e0e6 16708->16859 16864 2f6e765 16708->16864 16869 2f6dd42 16708->16869 16877 2f6df6f 16708->16877 16882 2f6e688 16708->16882 16887 2f6deaf 16708->16887 16892 2f6dae8 16708->16892 16897 2f6da0e 16708->16897 16902 2f6db27 16708->16902 16907 2f6e253 16708->16907 16915 2f6e492 16708->16915 16920 2f6e433 16708->16920 16709 545f6e0 16710->16709 16925 55a0453 16710->16925 16930 55a0af9 16710->16930 16935 55a06d7 16710->16935 16940 55a0e90 16710->16940 16948 55a0742 16710->16948 16953 55a0d30 16710->16953 16961 55a05d6 16710->16961 16966 55a0809 16710->16966 16971 55a0932 16710->16971 16976 55a0ccc 16710->16976 16981 55a01a5 16710->16981 16989 55a00f9 16710->16989 16994 55a0245 16710->16994 16755 2f6b616 16754->16755 17000 2f6d2b0 16755->17000 17004 2f6d2b8 16755->17004 16756 2f6b759 16760 2f6ba7e 16759->16760 17008 2f6c830 16760->17008 17013 2f6c820 16760->17013 16761 2f6bacb 17018 2f6d190 16761->17018 17022 2f6d198 16761->17022 16762 2f6bb09 16768 2f6b183 16767->16768 17034 2f6d091 16768->17034 17038 2f6d098 16768->17038 16769 2f6c025 16769->16708 16773 2f6b928 16772->16773 16775 2f6c830 2 API calls 16773->16775 16776 2f6c820 2 API calls 16773->16776 16774 2f6b944 16775->16774 16776->16774 16778 2f6b12c 16777->16778 16780 2f6d091 NtResumeThread 16778->16780 16781 2f6d098 NtResumeThread 16778->16781 16779 2f6c025 16779->16708 16780->16779 16781->16779 16783 2f6bc92 16782->16783 16785 2f6d091 NtResumeThread 16783->16785 16786 2f6d098 NtResumeThread 16783->16786 16784 2f6bcd1 16785->16784 16786->16784 16788 2f6b5aa 16787->16788 16790 2f6d2b0 NtWriteVirtualMemory 16788->16790 16791 2f6d2b8 NtWriteVirtualMemory 16788->16791 16789 2f6b759 16790->16789 16791->16789 16793 2f6b183 16792->16793 16795 2f6d091 NtResumeThread 16793->16795 16796 2f6d098 NtResumeThread 16793->16796 16794 2f6c025 16794->16708 16795->16794 16796->16794 16798 2f6b44f 16797->16798 16801 2f6d2b0 NtWriteVirtualMemory 16798->16801 16802 2f6d2b8 NtWriteVirtualMemory 16798->16802 16799 2f6b4e9 16803 2f6c830 2 API calls 16799->16803 16804 2f6c820 2 API calls 16799->16804 16800 2f6b537 16801->16799 16802->16799 16803->16800 16804->16800 16806 2f6bebe 16805->16806 17042 2f6d460 16806->17042 17046 2f6d459 16806->17046 16807 2f6bee3 16811 2f6be4d 16810->16811 16813 2f6d460 NtSetContextThread 16811->16813 16814 2f6d459 NtSetContextThread 16811->16814 16812 2f6be72 16813->16812 16814->16812 16816 2f6b39f 16815->16816 16818 2f6c830 2 API calls 16816->16818 16819 2f6c820 2 API calls 16816->16819 16817 2f6b40d 16818->16817 16819->16817 16821 2f6b979 16820->16821 16825 2f6c830 2 API calls 16821->16825 16826 2f6c820 2 API calls 16821->16826 16822 2f6b9d0 16827 2f6d2b0 NtWriteVirtualMemory 16822->16827 16828 2f6d2b8 NtWriteVirtualMemory 16822->16828 16823 2f6ba0c 16829 2f6c830 2 API calls 16823->16829 16830 2f6c820 2 API calls 16823->16830 16824 2f6ba3b 16825->16822 16826->16822 16827->16823 16828->16823 16829->16824 16830->16824 16832 2f6b672 16831->16832 16834 2f6d2b0 NtWriteVirtualMemory 16832->16834 16835 2f6d2b8 NtWriteVirtualMemory 16832->16835 16833 2f6b759 16834->16833 16835->16833 16837 2f6b0f8 16836->16837 16839 2f6d091 NtResumeThread 16837->16839 16840 2f6d098 NtResumeThread 16837->16840 16838 2f6c025 16838->16708 16839->16838 16840->16838 16842 2f6e0b0 16841->16842 16844 2f6d2b0 NtWriteVirtualMemory 16842->16844 16845 2f6d2b8 NtWriteVirtualMemory 16842->16845 16843 2f6e18c 16844->16843 16845->16843 16847 2f6da44 16846->16847 16849 2f6d091 NtResumeThread 16847->16849 16850 2f6d098 NtResumeThread 16847->16850 16848 2f6e937 16848->16710 16849->16848 16850->16848 16852 2f6dbc4 16851->16852 17050 2f6eb67 16852->17050 17055 2f6eb78 16852->17055 16853 2f6dc11 16857 2f6d190 VirtualAllocEx 16853->16857 16858 2f6d198 VirtualAllocEx 16853->16858 16854 2f6dc4f 16857->16854 16858->16854 16860 2f6e0f2 16859->16860 16862 2f6d2b0 NtWriteVirtualMemory 16860->16862 16863 2f6d2b8 NtWriteVirtualMemory 16860->16863 16861 2f6e18c 16862->16861 16863->16861 16865 2f6e77a 16864->16865 16867 2f6eb67 2 API calls 16865->16867 16868 2f6eb78 2 API calls 16865->16868 16866 2f6e796 16867->16866 16868->16866 16870 2f6dd5a 16869->16870 16873 2f6eb67 2 API calls 16870->16873 16874 2f6eb78 2 API calls 16870->16874 16871 2f6de3d 16875 2f6d2b0 NtWriteVirtualMemory 16871->16875 16876 2f6d2b8 NtWriteVirtualMemory 16871->16876 16872 2f6de79 16873->16871 16874->16871 16875->16872 16876->16872 16878 2f6df9a 16877->16878 16880 2f6eb67 2 API calls 16878->16880 16881 2f6eb78 2 API calls 16878->16881 16879 2f6dfb6 16880->16879 16881->16879 16883 2f6e6a0 16882->16883 16885 2f6d460 NtSetContextThread 16883->16885 16886 2f6d459 NtSetContextThread 16883->16886 16884 2f6e74e 16885->16884 16886->16884 16888 2f6debb 16887->16888 16890 2f6d460 NtSetContextThread 16888->16890 16891 2f6d459 NtSetContextThread 16888->16891 16889 2f6dee0 16890->16889 16891->16889 16893 2f6daba 16892->16893 16893->16892 16895 2f6d091 NtResumeThread 16893->16895 16896 2f6d098 NtResumeThread 16893->16896 16894 2f6e937 16894->16710 16895->16894 16896->16894 16898 2f6da10 16897->16898 16900 2f6d091 NtResumeThread 16898->16900 16901 2f6d098 NtResumeThread 16898->16901 16899 2f6e937 16899->16710 16900->16899 16901->16899 16903 2f6daba 16902->16903 16905 2f6d091 NtResumeThread 16903->16905 16906 2f6d098 NtResumeThread 16903->16906 16904 2f6e937 16904->16710 16905->16904 16906->16904 16908 2f6e25f 16907->16908 16913 2f6eb67 2 API calls 16908->16913 16914 2f6eb78 2 API calls 16908->16914 16909 2f6e27b 16911 2f6d091 NtResumeThread 16909->16911 16912 2f6d098 NtResumeThread 16909->16912 16910 2f6e36b 16911->16910 16912->16910 16913->16909 16914->16909 16916 2f6e4ae 16915->16916 16918 2f6d2b0 NtWriteVirtualMemory 16916->16918 16919 2f6d2b8 NtWriteVirtualMemory 16916->16919 16917 2f6e536 16918->16917 16919->16917 16921 2f6e43f 16920->16921 16923 2f6eb67 2 API calls 16921->16923 16924 2f6eb78 2 API calls 16921->16924 16922 2f6e45b 16923->16922 16924->16922 16926 55a046b 16925->16926 16928 2f6d460 NtSetContextThread 16926->16928 16929 2f6d459 NtSetContextThread 16926->16929 16927 55a0519 16928->16927 16929->16927 16931 55a0b05 16930->16931 16933 2f6d091 NtResumeThread 16931->16933 16934 2f6d098 NtResumeThread 16931->16934 16932 55a0b44 16933->16932 16934->16932 16936 55a06e3 16935->16936 16938 2f6d091 NtResumeThread 16936->16938 16939 2f6d098 NtResumeThread 16936->16939 16937 55a0721 16938->16937 16939->16937 16941 55a0e9c 16940->16941 17060 55a1210 16941->17060 17065 55a1200 16941->17065 16942 55a0ef3 16946 2f6d2b0 NtWriteVirtualMemory 16942->16946 16947 2f6d2b8 NtWriteVirtualMemory 16942->16947 16943 55a0f2f 16946->16943 16947->16943 16949 55a074e 16948->16949 16951 2f6d2b0 NtWriteVirtualMemory 16949->16951 16952 2f6d2b8 NtWriteVirtualMemory 16949->16952 16950 55a07e8 16951->16950 16952->16950 16954 55a0d3c 16953->16954 16957 55a1210 2 API calls 16954->16957 16958 55a1200 2 API calls 16954->16958 16955 55a0d89 16959 2f6d190 VirtualAllocEx 16955->16959 16960 2f6d198 VirtualAllocEx 16955->16960 16956 55a0dc7 16957->16955 16958->16955 16959->16956 16960->16956 16962 55a05e8 16961->16962 17070 2f6c245 16962->17070 17074 2f6c250 16962->17074 16967 55a0815 16966->16967 16969 2f6d460 NtSetContextThread 16967->16969 16970 2f6d459 NtSetContextThread 16967->16970 16968 55a083a 16969->16968 16970->16968 16972 55a094e 16971->16972 16974 2f6d2b0 NtWriteVirtualMemory 16972->16974 16975 2f6d2b8 NtWriteVirtualMemory 16972->16975 16973 55a09d6 16974->16973 16975->16973 16977 55a0cd8 16976->16977 16979 55a1210 2 API calls 16977->16979 16980 55a1200 2 API calls 16977->16980 16978 55a0cf4 16979->16978 16980->16978 16982 55a01ba 16981->16982 16987 55a1210 2 API calls 16982->16987 16988 55a1200 2 API calls 16982->16988 16983 55a01d6 16985 55a1210 2 API calls 16983->16985 16986 55a1200 2 API calls 16983->16986 16984 55a021a 16985->16984 16986->16984 16987->16983 16988->16983 16990 55a0124 16989->16990 16992 55a1210 2 API calls 16990->16992 16993 55a1200 2 API calls 16990->16993 16991 55a00cb 16991->16710 16992->16991 16993->16991 16995 55a024e 16994->16995 16996 55a01e7 16994->16996 16998 55a1210 2 API calls 16996->16998 16999 55a1200 2 API calls 16996->16999 16997 55a021a 16998->16997 16999->16997 17001 2f6d301 NtWriteVirtualMemory 17000->17001 17003 2f6d39a 17001->17003 17003->16756 17005 2f6d301 NtWriteVirtualMemory 17004->17005 17007 2f6d39a 17005->17007 17007->16756 17010 2f6c854 17008->17010 17009 2f6c8fd 17009->16761 17010->17009 17026 2f6cee0 17010->17026 17030 2f6cedc 17010->17030 17015 2f6c830 17013->17015 17014 2f6c8fd 17014->16761 17015->17014 17016 2f6cee0 NtReadVirtualMemory 17015->17016 17017 2f6cedc NtReadVirtualMemory 17015->17017 17016->17015 17017->17015 17019 2f6d198 VirtualAllocEx 17018->17019 17021 2f6d254 17019->17021 17021->16762 17023 2f6d1dc VirtualAllocEx 17022->17023 17025 2f6d254 17023->17025 17025->16762 17027 2f6cf2c NtReadVirtualMemory 17026->17027 17029 2f6cfa4 17027->17029 17029->17010 17031 2f6cee0 NtReadVirtualMemory 17030->17031 17033 2f6cfa4 17031->17033 17033->17010 17035 2f6d098 NtResumeThread 17034->17035 17037 2f6d133 17035->17037 17037->16769 17039 2f6d0dc NtResumeThread 17038->17039 17041 2f6d133 17039->17041 17041->16769 17043 2f6d4a9 NtSetContextThread 17042->17043 17045 2f6d521 17043->17045 17045->16807 17047 2f6d460 NtSetContextThread 17046->17047 17049 2f6d521 17047->17049 17049->16807 17052 2f6eb9c 17050->17052 17051 2f6ec45 17051->16853 17052->17051 17053 2f6cee0 NtReadVirtualMemory 17052->17053 17054 2f6cedc NtReadVirtualMemory 17052->17054 17053->17052 17054->17052 17057 2f6eb9c 17055->17057 17056 2f6ec45 17056->16853 17057->17056 17058 2f6cee0 NtReadVirtualMemory 17057->17058 17059 2f6cedc NtReadVirtualMemory 17057->17059 17058->17057 17059->17057 17061 55a1234 17060->17061 17062 55a127a 17061->17062 17063 2f6cee0 NtReadVirtualMemory 17061->17063 17064 2f6cedc NtReadVirtualMemory 17061->17064 17062->16942 17063->17061 17064->17061 17067 55a1234 17065->17067 17066 55a127a 17066->16942 17067->17066 17068 2f6cee0 NtReadVirtualMemory 17067->17068 17069 2f6cedc NtReadVirtualMemory 17067->17069 17068->17067 17069->17067 17072 2f6c2e0 CreateProcessW 17070->17072 17073 2f6c6b4 17072->17073 17075 2f6c2e0 CreateProcessW 17074->17075 17077 2f6c6b4 17075->17077

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 132 2dbead0-2dbeaf5 133 2dbeafc-2dbeb38 132->133 134 2dbeaf7 132->134 136 2dbeb40-2dbeb42 133->136 134->133 137 2dbeb45 136->137 138 2dbeb4c-2dbeb68 137->138 139 2dbeb6a 138->139 140 2dbeb71-2dbeb72 138->140 139->137 139->140 141 2dbebdb-2dbebe8 139->141 142 2dbee1a-2dbee3a 139->142 143 2dbeeda-2dbeee1 139->143 144 2dbedb9-2dbedc5 139->144 145 2dbee58-2dbee86 139->145 146 2dbee3f-2dbee53 139->146 147 2dbed3e-2dbed4a 139->147 148 2dbec1d-2dbec2f 139->148 149 2dbecd1-2dbece8 139->149 150 2dbeb77-2dbeb95 139->150 151 2dbeb97-2dbeba9 139->151 152 2dbec34-2dbec40 139->152 153 2dbee8b-2dbeea0 139->153 154 2dbed6b-2dbed7d 139->154 155 2dbebab-2dbebaf 139->155 156 2dbebed-2dbebf1 139->156 157 2dbeded-2dbedf9 139->157 158 2dbeced-2dbecf9 139->158 159 2dbed82-2dbed8e 139->159 160 2dbeca1-2dbeca5 139->160 161 2dbec85-2dbec9c 139->161 162 2dbeea5-2dbeeae 139->162 140->143 141->138 142->138 177 2dbedcc-2dbede8 144->177 178 2dbedc7 144->178 145->138 146->138 169 2dbed4c 147->169 170 2dbed51-2dbed66 147->170 148->138 149->138 150->138 151->138 173 2dbec42 152->173 174 2dbec47-2dbec5d 152->174 153->138 154->138 165 2dbebc2-2dbebc9 155->165 166 2dbebb1-2dbebc0 155->166 167 2dbebf3-2dbec02 156->167 168 2dbec04-2dbec0b 156->168 181 2dbedfb 157->181 182 2dbee00-2dbee15 157->182 163 2dbecfb 158->163 164 2dbed00-2dbed16 158->164 175 2dbed90 159->175 176 2dbed95-2dbedb4 159->176 179 2dbecb8-2dbecbf 160->179 180 2dbeca7-2dbecb6 160->180 161->138 171 2dbeec1-2dbeec8 162->171 172 2dbeeb0-2dbeebf 162->172 163->164 196 2dbed18 164->196 197 2dbed1d-2dbed39 164->197 185 2dbebd0-2dbebd6 165->185 166->185 187 2dbec12-2dbec18 167->187 168->187 169->170 170->138 188 2dbeecf-2dbeed5 171->188 172->188 173->174 199 2dbec5f 174->199 200 2dbec64-2dbec80 174->200 175->176 176->138 177->138 178->177 189 2dbecc6-2dbeccc 179->189 180->189 181->182 182->138 185->138 187->138 188->138 189->138 196->197 197->138 199->200 200->138
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: Up|q$7B$7B$+n$+n
                          • API String ID: 0-253064779
                          • Opcode ID: 1b96dba7223a5f52fd0a102ebf780e71b89f23622e0f19a570b81478b73fabcc
                          • Instruction ID: d944daefcc0517bf83a072c18bd7e0de3211b292b0f059edf493e718fb3e933b
                          • Opcode Fuzzy Hash: 1b96dba7223a5f52fd0a102ebf780e71b89f23622e0f19a570b81478b73fabcc
                          • Instruction Fuzzy Hash: 8ED1F674D0420ADFDB05CF95C5958EEFBB2FF88300B649655D416AB314D734AA42CF98

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 314 2db58b0-2db58d0 315 2db58d2-2db590c 314->315 316 2db5927-2db595b 314->316 317 2db595e-2db5973 315->317 324 2db590e-2db5924 315->324 316->317 319 2db597a-2db59c6 call 2db0158 317->319 320 2db5975 317->320 326 2db59c9 319->326 320->319 324->316 327 2db59d0-2db59ec 326->327 328 2db59ee 327->328 329 2db59f5-2db59f6 327->329 328->326 328->329 330 2db59fb-2db5a16 328->330 331 2db5a3a-2db5a3e 328->331 332 2db5bb8-2db5bd7 328->332 333 2db5a18-2db5a1e 328->333 334 2db5b7f-2db5bb3 328->334 335 2db5bdc-2db5c10 328->335 336 2db5b33-2db5b4a 328->336 337 2db5c15-2db5c93 call 2db0168 328->337 338 2db5a6a-2db5a7c 328->338 339 2db5b4f-2db5b53 328->339 340 2db5acc-2db5afb 328->340 341 2db5a81-2db5a99 328->341 342 2db5b00-2db5b0d 328->342 329->337 330->327 345 2db5a51-2db5a58 331->345 346 2db5a40-2db5a4f 331->346 332->327 370 2db5a20 call 2db61b8 333->370 371 2db5a20 call 2db61a8 333->371 334->327 335->327 336->327 367 2db5c95 call 2db71ae 337->367 368 2db5c95 call 2db6b90 337->368 369 2db5c95 call 2db6ba0 337->369 338->327 343 2db5b66-2db5b6d 339->343 344 2db5b55-2db5b64 339->344 340->327 358 2db5a9b-2db5aaa 341->358 359 2db5aac-2db5ab3 341->359 372 2db5b10 call 2db5cf8 342->372 373 2db5b10 call 2db5ce8 342->373 352 2db5b74-2db5b7a 343->352 344->352 347 2db5a5f-2db5a65 345->347 346->347 347->327 352->327 356 2db5a26-2db5a38 356->327 361 2db5aba-2db5ac7 358->361 359->361 361->327 362 2db5b16-2db5b2e 362->327 366 2db5c9b-2db5ca5 367->366 368->366 369->366 370->356 371->356 372->362 373->362
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tedq$Tedq$+
                          • API String ID: 0-287916069
                          • Opcode ID: e7e1abe80b263bcf3264436142b8395d5bd6b83ac64291f0f47fb96a5997981f
                          • Instruction ID: abaab1c6ca898cf63331fc039497cfcaf58d02e6298fae8e3d9044c28db7c69c
                          • Opcode Fuzzy Hash: e7e1abe80b263bcf3264436142b8395d5bd6b83ac64291f0f47fb96a5997981f
                          • Instruction Fuzzy Hash: 16D126B4E04249DFDB05CFA6D894AEEBBB2FF8A300F60856AD445AB354D7319901CF64

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 522 5459fa0-5459fc3 523 5459fc5 522->523 524 5459fca-545a016 522->524 523->524 527 545a019 524->527 528 545a020-545a03c 527->528 529 545a045-545a046 528->529 530 545a03e 528->530 537 545a255-545a2d3 529->537 530->527 530->529 531 545a1c1-545a1f5 530->531 532 545a080-545a084 530->532 533 545a108-545a137 530->533 534 545a188-545a1bc 530->534 535 545a04b-545a050 530->535 536 545a0d5-545a103 530->536 530->537 538 545a0b0-545a0b6 530->538 539 545a13c-545a153 530->539 540 545a23e-545a250 530->540 541 545a21e-545a239 530->541 542 545a158-545a15c 530->542 543 545a1fa-545a219 530->543 531->528 546 545a097-545a09e 532->546 547 545a086-545a095 532->547 533->528 534->528 544 545a063-545a06a 535->544 545 545a052-545a061 535->545 536->528 565 545a2db-545a2e5 537->565 558 545a0be-545a0d0 538->558 539->528 540->528 541->528 548 545a16f-545a176 542->548 549 545a15e-545a16d 542->549 543->528 554 545a071-545a07e 544->554 545->554 556 545a0a5-545a0ab 546->556 547->556 550 545a17d-545a183 548->550 549->550 550->528 554->528 556->528 558->528
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tedq$Tedq
                          • API String ID: 0-4137347946
                          • Opcode ID: fa12e9c49378017b57a3e171b6ef22ca147a5cc80e9746a1a371a8d0e9293f18
                          • Instruction ID: 518c83c998d7eb01a143087fa490ec39688af4430bbd7cecf896d60f32754404
                          • Opcode Fuzzy Hash: fa12e9c49378017b57a3e171b6ef22ca147a5cc80e9746a1a371a8d0e9293f18
                          • Instruction Fuzzy Hash: 80B1D2B4E14219CFDB04CFAAC9809EEBBB2BF88311F20952AD816BB355D7359901CF54

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 668 2f6b0f8-2f6b12a 669 2f6b131-2f6b1a2 668->669 670 2f6b12c 668->670 672 2f6b1a4 669->672 673 2f6b1ab-2f6bfe5 669->673 670->669 672->673 675 2f6bfe7 673->675 676 2f6bfec-2f6c020 673->676 675->676 686 2f6c023 call 2f6d091 676->686 687 2f6c023 call 2f6d098 676->687 678 2f6c025-2f6c0a9 680 2f6c0aa 678->680 681 2f6c0b4-2f6c0d3 680->681 682 2f6c0d5 681->682 683 2f6c0dc-2f6c0dd 681->683 682->680 684 2f6c103-2f6c10d 682->684 685 2f6c0df-2f6c101 682->685 683->684 683->685 685->681 686->678 687->678
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: &\zE$&\zE
                          • API String ID: 0-87988005
                          • Opcode ID: 190e3a0e4864c1556b241e912006b6bff788cfc48b730f66e44ba34b6fd50463
                          • Instruction ID: e8321460c8a5cb76ace48530b9f2c8fbb029b7c9308ea8c6eb6f3026a0906bc0
                          • Opcode Fuzzy Hash: 190e3a0e4864c1556b241e912006b6bff788cfc48b730f66e44ba34b6fd50463
                          • Instruction Fuzzy Hash: B7412971E052288BDB18CF6AC9446EEFBF6EBC9340F14C1AAD948A7214DB305A91CF40

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 735 2f6c250-2f6c30a 737 2f6c3c2-2f6c3d7 735->737 738 2f6c310-2f6c34b 735->738 739 2f6c487-2f6c48b 737->739 740 2f6c3dd-2f6c423 737->740 752 2f6c383-2f6c394 738->752 753 2f6c34d-2f6c355 738->753 741 2f6c4d5-2f6c526 739->741 742 2f6c48d-2f6c4cf 739->742 758 2f6c425-2f6c42d 740->758 759 2f6c461-2f6c46c 740->759 745 2f6c5de-2f6c5f0 741->745 746 2f6c52c-2f6c567 741->746 742->741 749 2f6c5f2-2f6c60a 745->749 750 2f6c60d-2f6c61f 745->750 778 2f6c59f-2f6c5b0 746->778 779 2f6c569-2f6c571 746->779 749->750 755 2f6c621-2f6c639 750->755 756 2f6c63c-2f6c6b2 CreateProcessW 750->756 768 2f6c39a-2f6c3ba 752->768 760 2f6c357-2f6c361 753->760 761 2f6c378-2f6c381 753->761 755->756 762 2f6c6b4-2f6c6ba 756->762 763 2f6c6bb-2f6c6fc 756->763 764 2f6c450-2f6c45f 758->764 765 2f6c42f-2f6c439 758->765 776 2f6c472-2f6c481 759->776 766 2f6c365-2f6c374 760->766 767 2f6c363 760->767 761->768 762->763 781 2f6c713-2f6c72a 763->781 782 2f6c6fe-2f6c70d 763->782 764->776 773 2f6c43d-2f6c44c 765->773 774 2f6c43b 765->774 766->766 775 2f6c376 766->775 767->766 768->737 773->773 783 2f6c44e 773->783 774->773 775->761 776->739 786 2f6c5b6-2f6c5d6 778->786 784 2f6c594-2f6c59d 779->784 785 2f6c573-2f6c57d 779->785 793 2f6c743-2f6c753 781->793 794 2f6c72c-2f6c738 781->794 782->781 783->764 784->786 788 2f6c581-2f6c590 785->788 789 2f6c57f 785->789 786->745 788->788 792 2f6c592 788->792 789->788 792->784 795 2f6c755-2f6c764 793->795 796 2f6c76a-2f6c7ad 793->796 794->793 795->796 801 2f6c7af-2f6c7b3 796->801 802 2f6c7bd-2f6c7c1 796->802 801->802 803 2f6c7b5-2f6c7b8 call 2f60768 801->803 804 2f6c7c3-2f6c7c7 802->804 805 2f6c7d1-2f6c7d5 802->805 803->802 804->805 807 2f6c7c9-2f6c7cc call 2f60768 804->807 808 2f6c7d7-2f6c7db 805->808 809 2f6c7e5 805->809 807->805 808->809 811 2f6c7dd-2f6c7e0 call 2f60768 808->811 812 2f6c7e6 809->812 811->809 812->812
                          APIs
                          • CreateProcessW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?), ref: 02F6C69F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 9670d58a3687e668ec77ff7788c733bd1823f4414728594fb58926eff1489edd
                          • Instruction ID: b34a1e8c05f32e39368b8718dca607c986e3681eed5a770819923d0351c268ad
                          • Opcode Fuzzy Hash: 9670d58a3687e668ec77ff7788c733bd1823f4414728594fb58926eff1489edd
                          • Instruction Fuzzy Hash: 7502D270E012288FDB64CFA9C888BADBBB1FF49304F1091AAD559B7350DB349A85CF54

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 814 2f6c245-2f6c30a 816 2f6c3c2-2f6c3d7 814->816 817 2f6c310-2f6c34b 814->817 818 2f6c487-2f6c48b 816->818 819 2f6c3dd-2f6c423 816->819 831 2f6c383-2f6c394 817->831 832 2f6c34d-2f6c355 817->832 820 2f6c4d5-2f6c526 818->820 821 2f6c48d-2f6c4cf 818->821 837 2f6c425-2f6c42d 819->837 838 2f6c461-2f6c46c 819->838 824 2f6c5de-2f6c5f0 820->824 825 2f6c52c-2f6c567 820->825 821->820 828 2f6c5f2-2f6c60a 824->828 829 2f6c60d-2f6c61f 824->829 857 2f6c59f-2f6c5b0 825->857 858 2f6c569-2f6c571 825->858 828->829 834 2f6c621-2f6c639 829->834 835 2f6c63c-2f6c6b2 CreateProcessW 829->835 847 2f6c39a-2f6c3ba 831->847 839 2f6c357-2f6c361 832->839 840 2f6c378-2f6c381 832->840 834->835 841 2f6c6b4-2f6c6ba 835->841 842 2f6c6bb-2f6c6fc 835->842 843 2f6c450-2f6c45f 837->843 844 2f6c42f-2f6c439 837->844 855 2f6c472-2f6c481 838->855 845 2f6c365-2f6c374 839->845 846 2f6c363 839->846 840->847 841->842 860 2f6c713-2f6c72a 842->860 861 2f6c6fe-2f6c70d 842->861 843->855 852 2f6c43d-2f6c44c 844->852 853 2f6c43b 844->853 845->845 854 2f6c376 845->854 846->845 847->816 852->852 862 2f6c44e 852->862 853->852 854->840 855->818 865 2f6c5b6-2f6c5d6 857->865 863 2f6c594-2f6c59d 858->863 864 2f6c573-2f6c57d 858->864 872 2f6c743-2f6c753 860->872 873 2f6c72c-2f6c738 860->873 861->860 862->843 863->865 867 2f6c581-2f6c590 864->867 868 2f6c57f 864->868 865->824 867->867 871 2f6c592 867->871 868->867 871->863 874 2f6c755-2f6c764 872->874 875 2f6c76a-2f6c7ad 872->875 873->872 874->875 880 2f6c7af-2f6c7b3 875->880 881 2f6c7bd-2f6c7c1 875->881 880->881 882 2f6c7b5-2f6c7b8 call 2f60768 880->882 883 2f6c7c3-2f6c7c7 881->883 884 2f6c7d1-2f6c7d5 881->884 882->881 883->884 886 2f6c7c9-2f6c7cc call 2f60768 883->886 887 2f6c7d7-2f6c7db 884->887 888 2f6c7e5 884->888 886->884 887->888 890 2f6c7dd-2f6c7e0 call 2f60768 887->890 891 2f6c7e6 888->891 890->888 891->891
                          APIs
                          • CreateProcessW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?), ref: 02F6C69F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: e72666032b7135bc20d82fbc9ddba3b582cebab5ae77e1b225e76acedb7f754d
                          • Instruction ID: 804895745f38e8c624bbd3955b8781341b8c7b046d9970105b814c86f82db8fe
                          • Opcode Fuzzy Hash: e72666032b7135bc20d82fbc9ddba3b582cebab5ae77e1b225e76acedb7f754d
                          • Instruction Fuzzy Hash: AFF1D2B4E012188FDB24CFA9C888BADBBB1FF49304F1491AAD559B7350DB349985CF54
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02F6D388
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID:
                          • API String ID: 3527976591-0
                          • Opcode ID: 296a3176a46dd3a871ae2407cc313e9feb8a6c60cd1cee909e443c36a02701ca
                          • Instruction ID: ec728b260ec7fc47c37d356d1e2dbe6d1f5cbd8ead4e167623e9312dfeb45aeb
                          • Opcode Fuzzy Hash: 296a3176a46dd3a871ae2407cc313e9feb8a6c60cd1cee909e443c36a02701ca
                          • Instruction Fuzzy Hash: 8E41AAB4E012589FCF00CFA9D985AEEFBF1FB49314F24902AE818B7250D334AA45CB54
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 02F6D388
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID:
                          • API String ID: 3527976591-0
                          • Opcode ID: 2d51d19d30960903c8bbfdb274f0757baeb3c1ee4c057a492d230bbe6d662f26
                          • Instruction ID: 35e8989af24d1837de3cc53d5c9eec8c390223a8a144822427c1fd7f562f32be
                          • Opcode Fuzzy Hash: 2d51d19d30960903c8bbfdb274f0757baeb3c1ee4c057a492d230bbe6d662f26
                          • Instruction Fuzzy Hash: 30419AB5E012589FCF00CFA9D984AEEFBF1FB49314F14902AE418B7250D735AA45CB54
                          APIs
                          • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02F6CF92
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: MemoryReadVirtual
                          • String ID:
                          • API String ID: 2834387570-0
                          • Opcode ID: 4fbda8ad4a1e424538465b291ab8111f697b92a64a61f0fb790df5fb32eee08e
                          • Instruction ID: e32bb8b4940327d90e1a4d03a784e94ed9f7a4c36ca63fa2481003cbb445f513
                          • Opcode Fuzzy Hash: 4fbda8ad4a1e424538465b291ab8111f697b92a64a61f0fb790df5fb32eee08e
                          • Instruction Fuzzy Hash: 6D41AAB9D042589FCF00CFAAD885AEEFBB1FB49310F14942AE855B7240D735A945CF64
                          APIs
                          • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 02F6CF92
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: MemoryReadVirtual
                          • String ID:
                          • API String ID: 2834387570-0
                          • Opcode ID: 377913be99bbe96133b070b4b63329be90ca9b9381b0d15373e72185bf11795f
                          • Instruction ID: aabc9fe39470805842e5c6f60967a9645a1c8812a7b78eca4ecd68d7597bce6b
                          • Opcode Fuzzy Hash: 377913be99bbe96133b070b4b63329be90ca9b9381b0d15373e72185bf11795f
                          • Instruction Fuzzy Hash: 7141A9B5D042589FCF00CFAAD884AEEFBB1FB49310F10942AE855B7240D735A945CF64
                          APIs
                          • NtSetContextThread.NTDLL(?,?), ref: 02F6D50F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ContextThread
                          • String ID:
                          • API String ID: 1591575202-0
                          • Opcode ID: 8120fed02aee1cbcc5a4775f569b2fccc6fe55017524debfc39d178efedb028e
                          • Instruction ID: 7e9eebcb3a13eb0b60454b52734991b5f6be9a2b8b90ac121f2e53952e3cf755
                          • Opcode Fuzzy Hash: 8120fed02aee1cbcc5a4775f569b2fccc6fe55017524debfc39d178efedb028e
                          • Instruction Fuzzy Hash: 7841BAB4E002589FCB14DFAAD985AEEBBF1EB49314F14802AE418B7240D738AA45CF54
                          APIs
                          • NtSetContextThread.NTDLL(?,?), ref: 02F6D50F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ContextThread
                          • String ID:
                          • API String ID: 1591575202-0
                          • Opcode ID: 342ab38f7cd167b58ad831e4be5161c92c5e7480bedf62e1cc3274fb3a8496a9
                          • Instruction ID: eb88f3faac937a862ce1d636e2da11945b4e46370919e260af6446f9b3e3ae9f
                          • Opcode Fuzzy Hash: 342ab38f7cd167b58ad831e4be5161c92c5e7480bedf62e1cc3274fb3a8496a9
                          • Instruction Fuzzy Hash: BD31ACB5E012589FCB14DFAAD984AEEFBF1FB49314F14802AE419B7240D738A945CF54
                          APIs
                          • NtResumeThread.NTDLL(?,?), ref: 02F6D121
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: d4f62c8d48c34096815a914f9fd7b17f1280724ec6c6285c887b6330e205fc08
                          • Instruction ID: b728139685e8101ffae2874689fdc878f574ab382ccb2fc7c3a7e9c0a432866a
                          • Opcode Fuzzy Hash: d4f62c8d48c34096815a914f9fd7b17f1280724ec6c6285c887b6330e205fc08
                          • Instruction Fuzzy Hash: 9C31B9B4E012189FDB10CFA9E984AEEFBF1EB49320F10942AE815B7200C775A9458B94
                          APIs
                          • NtResumeThread.NTDLL(?,?), ref: 02F6D121
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 74886135d9fedaae499fd4873c465ff78e801b677b77dbf06db8b89178314f3d
                          • Instruction ID: bb637263897e7cac7dd03aa0490f3a753c7d3bdf3eca11e46f2f08eaa93fb2f6
                          • Opcode Fuzzy Hash: 74886135d9fedaae499fd4873c465ff78e801b677b77dbf06db8b89178314f3d
                          • Instruction Fuzzy Hash: 6831A9B4E012189FDB10CFA9D984A9EFBF5FB49310F10942AE815B7340C775A945CF94
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: <
                          • API String ID: 0-4251816714
                          • Opcode ID: ad9ca2a7b100df7cc6ef2c9f7f5e58424cbc5fa241a940f725fe385bd872e69a
                          • Instruction ID: a27d08c09baf12b5f50b1af1cdb890be9033542833c644338532fed3571bba4b
                          • Opcode Fuzzy Hash: ad9ca2a7b100df7cc6ef2c9f7f5e58424cbc5fa241a940f725fe385bd872e69a
                          • Instruction Fuzzy Hash: 7E912971E04659CFDB55CFAAC8A46DDBFF2EF89310F1480A9D848AB215DB345986CF10
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: <
                          • API String ID: 0-4251816714
                          • Opcode ID: 2a42d9b9dd0a714567a127ae5294668eb86337303e93fce115c2601eb827a17f
                          • Instruction ID: 5407297b51c037c918017cc1e52577e3ca664c9dd526abe34c7a805a3133b998
                          • Opcode Fuzzy Hash: 2a42d9b9dd0a714567a127ae5294668eb86337303e93fce115c2601eb827a17f
                          • Instruction Fuzzy Hash: 1371C471E01659CFDB59CFAAC8546DDBBF2BF89300F14C0AAD408AB225EB345A85CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: l)F
                          • API String ID: 0-2224871270
                          • Opcode ID: 1a68288e9785531cb3786e66096e6ca034d2f75438c69c5e2756510a06bf1acd
                          • Instruction ID: 35b905ea7b58d2c681c74389aa14368217b9a8ddabed06172c17178afb32ab45
                          • Opcode Fuzzy Hash: 1a68288e9785531cb3786e66096e6ca034d2f75438c69c5e2756510a06bf1acd
                          • Instruction Fuzzy Hash: 9D51CA75E042198FDB54CF69C944BAAFBB2EF89310F14C0AAD90DA7315DB315A81CF41
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: p
                          • API String ID: 0-2181537457
                          • Opcode ID: 6a9ef4ac070c78dbd759e7f30c97befc2b6b9abb26e94293dd2c8898ec456f9b
                          • Instruction ID: bcbd939b2a49f0c4632fc44cc8850bb4b9a04fbefbc2d066b369e0be95416026
                          • Opcode Fuzzy Hash: 6a9ef4ac070c78dbd759e7f30c97befc2b6b9abb26e94293dd2c8898ec456f9b
                          • Instruction Fuzzy Hash: 1E41C575E00219CFEB58DFAAD850B9EBBB7AFC8300F14C0AAD409A6254DB305A45CF61
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0081e4d737258c84b16567ffa5153af9bc97ac41a8d569f2fbf97a86f8712a8b
                          • Instruction ID: e9a20e435ab54525477ffd594ee6dc7d687e22a7f13bd61125c2181b7f474a9a
                          • Opcode Fuzzy Hash: 0081e4d737258c84b16567ffa5153af9bc97ac41a8d569f2fbf97a86f8712a8b
                          • Instruction Fuzzy Hash: FBD10A70D0520ADFCB04CFA9C5818EEFBB2FF89310B24D556D916AB255D734AA82CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 61495171af0cd00e8b391a77cc81f99ba4b440e966a304d73221c4cb94004bbb
                          • Instruction ID: b6277349124af6a69025bb2a05b37c5d1253d0c4053c7a94a91b70ea3e748e29
                          • Opcode Fuzzy Hash: 61495171af0cd00e8b391a77cc81f99ba4b440e966a304d73221c4cb94004bbb
                          • Instruction Fuzzy Hash: 15A12375E042198FCB08CFA9D9946DEFBF2FF8A300F14852AD44AAB355EB349841CB54
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f83bbf354b122d387e97447eb44a7fc1064885d7dd999ab219beaf02a145cdbc
                          • Instruction ID: ca13e29ed4b837fef789d1a3a61550c947fc73f100a8312f63e776792f695d96
                          • Opcode Fuzzy Hash: f83bbf354b122d387e97447eb44a7fc1064885d7dd999ab219beaf02a145cdbc
                          • Instruction Fuzzy Hash: 24A1BFB4E15219CFDB18CFA9C954AEEBBB2FF89300F20952AD41AAB354D7349901CF54
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c7463c10d3ff8f40789ef2518046b81bb3f2f0e755399929b9905af39897fd3d
                          • Instruction ID: 5064c2d9db3a19de1ac4bb5431ba703f5f2c6decd51802aa964ed16ec5f8f031
                          • Opcode Fuzzy Hash: c7463c10d3ff8f40789ef2518046b81bb3f2f0e755399929b9905af39897fd3d
                          • Instruction Fuzzy Hash: 2691E175E042198FCB48CFA9D9946AEFBB2FF89300F14D42AD50AA7358EB349841CF54
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fd380a760026a187d4a0665fc83c145c8eac1b2a6d41bcda851b4759d3d5d1e0
                          • Instruction ID: a3dcde2fd8b1126f3e47c9b41e19856686db6256c3c12c05f91ba5d0207d96f5
                          • Opcode Fuzzy Hash: fd380a760026a187d4a0665fc83c145c8eac1b2a6d41bcda851b4759d3d5d1e0
                          • Instruction Fuzzy Hash: 73A1A374E00218DFDB15DFA9D9A4A9DBBF2FF88305F24852AE816AB354DB309941CF50
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 21b44faf8927e5b9c113dcc638fd53e7eb8ff24b4129e9780cdfb637c53dc9b0
                          • Instruction ID: 8e8dfc9bb5c08df5f658198e727474076f762b13961307e920e817edc1fadaf0
                          • Opcode Fuzzy Hash: 21b44faf8927e5b9c113dcc638fd53e7eb8ff24b4129e9780cdfb637c53dc9b0
                          • Instruction Fuzzy Hash: 346138B1D05219DFCB05CFA5C5546EEBBB2BF89300F10892AE416AB394DB349D41CF54
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2b7b7d303dc51f55d42c4703ffc76ffa430d5f5c467408180149b69c9b817753
                          • Instruction ID: c12c984d9a8b69e9b214abf6ca1998531720d299b56a0eb58ff989d4ac89ebeb
                          • Opcode Fuzzy Hash: 2b7b7d303dc51f55d42c4703ffc76ffa430d5f5c467408180149b69c9b817753
                          • Instruction Fuzzy Hash: BE51E0B0E05209CBDB08CFAAD5506AEFBF6BF89200F24D42AD45AA6354D7349A41CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b1c2dfd3aa0f41e83adae8ef6582d507f323430f792bcae80ded0d84854ab659
                          • Instruction ID: e6a72ec4df65b5e7afadebe77e80ec52639e4e7fe9c4ce64f68526bf38d42b11
                          • Opcode Fuzzy Hash: b1c2dfd3aa0f41e83adae8ef6582d507f323430f792bcae80ded0d84854ab659
                          • Instruction Fuzzy Hash: B551E5B0E05209CBDB08CFAAD5506AEFBF2BF89200F64D46AD45AA7354D7349A41CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e31d90496a7540b12912eebbcf7f831aecc4bef385df6703ce0b248fd9063067
                          • Instruction ID: 621a44e8046bba8c1ba8c8a867c4878494b5670a06268a8821f4ed63b8394611
                          • Opcode Fuzzy Hash: e31d90496a7540b12912eebbcf7f831aecc4bef385df6703ce0b248fd9063067
                          • Instruction Fuzzy Hash: A9412271E116188BEB5CCF6B9D4079EFAF7BFC9200F14C1BA950CAA219DB3416868F11
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4a2172063d86cc8650cb8eb1bce40f00e89b16eec8c731a9b01c567220c098a3
                          • Instruction ID: 6febb4a8f1fd1a1ac4db45b496ad58468811043c501c5ac44436ae535c218e54
                          • Opcode Fuzzy Hash: 4a2172063d86cc8650cb8eb1bce40f00e89b16eec8c731a9b01c567220c098a3
                          • Instruction Fuzzy Hash: EF413171E016588BEB5DCF6B8D5079EFAF7AFC8200F14C1BAD50CAA218DB3456418F11
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa43d8745009c44bcb186cb686245bffaed5c94f308ee508ea3482bcfcd17890
                          • Instruction ID: ea2f68ffa035ff337995bce5e5358590bc2a1a68755c90c99484b53965c435dc
                          • Opcode Fuzzy Hash: aa43d8745009c44bcb186cb686245bffaed5c94f308ee508ea3482bcfcd17890
                          • Instruction Fuzzy Hash: FC414171E016588BEB6DCF6B8C4178AFBF7AFC8200F14C5BAD44CAA218DB3416468F11
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 44138cfbc6bed9f370d94e211e4d820ab209650eb2fe7e3d80acfdaf14b9954a
                          • Instruction ID: 9205d6e7e570e4f2a028a20c617d3baa7139fdb271ee247e6dd6aa7cae2b7843
                          • Opcode Fuzzy Hash: 44138cfbc6bed9f370d94e211e4d820ab209650eb2fe7e3d80acfdaf14b9954a
                          • Instruction Fuzzy Hash: 52412071E016588BEB5DCF6B8D4078EFAF7AFC9200F14C1BA954CAA269DB3406468F11
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 48b6022890dcede55b01c6f88642aba88233898be3280d22fbad96b7687cfb9e
                          • Instruction ID: 054459d7bde8a430274a8f2a71c3e983e30740d0a7b3c587a1892c8722562eb6
                          • Opcode Fuzzy Hash: 48b6022890dcede55b01c6f88642aba88233898be3280d22fbad96b7687cfb9e
                          • Instruction Fuzzy Hash: DD21F3B1E006188BEB18CF9AD8547DEFBB2AFC8310F14C16AD509AA358DB341945CF90
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 00cb33563225437ce8129e676de7b4f72d6b92b6ad62b92ea0d12984d5964e7b
                          • Instruction ID: 276c12f6d26eb5a98cdff755a9c3b0f55ca13c7b7c1d7407b45af3e19a11ac9b
                          • Opcode Fuzzy Hash: 00cb33563225437ce8129e676de7b4f72d6b92b6ad62b92ea0d12984d5964e7b
                          • Instruction Fuzzy Hash: CC21B6B1E006588BEB18CFAAD9547DEBBF3AFC8310F14C16AD409A6258DB745945CF50

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 723 54560fa-545619a 728 54561a5-5456202 723->728 732 5456204-5456219 728->732 733 545621b-5456225 728->733 734 545622f-545623b 732->734 733->734
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: XP_$XP_
                          • API String ID: 0-374244083
                          • Opcode ID: 19e8a4e317bb8acdc708b4f59d9e518d6dbe72176a775d5c0aa37276f81fa56e
                          • Instruction ID: a7b2c310e9f3ee1cc185390e8054bbe5a8d12642d74439c928fa2084f100f4c9
                          • Opcode Fuzzy Hash: 19e8a4e317bb8acdc708b4f59d9e518d6dbe72176a775d5c0aa37276f81fa56e
                          • Instruction Fuzzy Hash: 44315F78E01229CFCBA5DF25C988A99BBBABB49311F5091DAD80DA7314DB705EC18F41

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 893 2db4c11-2db4c24 894 2db4c6e-2db4d87 VirtualProtect 893->894 895 2db4c26-2db4c54 893->895 898 2db4d89-2db4d8f 894->898 899 2db4d90-2db4dcc 894->899 895->894 898->899
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5e2e4679c41a87f55c273a9dd386b0410c3883abc55ec895effc5e736b2fc76a
                          • Instruction ID: 26ed5ffddbf6e68ab174eb1e1710e914c67131feb087800ced6aa28571f019ba
                          • Opcode Fuzzy Hash: 5e2e4679c41a87f55c273a9dd386b0410c3883abc55ec895effc5e736b2fc76a
                          • Instruction Fuzzy Hash: 69511174908249DFCB05CFAAD4A9ADDFFB0FF0A310F15919AD894AB211C7349885CF54

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 902 2db4c55-2db4c58 903 2db4c5a-2db4c9b 902->903 904 2db4c9e-2db4d87 VirtualProtect 902->904 903->904 907 2db4d89-2db4d8f 904->907 908 2db4d90-2db4dcc 904->908 907->908
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02DB4D77
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: a368046af5cb706f1effdd30c578cfe5ed78f44ae9ff93222d4bf1f67259ae7f
                          • Instruction ID: bb0de7d88574bacf3724600fd329bbd7b3d1d03a2309b0e8cbaf81e7d2945a32
                          • Opcode Fuzzy Hash: a368046af5cb706f1effdd30c578cfe5ed78f44ae9ff93222d4bf1f67259ae7f
                          • Instruction Fuzzy Hash: F451FEB4908249DFCB05CFAAD4A9ADDFFB0FF0A310F15909AE854AB251C7349985CF64
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02F6D242
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 45e36e061dc14c11b4e54740d92abcb1f519e2e6d93b70d27646473726b57f4d
                          • Instruction ID: eb17acdd91dc953bb5328c1b701a91fcbcb786ce8ac37dcde6ddb19356693a32
                          • Opcode Fuzzy Hash: 45e36e061dc14c11b4e54740d92abcb1f519e2e6d93b70d27646473726b57f4d
                          • Instruction Fuzzy Hash: 0231A9B8E002589FCF10CFA9D984AEEFBB1FB49310F10941AE914B7200D735A941CF54
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02F6D242
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 87258ab221f7edf3b6b8949f7e614a039fed3022f27919d6fd669cd55611879d
                          • Instruction ID: e5e817f3284da6cd9e1f0c0f67aa02995410e136dc08c9d501b4841849fc84f3
                          • Opcode Fuzzy Hash: 87258ab221f7edf3b6b8949f7e614a039fed3022f27919d6fd669cd55611879d
                          • Instruction Fuzzy Hash: 713197B8E002589FCF10CFA9D984AAEFBB1FB49310F10A42AE915B7210D735A905CF58
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02DB4D77
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 56e1634356ac5b3775f0d222a4a355843cb4eada64685024ce5b50d0a7d004f8
                          • Instruction ID: 28144446cd81b7df096cdb6147c6d9dbe95ddfb94ea67bff0977935bc081985b
                          • Opcode Fuzzy Hash: 56e1634356ac5b3775f0d222a4a355843cb4eada64685024ce5b50d0a7d004f8
                          • Instruction Fuzzy Hash: CF3188B9D042589FCB10CFA9E984ADEFBB1AB09310F14906AE815B7350D735A945CF64
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02DBA28F
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 70af2752633af259d49010d8d5342890f3a5b697f9b291453272bce26b1f31af
                          • Instruction ID: b328f33d009f5a145a802ebacdbe0389d540ad6e00c84ab0c897f8f22847e21c
                          • Opcode Fuzzy Hash: 70af2752633af259d49010d8d5342890f3a5b697f9b291453272bce26b1f31af
                          • Instruction Fuzzy Hash: 8D31A8B8D042589FCB10CFA9D884ADEFBB1AF19310F24A02AE815B7310D335A944CF64
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: RLZ
                          • API String ID: 0-98947901
                          • Opcode ID: 98fa613bd7820d76b04e054ce2944a46bba46f5bd818d475e71d19eb695e3c49
                          • Instruction ID: d07f66ea0c3f9f550e61d8ea47960933a4f7c8612f2552920c024748904e72ba
                          • Opcode Fuzzy Hash: 98fa613bd7820d76b04e054ce2944a46bba46f5bd818d475e71d19eb695e3c49
                          • Instruction Fuzzy Hash: 7F51C275E00609DFCB14CFEAD9509EEBBB2BF88310F10852AD519AB354EB349942CF90
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: RLZ
                          • API String ID: 0-98947901
                          • Opcode ID: 88a30039cea46b7583950c30e51d58c429511fc8d7db9892a0834b834fc02183
                          • Instruction ID: 03ac7b924f7d402d19a0d0f000ec7f0e7e6d99561d51ed8aa5832cbb21d889d9
                          • Opcode Fuzzy Hash: 88a30039cea46b7583950c30e51d58c429511fc8d7db9892a0834b834fc02183
                          • Instruction Fuzzy Hash: D851D275E04209DFCB04CFE9C9509EEBBB2BF89310F14852AD819AB354E7349942CF90
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,
                          • API String ID: 0-3772416878
                          • Opcode ID: 75a06be737b41661adbd9e670079ca76ca02a4b417f1147ed6a36fab7d7ade2e
                          • Instruction ID: 6737332e68e433012c2ca7ae16376dd49f732e2dab718263a4ebf4927a4630f9
                          • Opcode Fuzzy Hash: 75a06be737b41661adbd9e670079ca76ca02a4b417f1147ed6a36fab7d7ade2e
                          • Instruction Fuzzy Hash: 0811DA75E152249FDB54CB58CD98BEDBBF6BB48300F148596E508E7354EB30AE808F50
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: $dq
                          • API String ID: 0-847773763
                          • Opcode ID: 87460e51d1a37c19fbaca7a01f51a6c7f38dc9d7a88979171026c910ed093eac
                          • Instruction ID: e81fe728b82f5bf162c38ed0a70c469467db252bd0af38b24c5efe55d08cf944
                          • Opcode Fuzzy Hash: 87460e51d1a37c19fbaca7a01f51a6c7f38dc9d7a88979171026c910ed093eac
                          • Instruction Fuzzy Hash: 22117FB4908229CFCF66DF25D84469EBBB6BB89301F1095EAD40DA7350DB315E819F80
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: <
                          • API String ID: 0-4251816714
                          • Opcode ID: e5a66f61fff68c8449e5f9f741bf06c3db033e36b220146a3a2ed5dd182d0442
                          • Instruction ID: 8bf53612fd9b60800cadd43cc16963fbfb3f4b8078106c9fce0196fbf830a855
                          • Opcode Fuzzy Hash: e5a66f61fff68c8449e5f9f741bf06c3db033e36b220146a3a2ed5dd182d0442
                          • Instruction Fuzzy Hash: F80116B0E102698FCB28CF28C855BE9BBB5FF49304F0486E9C1496B260C7B05AC1CF50
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f0b4fcfff0e1cda6b7125aa357ebbd8d77c8c6e02f30e96d0182e81b7e885d9
                          • Instruction ID: 85689753f24043bdffe484584b9b1b095dfb673e9ff20283bb9790af08694101
                          • Opcode Fuzzy Hash: 6f0b4fcfff0e1cda6b7125aa357ebbd8d77c8c6e02f30e96d0182e81b7e885d9
                          • Instruction Fuzzy Hash: 2861A1B8D00219DFCB44DFA9D99469DBBB2FF88311F20812AD816A7355DB316D85CF80
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 032cf751ebac4fca19c8f1739d7c023d82b6fdbea65d88ba127b8e5b3834ec65
                          • Instruction ID: f27c10ee677972814e9e887fc871073becfe2ca160eaa0cf61cc44136ed50b6c
                          • Opcode Fuzzy Hash: 032cf751ebac4fca19c8f1739d7c023d82b6fdbea65d88ba127b8e5b3834ec65
                          • Instruction Fuzzy Hash: 4E31A5B4E042099FCB44CFAAC580AAEFBF2FB88311F10856AD919A7755D7749A41CF50
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3f27f5e3404419066b599687aeec7e4c14fdbeea542a8b88e7f9b849a46404f2
                          • Instruction ID: 4ad632e99901db04617c5a9edf1fd32e009a7233efbb49001d7b2eca8721ad6c
                          • Opcode Fuzzy Hash: 3f27f5e3404419066b599687aeec7e4c14fdbeea542a8b88e7f9b849a46404f2
                          • Instruction Fuzzy Hash: 22218375E011189FCB58DB58CD95BEDBBB1BB88300F148199A509A7351DB30AE81CF90
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 415fa968a65dce59eba23e8c8693d1838d221b99a8bba3c03483abe463279fa6
                          • Instruction ID: 6ed8534b139de788a7ce29fbcb43d0b400ec3aa4e7fa26c7fd712868d838f9d8
                          • Opcode Fuzzy Hash: 415fa968a65dce59eba23e8c8693d1838d221b99a8bba3c03483abe463279fa6
                          • Instruction Fuzzy Hash: E511BCB9C14248AFCB41CBA4CC457EEBBB0EB41311F5892ABCC95C7312D330864ACB05
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f78e0ddeee72219c05d32aee0c9c1800622d9c39a5b1fc6a5337732cefdea98f
                          • Instruction ID: d70dee7dd04415517a7446419f2c8022b65a5d9629973de3ff139b9a6fe9d31a
                          • Opcode Fuzzy Hash: f78e0ddeee72219c05d32aee0c9c1800622d9c39a5b1fc6a5337732cefdea98f
                          • Instruction Fuzzy Hash: BF11CBBAC10348ABCB428BA8CC417E9BBB0EB51311F5892ABDCD5C2302D330860ACB45
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1ffcdce1dd4f8a261c84124cef40b2d3f984bc198f2ab9fba1a87e778821b65e
                          • Instruction ID: 952577bd43283cd9a93220de14bef1e2a104106090d6563cbc708749b24feaa7
                          • Opcode Fuzzy Hash: 1ffcdce1dd4f8a261c84124cef40b2d3f984bc198f2ab9fba1a87e778821b65e
                          • Instruction Fuzzy Hash: F511ACBAC14248ABCB429E74CC457E9BBB0EB51311F5892AADCE5D6352D330960ADB05
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7d9306aefe7326ee0c9bbcf5e8a79acf9bfef467a5b3862764e677db6f532b30
                          • Instruction ID: f91b559bf1c05ea3b214f365f6969bb9fecbd71e4ed008ff4789fc8b0677df85
                          • Opcode Fuzzy Hash: 7d9306aefe7326ee0c9bbcf5e8a79acf9bfef467a5b3862764e677db6f532b30
                          • Instruction Fuzzy Hash: 9F215A74A012288FCB60DF28C984ADDBBB1EB49310F1081DAE90DA7354DB30AE81CF84
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ec944931ff9e2af5a86fba71bc34f5a6e1ddd4f3ca375479167563f8db4d1ed6
                          • Instruction ID: 33a0354d99404001854a205fe03674a49cb5c04beb500c047d94dcecdcada5c0
                          • Opcode Fuzzy Hash: ec944931ff9e2af5a86fba71bc34f5a6e1ddd4f3ca375479167563f8db4d1ed6
                          • Instruction Fuzzy Hash: F4217E74A011699FDB64CBA8C994B9DBBF1BB48310F14C5EA9809A7365E7319E81CF40
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1013f59eab9962e84467626240f80d2bbc652a42b460035d87b350c57f031770
                          • Instruction ID: f0e1c2fe630a122ce040940d535aae413e4d4de351a028fc2a127628f06ae768
                          • Opcode Fuzzy Hash: 1013f59eab9962e84467626240f80d2bbc652a42b460035d87b350c57f031770
                          • Instruction Fuzzy Hash: AF11A475A012299FDB60DB68C954BADBBB5FB48314F1480E9E90CE7361D7309E819F50
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c3b3f793d00ab741d1692a1e63f574b8a334e116701e8df9af00a9a2281a97e1
                          • Instruction ID: 91172f458f7804796ce1ac253cd0e411870fc01f70ec83dc750a78d53908a2fa
                          • Opcode Fuzzy Hash: c3b3f793d00ab741d1692a1e63f574b8a334e116701e8df9af00a9a2281a97e1
                          • Instruction Fuzzy Hash: 0D11B470E012188FDB64CB58C994BADBBB2BB48310F0485E9D909AB2A1DB309E81CF51
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 19c46fa5da21474083178300f8aee004e3769b582845b0a02e835178cfd34334
                          • Instruction ID: 436cef640813282877ebf8307487389d92c68d0496813ba0cb3ee322cd275a20
                          • Opcode Fuzzy Hash: 19c46fa5da21474083178300f8aee004e3769b582845b0a02e835178cfd34334
                          • Instruction Fuzzy Hash: 4E0197B6D112149FDB54EB58CC55BEEB7FAEB89310F00C0A6E409E2390D731AD808F64
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 501b791215a480cfb88b8ecbd00b288bcc1cf68b019036a3dd90c3838bef08f9
                          • Instruction ID: 29ca2bbe9eff6a388abd2dcd859b35a73c1200b539bf2d78274ccf35a557ed49
                          • Opcode Fuzzy Hash: 501b791215a480cfb88b8ecbd00b288bcc1cf68b019036a3dd90c3838bef08f9
                          • Instruction Fuzzy Hash: AF216D74A05228DFCB60DF64C999AE9BBB2FB49310F1085DAD94DA7350DB319E81CF80
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6e7bac3b61df6af7ae1a1f90151aece050881e7113d0ddd0514fae49e60cf46a
                          • Instruction ID: 5cceb43b0b19b1b4517a76fcdde2b1fbc19b801ce14e5da96cd8841c272b4cd8
                          • Opcode Fuzzy Hash: 6e7bac3b61df6af7ae1a1f90151aece050881e7113d0ddd0514fae49e60cf46a
                          • Instruction Fuzzy Hash: A901A578E0420ADBCF04DFA5E4556EEBBB5FB48310F109526D916A3340DB342A55CFA2
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 862a773c73abd083b85b9542d268995a5a2d2ff9750c3e74f471b41366d8e8ff
                          • Instruction ID: 5642ba700309f90332572487c7812ec0a7e61af345f5bfabf178ada7376ebf9e
                          • Opcode Fuzzy Hash: 862a773c73abd083b85b9542d268995a5a2d2ff9750c3e74f471b41366d8e8ff
                          • Instruction Fuzzy Hash: F2011E74B012599FDB69CF24C950B9EB6BBBFC5600F5085EA848A6B344CE709ED1CF12
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 25510b903eb52af26d39312c1d5357b55ac442c5d87a2a5913db995b249612e4
                          • Instruction ID: 69e71db0b130996e6eb7908a4dd8c0f0a2e9c45c224bf1be907803a35345a85a
                          • Opcode Fuzzy Hash: 25510b903eb52af26d39312c1d5357b55ac442c5d87a2a5913db995b249612e4
                          • Instruction Fuzzy Hash: 95015F78E40208AFCB44DFA9C998A9EBBF5AF88310F55C1A9E8189B365D6349950DF40
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4178322c3f2ee2ad6509e6b918d7c6cbec4f7a3e272b84983e868bb6d70fd242
                          • Instruction ID: ddeb122ebef3c2433e0f856c1253eb0ea2742ad1171a396bc4dc9b3643313ec8
                          • Opcode Fuzzy Hash: 4178322c3f2ee2ad6509e6b918d7c6cbec4f7a3e272b84983e868bb6d70fd242
                          • Instruction Fuzzy Hash: 22F049B6D012189FDB55DB68CC90BAEBBBAFF8A300F0880A5E449A7364D7316D418F50
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 48d2fc720ada8f85760ba0e9298de29cb50da6447efda1e03b2f85be3fcf29e2
                          • Instruction ID: ac00f2558e6593061088473a8e83524a865a988c6335fd58c3f99519d252176b
                          • Opcode Fuzzy Hash: 48d2fc720ada8f85760ba0e9298de29cb50da6447efda1e03b2f85be3fcf29e2
                          • Instruction Fuzzy Hash: D8F0DAB6A111159FDB18DE69C955BAEBAF6BB88300F10D566E009E7354E6309D818B20
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bf3acba18a4ce2c15dd0b223a602429c918246949c9512e20c5a5a0bbff80765
                          • Instruction ID: e25f6056f6a4b0bcd3bf6b9b4a034efbfb27b36b6843067ed9c1d84d04b91c0e
                          • Opcode Fuzzy Hash: bf3acba18a4ce2c15dd0b223a602429c918246949c9512e20c5a5a0bbff80765
                          • Instruction Fuzzy Hash: 58F03A70C09359AFCB15DFA8D41169DBFB0BB05300F1089AAC89497241D7745A51CB81
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 32301e5ebea21990daaaaaac0f072c7741acc2ebd7c4312a5afa28a84f9eb640
                          • Instruction ID: 82f76d2e50e8a1b6f320fc3cdbb9275ec69f3a022790fb9b0454005b3a49a198
                          • Opcode Fuzzy Hash: 32301e5ebea21990daaaaaac0f072c7741acc2ebd7c4312a5afa28a84f9eb640
                          • Instruction Fuzzy Hash: B6F06275D5022AABCF15DF90DD40AEDFBB6FF49304F1490AAA509A6260DB3159419F80
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 713d51c861dd75d2734b016ad901e41487b8ddcd7051d4c6bcea89ff0418de8f
                          • Instruction ID: 8bed35b6f6ab5c5a4061517d8a9c7b1801ae29aa3c75d65c26d24cba5eb8824c
                          • Opcode Fuzzy Hash: 713d51c861dd75d2734b016ad901e41487b8ddcd7051d4c6bcea89ff0418de8f
                          • Instruction Fuzzy Hash: 1CF05E74A01158CFEB04CF64C940B9EB7B2BB48300F00C1A79609B7344DB305A90CF24
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 832d9d49a2e9282956eb16fb15d196cd9785f57f85d6987918206eccdf1b9fef
                          • Instruction ID: cb5973d51537e7b51a078388e93ec7f875eabbdb71be9d193e8228c55829f0fd
                          • Opcode Fuzzy Hash: 832d9d49a2e9282956eb16fb15d196cd9785f57f85d6987918206eccdf1b9fef
                          • Instruction Fuzzy Hash: 84F0E234A022298FDB64CF68C984A9DFBB1FB84314F1485DAC80DA7250DB31AA81CF54
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1bfddda29f73bbbccc8cddbc57c7445a8d36141cf2711a35525aa25d3083e24e
                          • Instruction ID: b70a1f697ad7da025657e600a5e89d12dd5fe6eb2257dac61615eaf60a721509
                          • Opcode Fuzzy Hash: 1bfddda29f73bbbccc8cddbc57c7445a8d36141cf2711a35525aa25d3083e24e
                          • Instruction Fuzzy Hash: F3E06571D05208AFCB40EFB8C40829CBBB6EB44700F1042FAD818E3240E7308A90CB41
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 044101e0a8e285568a35a9c9a6afd6d82ba342802b7958050b90cf37e8712cee
                          • Instruction ID: c44281990450a992ad4a6c1a74bbf921046ba4e6123ef9bb699d23e79c6acb76
                          • Opcode Fuzzy Hash: 044101e0a8e285568a35a9c9a6afd6d82ba342802b7958050b90cf37e8712cee
                          • Instruction Fuzzy Hash: 2FE0ED70D00319EFCB44DFA8D4016AEBBF5FB04310F5086AAD818A7300D7715651DB81
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 11811fa598be85c2fc4eff39e462019190735ce0bb7c7cc02e6feba582d14bd8
                          • Instruction ID: be51a7efe1fe22fe9ccfec0f38a9c4835a55e216f2f9c478ddabfc1bc38e6a42
                          • Opcode Fuzzy Hash: 11811fa598be85c2fc4eff39e462019190735ce0bb7c7cc02e6feba582d14bd8
                          • Instruction Fuzzy Hash: D3E0E5B4D00218EFCB54EFB8D8056AEBBF0FB48310F5086AAD824A3300E7719690DB80
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b85bb5e2fc7af826e58e1b6109afd7359e6c755574dd087673644e53041b7cd7
                          • Instruction ID: f5800bab29e931ce887222fcf4e815d1af2e9de4a19a4c31bf4f9a94f786a5fa
                          • Opcode Fuzzy Hash: b85bb5e2fc7af826e58e1b6109afd7359e6c755574dd087673644e53041b7cd7
                          • Instruction Fuzzy Hash: F3F09238A112198FDB54CF58C94499DFBB2FB4A354F54D49AD808AB350D731EE818F80
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9d33fb8211b7bff3704b088375aa782ab492f0546aac02856ab94f548541782f
                          • Instruction ID: 3349ac0576456a89c84b653d0a5e141cff915a8373587cfc2debfabd52b5b56e
                          • Opcode Fuzzy Hash: 9d33fb8211b7bff3704b088375aa782ab492f0546aac02856ab94f548541782f
                          • Instruction Fuzzy Hash: 8EE0BD70D01208AFCB94EFB8D4442ACBBB5EB48700F2081E9C818A7240E7359AA4CF81
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8a171075847db0f26ec8c5ff4f0dccab4a04e08e64eb9ab8c349ffd06ac9959c
                          • Instruction ID: 937acf08676d4e2fb8fb27452c807b009d3523ca4eda8c19a36e4b64fc9338b0
                          • Opcode Fuzzy Hash: 8a171075847db0f26ec8c5ff4f0dccab4a04e08e64eb9ab8c349ffd06ac9959c
                          • Instruction Fuzzy Hash: 1DD05E71914214CACF00CB55C4007EDB3B5BB44310F10575A8145AB681CB349982CF05
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 57c2b799ef92622b128501738dcd7056c5bfedfe9d20d07b5ed86358c7193cdc
                          • Instruction ID: d6392eb0ca45ccf50cd342d3ae509c6db603e8890b224e3854e3b3ecd31c7110
                          • Opcode Fuzzy Hash: 57c2b799ef92622b128501738dcd7056c5bfedfe9d20d07b5ed86358c7193cdc
                          • Instruction Fuzzy Hash: 16D05E71E042598FCF14CE95C840B9EB7B5EF89350F00A5AA8509FB248D3349A82CF11
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c407b936967a3d03042d2f3d3e697acb4994be6ef02a09b3497ce9151ab3b73e
                          • Instruction ID: 6726e0bb61c6a0813815191cd09fe73841f925ba4a44eb0e2475c5d858440c70
                          • Opcode Fuzzy Hash: c407b936967a3d03042d2f3d3e697acb4994be6ef02a09b3497ce9151ab3b73e
                          • Instruction Fuzzy Hash: C4D05E74E0112A8ECF18CBA5C840BADF6B6AF88350F1495AB8509AB254D2309A828F14
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9d24cafe73ccaa6f0fc0e9df589810b488ea36fb935237f642a951a7eba625fb
                          • Instruction ID: 5af9f12b9b14186075fd91b739f4cdad142af5437617b293c0379889b5eb0bdd
                          • Opcode Fuzzy Hash: 9d24cafe73ccaa6f0fc0e9df589810b488ea36fb935237f642a951a7eba625fb
                          • Instruction Fuzzy Hash: 50D01271A0021C8ACF44DF9DC800BEEB276BB56310F00575A8547BB240CA345686CF55
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 60c0f78984d227784bcfdfb534c7a07674f682c10192c44aab27dcff3d5942b1
                          • Instruction ID: bfde9ee75e3d01610b81932fc36d2cda895625015d255f96cae222552ee7f985
                          • Opcode Fuzzy Hash: 60c0f78984d227784bcfdfb534c7a07674f682c10192c44aab27dcff3d5942b1
                          • Instruction Fuzzy Hash: 10E0E23991012AAFCB26CB28C840798BBF9FB48311F0099969009AA228D7315F82CF10
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: ;,l&$;,l&$Pv-S
                          • API String ID: 0-4218426030
                          • Opcode ID: 7b9fcdc53bc148897d11970ee1bfcac7b44f6bce390e41fd1df49aec6b834696
                          • Instruction ID: 1c4f3ca6a036bd9cdb4fec98ea0a0700fa20790677df3c42ee3ce091a6d6e42b
                          • Opcode Fuzzy Hash: 7b9fcdc53bc148897d11970ee1bfcac7b44f6bce390e41fd1df49aec6b834696
                          • Instruction Fuzzy Hash: 6C61D174E05259CBCB44CFAAC5915DEFBF2EF88210F24942AD516B7314E3349A42CF64
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: #c]~$Xhq
                          • API String ID: 0-133469787
                          • Opcode ID: e9ab66132b4e7b1e8edd760e2f1eeedf1dd0e4f7eea285a0ee9b7da738b74dc2
                          • Instruction ID: 3d0f8aee011c8f1e394387c186168385af9f9060a6ee33fdddc56c0a92fa6301
                          • Opcode Fuzzy Hash: e9ab66132b4e7b1e8edd760e2f1eeedf1dd0e4f7eea285a0ee9b7da738b74dc2
                          • Instruction Fuzzy Hash: 1DB19471B04116CBDB282EB9845833BFAA7EFC4689F24892DD9478A2C5CF34CD85C755
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: PjiE$PjiE
                          • API String ID: 0-2622412323
                          • Opcode ID: 62c7751c910aaf908dd04fb3a9cb241f85f8f4becca51c1ffad10d7301f33119
                          • Instruction ID: eaf2536be45aa14d2ab846b260ac6a1019c8ef43dccbfc88dc0fbc19a1c4e9e9
                          • Opcode Fuzzy Hash: 62c7751c910aaf908dd04fb3a9cb241f85f8f4becca51c1ffad10d7301f33119
                          • Instruction Fuzzy Hash: 9C810574E14219CFCB14CFA5D980AAEFBB2FF89340F24D5AAD409AB215DB30A941CF14
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: >C`$>C`
                          • API String ID: 0-1550029338
                          • Opcode ID: 817e808b50d4e6cc4900f7bdd302f0052b9a27fb58f1f5dd5033bb7ab381db73
                          • Instruction ID: 9894227d3e80de7d7e410080071d48ea8ae4d26eba6e9fcade3b3c8d86fb02e7
                          • Opcode Fuzzy Hash: 817e808b50d4e6cc4900f7bdd302f0052b9a27fb58f1f5dd5033bb7ab381db73
                          • Instruction Fuzzy Hash: 935108B4E0520A9BCB08CFA9C5816EEFBB2EF89310F24D56AD805F7245D7349A41CB95
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: >C`$>C`
                          • API String ID: 0-1550029338
                          • Opcode ID: a6b2c106d5b595d447f8a59e5202e7e500ccba1a92f717e11c158f358beffd06
                          • Instruction ID: 4b630cccf0a8eb03ed32a031e4070a16630f748567cb171f2db112848389ec91
                          • Opcode Fuzzy Hash: a6b2c106d5b595d447f8a59e5202e7e500ccba1a92f717e11c158f358beffd06
                          • Instruction Fuzzy Hash: 5E511770E0560A9FCB08CFA9C5816EEFBF2EB89310F20D56AD805F7255D3349A41CB95
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: XN<
                          • API String ID: 0-2294712608
                          • Opcode ID: 8400b053bf9bff023b33b9d14c0b15add8859d3eaca5ec861992b21fac4a7791
                          • Instruction ID: 17002d28ca5aad55f7856401df2d6f34471f8e012484e82bb4905cd77b6a7517
                          • Opcode Fuzzy Hash: 8400b053bf9bff023b33b9d14c0b15add8859d3eaca5ec861992b21fac4a7791
                          • Instruction Fuzzy Hash: F9A15970E01219DFCB04CFA9D984AAEFBB2FF89304F24856AD515AB369DB309941CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: XN<
                          • API String ID: 0-2294712608
                          • Opcode ID: a3fc32df1ef7fd88fd5d4078638213c89b0b603f4dbcf89be852f95cba2773b0
                          • Instruction ID: 59ea54af95cb85dd075aae474aa07fbbb651b8ef689e443006833d87b8713396
                          • Opcode Fuzzy Hash: a3fc32df1ef7fd88fd5d4078638213c89b0b603f4dbcf89be852f95cba2773b0
                          • Instruction Fuzzy Hash: 61915974E04219EFCB04CFA8D984AAEFBB2FF89344F24855AE515AB359DB309941CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: PjiE
                          • API String ID: 0-494992313
                          • Opcode ID: d17b81fd83401d6ea7dc8e8927ac81c56e0e722a4d47b05025efd6cb7a4b65f7
                          • Instruction ID: e9b6dea09aba494b8756e34d34c259450857c640efe365f07bc69b511c48cdf6
                          • Opcode Fuzzy Hash: d17b81fd83401d6ea7dc8e8927ac81c56e0e722a4d47b05025efd6cb7a4b65f7
                          • Instruction Fuzzy Hash: 05812574E142198FCB14CFA5D980AAEFBB2FF89340F24C5AAD409AB214DB30A941CF14
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (%B
                          • API String ID: 0-3669728902
                          • Opcode ID: 6b5179a0a61c7547f1f270f0079e78c53c6e3b5c86b531483864b62b4858b827
                          • Instruction ID: b6bbb63967fbdb94bef818ce11697164266b02707fa6e3bed238a2e8cf30c3c2
                          • Opcode Fuzzy Hash: 6b5179a0a61c7547f1f270f0079e78c53c6e3b5c86b531483864b62b4858b827
                          • Instruction Fuzzy Hash: D081EE74A14219DFCB04CFA9C5849AEBBF5FF89310B24955AE456EB320D330AE42CF51
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: +'C-
                          • API String ID: 0-4127123445
                          • Opcode ID: aaa4a4f152619cbf12352e116fa0e4271152eda7766292793f8b4bd8cb53d13f
                          • Instruction ID: 7541f9885f5ac378917fa9bb962b11b2a2b57e81097623a4cd9c51226d782660
                          • Opcode Fuzzy Hash: aaa4a4f152619cbf12352e116fa0e4271152eda7766292793f8b4bd8cb53d13f
                          • Instruction Fuzzy Hash: DB71E474E00219DFDB05CFA9D990A9DFBF2BF89300F24D56AD449AB369DB30A941CB50
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: =Rp
                          • API String ID: 0-4099705349
                          • Opcode ID: 2c77cb01336591a0743de910cfff7f20a3bcfcb3135edac2e2fd19072dc05469
                          • Instruction ID: 84bc35920c6953e721207bac5f6d974850facda0eeee269ec131ba15e3a9c674
                          • Opcode Fuzzy Hash: 2c77cb01336591a0743de910cfff7f20a3bcfcb3135edac2e2fd19072dc05469
                          • Instruction Fuzzy Hash: B0613871E04219DBCB04CFAAD9849AEFBB2FF88354F18D52AD519AB355D7309842CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: p
                          • API String ID: 0-2181537457
                          • Opcode ID: cb1350b6a65ef38e709ef10d06f49de43c838b743651dd313497f3d92847ce2a
                          • Instruction ID: 5aad476107b48949ae96608ad1a6412092d143f3eeb16beba776a0f71fab86ec
                          • Opcode Fuzzy Hash: cb1350b6a65ef38e709ef10d06f49de43c838b743651dd313497f3d92847ce2a
                          • Instruction Fuzzy Hash: 4121C9B1E04618DBEB18CFABD8506DEFBF7AFC9200F14C0BAD518A6254DB341A458F51
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: p
                          • API String ID: 0-2181537457
                          • Opcode ID: 2badd768738e0156e83c0257eb1cf55beaebaaa108f0f052de09e298e001d19d
                          • Instruction ID: 86f54f711d373a0a715122e5a98557dd14a3bdd6799458f4b60c55a86a1ba51e
                          • Opcode Fuzzy Hash: 2badd768738e0156e83c0257eb1cf55beaebaaa108f0f052de09e298e001d19d
                          • Instruction Fuzzy Hash: F521A7B1E00618DBEB58CFABC850B9EFBF3AFC8300F14C1AAD518A6254EB3449458F51
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: &\zE
                          • API String ID: 0-316529737
                          • Opcode ID: cfa7aff210e97dbae1474db6af872ab272c20d70d72dd53e16708f0630f0ecff
                          • Instruction ID: 284ce8b0e132e1c58f04278cdd7ab2a86a14bb7678b49c4b57f442a29bf3f486
                          • Opcode Fuzzy Hash: cfa7aff210e97dbae1474db6af872ab272c20d70d72dd53e16708f0630f0ecff
                          • Instruction Fuzzy Hash: 9321DD71E046689BEB18CF6BDC446DEFAF7AFC5304F14C1BAD848A7214EB7019828E40
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a970835e21b52d3c0032bb1e77271e1aa29486ebe93135466efd3011c9263ad3
                          • Instruction ID: 4c82a6aaab5e15de3996a8346c3b7ce5a0f2006f8ed92124aeaff1a0e0334d53
                          • Opcode Fuzzy Hash: a970835e21b52d3c0032bb1e77271e1aa29486ebe93135466efd3011c9263ad3
                          • Instruction Fuzzy Hash: 81F14974E04219DFCB05CFA9C9909AEFBB2FF88304F24855AE456AB359D730AD41CB90
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a9b2c29ae00ef558601c0b11a72043420481fc14fd94bf13faba4114e70a3346
                          • Instruction ID: 2e4fc197d4f077be665d3640bb1d98c421b5a38e55a1511bec13073f6fb98d98
                          • Opcode Fuzzy Hash: a9b2c29ae00ef558601c0b11a72043420481fc14fd94bf13faba4114e70a3346
                          • Instruction Fuzzy Hash: DDC10874E102198FDB58CFAAD994A9EFBB2FF89340F24C5AAD409A7355DB309941CF10
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2675f4b463967942c24bd2dff15f2c1098a3fe41e49b7f0bbc93e552cf46f4d4
                          • Instruction ID: b9a5ab41fdf34554b2f26d5dc0f66643f2fda960394387c66535309953368ee5
                          • Opcode Fuzzy Hash: 2675f4b463967942c24bd2dff15f2c1098a3fe41e49b7f0bbc93e552cf46f4d4
                          • Instruction Fuzzy Hash: 42B10874E002188FDB18CFAAD954A9EFBB2FF89300F24C5AAD519A7355DB309941CF10
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 49a70f60ff9b5dffdcca82b811ad8593cf0f53fb7aa377c720d95277ee1a9249
                          • Instruction ID: 53e10418ab4e02e5b6ff2b00615475724fc4de41993f2ebb7db032a64d00ed57
                          • Opcode Fuzzy Hash: 49a70f60ff9b5dffdcca82b811ad8593cf0f53fb7aa377c720d95277ee1a9249
                          • Instruction Fuzzy Hash: 80B16270D04129AFDB14CF69C5909AEFBB3BF89314F14C55AE414AB31AD730A942CF50
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 24af80e91d633bc4a64aeb630a9127e0c629343c6532f55e233dc32e4d008b99
                          • Instruction ID: 7a0bb1948c8e1adff956a6b2621aaf0965b101271f7db6aaab5c52fc91e691c8
                          • Opcode Fuzzy Hash: 24af80e91d633bc4a64aeb630a9127e0c629343c6532f55e233dc32e4d008b99
                          • Instruction Fuzzy Hash: 87811674E14219CFCB14CFA9D984AAEFBB2FF89340F24D5AAD419AB215D730A941CF14
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f8fc3cc42e7392132d1b706f14055026f14992c1b55d3621d8ed5a6a4477e59
                          • Instruction ID: 46c2245716c97227faddb24dda4f6d2b7030a89153545d1f182e32ebc996cf7b
                          • Opcode Fuzzy Hash: 8f8fc3cc42e7392132d1b706f14055026f14992c1b55d3621d8ed5a6a4477e59
                          • Instruction Fuzzy Hash: CD81E274E1421ACFCB44CFA9C98499EFBF2FF89210F249569E415AB724D734AA42CF50
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f4c563ee63919c445adae688aa92653eee71338cbb8f0ce84e6368379f9b814a
                          • Instruction ID: 74933cdf5ab445c8a937230d211ad944814f093fb3591c523aad56fc80b183b9
                          • Opcode Fuzzy Hash: f4c563ee63919c445adae688aa92653eee71338cbb8f0ce84e6368379f9b814a
                          • Instruction Fuzzy Hash: 92711670E15209CFCB08CFD9D5805DEFBF6FB89220F24946AD805BB215E7349A528F64
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ccd39e8f54abcec89327ee71c842e77c311b0db90bf55ef8b79ac2757b9971ad
                          • Instruction ID: ff94736b2344f34ef262b126f12093e55beb4961756ab461ac2621cbac916ecf
                          • Opcode Fuzzy Hash: ccd39e8f54abcec89327ee71c842e77c311b0db90bf55ef8b79ac2757b9971ad
                          • Instruction Fuzzy Hash: 2971C2B4D0520A9BCB44CFA9D5899EEFBB2BF88320F14855AD819A7315D33499428F94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 407934c8b015a59f9fb1367dd1ab8eea09d3103d9f0d1cfd623e3a99fbd296cb
                          • Instruction ID: ea7a413e25f5647ed6d97d2504f0bb110edf40ece5f31e7bb5c215272b0e426a
                          • Opcode Fuzzy Hash: 407934c8b015a59f9fb1367dd1ab8eea09d3103d9f0d1cfd623e3a99fbd296cb
                          • Instruction Fuzzy Hash: 0B71C4B5E0521A9FCB04CF99C5809EEFBB2FF88320F148556D815AB315D374AA82CF95
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2fc67d6eb2ebe63e322736b25d974688077e1be481b05a5a88385fb5358caf3e
                          • Instruction ID: 6e50b01645ea39b460bdc544a2287012d33ed82c226f91562b0ba726439a3587
                          • Opcode Fuzzy Hash: 2fc67d6eb2ebe63e322736b25d974688077e1be481b05a5a88385fb5358caf3e
                          • Instruction Fuzzy Hash: 5161F6B8D0520A9FCB44CFA9D5899EEFBB2FF88320F158556D819A7315D3309942CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6ba965e062b58e1d459a6569bf1bb45b4fe8c244c993488f6881889a651be0a6
                          • Instruction ID: 96916fa53d1e03e7f9b1676db33e59efc42754fd59346013ff454dc3b8efc21f
                          • Opcode Fuzzy Hash: 6ba965e062b58e1d459a6569bf1bb45b4fe8c244c993488f6881889a651be0a6
                          • Instruction Fuzzy Hash: 7B71E1B4D0424ADFCB05CFA9C5A09EEBBB2FF48310F249519D956AB315D330A982CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6fca619b7e448f4bc01857b869d42d1eb88338b0d279f2dd64ae118f248c70bd
                          • Instruction ID: 9181f27614bfd3ca6dc9bb3b8da7c4b475308edd42cb6df11ff0a584005c3f9c
                          • Opcode Fuzzy Hash: 6fca619b7e448f4bc01857b869d42d1eb88338b0d279f2dd64ae118f248c70bd
                          • Instruction Fuzzy Hash: B861E3B4E0120ADBCB05CFA9D5909EEFBB6FF88310F14856AE515AB754D3309A81CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fccdf737be34dbee76a6346adf819152e861746603a594ac1def162290ba4f21
                          • Instruction ID: 29536d42d65c6a3190d82cf2e531903355323b6e41da5f15dffd90b0838fb26b
                          • Opcode Fuzzy Hash: fccdf737be34dbee76a6346adf819152e861746603a594ac1def162290ba4f21
                          • Instruction Fuzzy Hash: B161E3B4E0124ADBCB09CFA9D491AEEBBB6FF88310F148566E515A7754D330D981CF90
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 17806d9faa90ae1995aaa7afcca5052bebef622cb4076904c160e7343dc7d637
                          • Instruction ID: d4977f048d2b19f7157a1b27dc35bc279ba8e2d744f77d841b4356b060fa4fa1
                          • Opcode Fuzzy Hash: 17806d9faa90ae1995aaa7afcca5052bebef622cb4076904c160e7343dc7d637
                          • Instruction Fuzzy Hash: F251E374E05219CFCB08CFA9C981AEEFBF2BF88210F24952AD955B7314D7349A42CB54
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 20dee2dd2bf7bc1fc3ced01d45bf2d76de858cd27ba8597af8e9ce4e608a59d8
                          • Instruction ID: d3ed01603b8a7c7cdcce81a16511370ae34a527745097bfd245c820781df98b5
                          • Opcode Fuzzy Hash: 20dee2dd2bf7bc1fc3ced01d45bf2d76de858cd27ba8597af8e9ce4e608a59d8
                          • Instruction Fuzzy Hash: CF510574E052098FCB08CFA9C981AEEFBF2BF88310F24942AD545B7314D7749A42CB55
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f8fde04cd93473885cbec87aaf6db4577ac712af6da2fa0908a91c7b4e9f69a8
                          • Instruction ID: 5e765dc261e1f187dacc1f098eec0a66baef0f4155de2de7f4c197e91c6fcd1a
                          • Opcode Fuzzy Hash: f8fde04cd93473885cbec87aaf6db4577ac712af6da2fa0908a91c7b4e9f69a8
                          • Instruction Fuzzy Hash: DD41D374E0520ADBCB04CFAAD5915EEFBF2BF88240F24D16AC405BB318D7349A41CBA4
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1e048a2a3b433d8af6bbb18fa630d1ffda90ebf8f712fd68acafb3d25384ba13
                          • Instruction ID: bde25eba3f439afebe4082f6e30cde733a4d4f6b85f40b8065e6b755e2dc4dfa
                          • Opcode Fuzzy Hash: 1e048a2a3b433d8af6bbb18fa630d1ffda90ebf8f712fd68acafb3d25384ba13
                          • Instruction Fuzzy Hash: D7410970E0460A9FCB48CFAAC5815EEFBF6EF88310F20D46AD519A7255E33496528F94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646326729.0000000002DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 22db7e2b62a8fdc437f41dc0ba47e94b71836fb9697d01b52e027e812f08201a
                          • Instruction ID: d7e464de9f5dbba325c18dde9b53d14b74eab35ba2d5329fd39ec57134996192
                          • Opcode Fuzzy Hash: 22db7e2b62a8fdc437f41dc0ba47e94b71836fb9697d01b52e027e812f08201a
                          • Instruction Fuzzy Hash: 7241D2B0E0460ADBCB49CFAAC5915EEBBF2BF88300F24D46AC516A7354D7359A41CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f391a322e9d93c1ee698a31f1e47fd72f93028f4cb22fcb6dcdc43735f4ba4c9
                          • Instruction ID: 8b1270d86e9b1cb23802d5b0f5b0494131b7646f43bb959c1003192a93bc918c
                          • Opcode Fuzzy Hash: f391a322e9d93c1ee698a31f1e47fd72f93028f4cb22fcb6dcdc43735f4ba4c9
                          • Instruction Fuzzy Hash: 3341E8B5E0420A9FCB48CFAAD4455EEFBF2AB88310F24C46AD419B7255D7349A41CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649483505.0000000005450000.00000040.00000800.00020000.00000000.sdmp, Offset: 05450000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_5450000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f826341b7074c3e5194b07865f76f76045d50fa5eb317aa5a9f18bd5c28254f0
                          • Instruction ID: de1c41924770347b77dbd0a127ea297e721ec6023649296627adf9ad6e74bda6
                          • Opcode Fuzzy Hash: f826341b7074c3e5194b07865f76f76045d50fa5eb317aa5a9f18bd5c28254f0
                          • Instruction Fuzzy Hash: 0C410674E0420A9BCB48CFAAD4455EEFBF2BF88310F24C52AD819B7255D7349A42CF94
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a4d4c7b2d89e8af9efd80a850b2c380285cb08d085fdd3b927ce997a2731f0fe
                          • Instruction ID: 95b6c7a4150ba490d666c1a0da20e03c74aa9448bcce6b28d186bd668a5728d1
                          • Opcode Fuzzy Hash: a4d4c7b2d89e8af9efd80a850b2c380285cb08d085fdd3b927ce997a2731f0fe
                          • Instruction Fuzzy Hash: A4313E71E146689BEB18CF6AD8846DEFAB7FFC9310F14C1BAD508A7254EB3059818F40
                          Memory Dump Source
                          • Source File: 00000000.00000002.1649580416.00000000055A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_55a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 760a25991198972bf33342da9741169c397bfd3901697b52a16095fb786264a0
                          • Instruction ID: d852ab8f0ec9d67a66505de03ba01dddaf5836f1cf323e249c0cc05e143afdc0
                          • Opcode Fuzzy Hash: 760a25991198972bf33342da9741169c397bfd3901697b52a16095fb786264a0
                          • Instruction Fuzzy Hash: E1213E72E056948FD719CF6ADC5429DBFB7AFC5310F09C1E6D848AB265EA340946CB00
                          Memory Dump Source
                          • Source File: 00000000.00000002.1646508988.0000000002F60000.00000040.00000800.00020000.00000000.sdmp, Offset: 02F60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_2f60000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 54cfba60df750d5680a0a503ec81b1c560229cc5f3d603e7de0b30b4bb873c47
                          • Instruction ID: dd1d3babf5fd51b416329f27b7a8830b61331c9179e66b5b123283d50d7efd69
                          • Opcode Fuzzy Hash: 54cfba60df750d5680a0a503ec81b1c560229cc5f3d603e7de0b30b4bb873c47
                          • Instruction Fuzzy Hash: 8E219875E046289BDB58CF6BDD446DEFAF7ABC8310F14C1AAD808A6254EB3049959F40
                          Strings
                          Memory Dump Source
                          • Source File: 00000001.00000002.1633869917.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_d40000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: dhq
                          • API String ID: 0-2324836203
                          • Opcode ID: 8313c7f6bd805e360967fcb448d853febc830567b27919fa73190adf061cfb1e
                          • Instruction ID: 6208e88a17a0111735c80e31ba51764c4a7f7a0281175ed07a8cf502b37931bd
                          • Opcode Fuzzy Hash: 8313c7f6bd805e360967fcb448d853febc830567b27919fa73190adf061cfb1e
                          • Instruction Fuzzy Hash: 70828274900229CFCB24DFA8D984BDDBBB1BF49304F1486AAD509AB365D770AE85CF50
                          Memory Dump Source
                          • Source File: 00000001.00000002.1633869917.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_d40000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 01e42df7a556dd91bb4ac00d9e38f437b95cdbe3f8ddb14d6b45af0c789560b2
                          • Instruction ID: f66c2f661ebbf7776a493ab4a3c653c8f1cc8d24e062b73ab2dd5b0324021184
                          • Opcode Fuzzy Hash: 01e42df7a556dd91bb4ac00d9e38f437b95cdbe3f8ddb14d6b45af0c789560b2
                          • Instruction Fuzzy Hash: ED210771E0014A9FCF01DBA9D4549EDBFB1EF49310F8582AAD554BB261DB30AA46CB90
                          Memory Dump Source
                          • Source File: 00000001.00000002.1633869917.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_d40000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 06d77ea15389d50778b1baafb5b14537fb5d758cb473fc60532716c2b128d062
                          • Instruction ID: b027c5f1338b478f4a27749db7a8537c3b1ed95f75128254d9b3045f0aeafdbd
                          • Opcode Fuzzy Hash: 06d77ea15389d50778b1baafb5b14537fb5d758cb473fc60532716c2b128d062
                          • Instruction Fuzzy Hash: 2F213AB49052199FCB05EF68E894B9E7BF1EB84705F108A69E1089F269DB701A49CF81
                          Memory Dump Source
                          • Source File: 00000001.00000002.1633869917.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_d40000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a7aee36182f4003f9bfd3c56a816355f77c32e4414a81e6b67f0a031b7721104
                          • Instruction ID: d0cea488644caafcf940afad772dea1e2efa64831c41b8a4e97b2add28c591c8
                          • Opcode Fuzzy Hash: a7aee36182f4003f9bfd3c56a816355f77c32e4414a81e6b67f0a031b7721104
                          • Instruction Fuzzy Hash: 08114CB4905219DFCB05FF68E894B9E7BF1EB84705F008A65E1089F269DB706A45CF81
                          Memory Dump Source
                          • Source File: 00000001.00000002.1633869917.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_d40000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2517419bc5fb737876d4c1a793a2a25f4d7deee987bafcd61c871545156f958e
                          • Instruction ID: 40b91139b8182cfd158d5cbb3a98d2e144ebaf90cc134aaf43383e57ffe6db70
                          • Opcode Fuzzy Hash: 2517419bc5fb737876d4c1a793a2a25f4d7deee987bafcd61c871545156f958e
                          • Instruction Fuzzy Hash: 0AF017B8D082499BCF00DFA6D4147FEBBF0AB89310F109129D455B7241D7784A49CFA1
                          Memory Dump Source
                          • Source File: 00000001.00000002.1633869917.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_d40000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0f2df33e8fbf1eecd708d14a1cfa6c7559b0fc7d48a66f2490fec6fae2400798
                          • Instruction ID: 99e9bcb4a45369f1dc17a710b96f779e4d4501e44492900dd1308ab30e1b052e
                          • Opcode Fuzzy Hash: 0f2df33e8fbf1eecd708d14a1cfa6c7559b0fc7d48a66f2490fec6fae2400798
                          • Instruction Fuzzy Hash: A4F0B270D01209EFCB49EFB8D941AAEBBB4FB05304F1046AAD415A7260EB709A40CB81
                          Memory Dump Source
                          • Source File: 00000001.00000002.1633869917.0000000000D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D40000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_1_2_d40000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a9fdc0fc9637205dc1ef40186ea2c5e62b2fe67b6288c5cd1083fb99f4ffe0a0
                          • Instruction ID: fc14e1f4c09d05d185eb2b538d9b7ed9281cfe7b0493e3994c38071d61b06528
                          • Opcode Fuzzy Hash: a9fdc0fc9637205dc1ef40186ea2c5e62b2fe67b6288c5cd1083fb99f4ffe0a0
                          • Instruction Fuzzy Hash: 80F0AF70D01209EFCB49DFB8D941AEEBFB0FB05314F1046AAD416A7260EB709A44CF81
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (Yr$(Yr$(Yr$(Yr$(Yr$(Yr$XP
                          • API String ID: 0-2807550556
                          • Opcode ID: e014b4bdf57672702fb0b1f3607d49c3366c7574b9a06350da222d18efbfc4e1
                          • Instruction ID: b57d0cdbc5ba29d42de9ee0d024ec1eb77c41b369e4871d8d54e0837158f7b79
                          • Opcode Fuzzy Hash: e014b4bdf57672702fb0b1f3607d49c3366c7574b9a06350da222d18efbfc4e1
                          • Instruction Fuzzy Hash: B9628E74A01229CFCB24CF69C984BD9BBF1BF4A304F5082A9D449AB365D734AE85CF41
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0e$@T$@T$dhq
                          • API String ID: 0-2478033602
                          • Opcode ID: 72332af54441ec3f9df6c9ed1f9b573e4f36b96b93ced3f31725e2b63d89fa0f
                          • Instruction ID: ece1438737eb70fb2c82fb4d41d1c847f518163307ab3ed181b1a0100c7cf6b8
                          • Opcode Fuzzy Hash: 72332af54441ec3f9df6c9ed1f9b573e4f36b96b93ced3f31725e2b63d89fa0f
                          • Instruction Fuzzy Hash: DA829274900229CFCB25DF68D984BDDBBB5BF49304F1086AAD409BB265D734AE85CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (Yr$(Yr$(Yr$XP
                          • API String ID: 0-1601205124
                          • Opcode ID: b8b18587c7fa566f08e18a40c3c71fb1436450b62423f5864425b243d7f85043
                          • Instruction ID: 42470b0a11a604c53f3bb8972644841a37fded717d11e63ccf9107fb4214bc6c
                          • Opcode Fuzzy Hash: b8b18587c7fa566f08e18a40c3c71fb1436450b62423f5864425b243d7f85043
                          • Instruction Fuzzy Hash: 35229F74A012298FCB24CF69C984BD9BBF1BF8A304F5082D9D449AB365D734AE85CF41
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (hq
                          • API String ID: 0-4060669308
                          • Opcode ID: c234d46156a00c57d2ee6b1a05328930363203c683b2f60e2a92f0f8817a0dea
                          • Instruction ID: 5981c748ad3f7a9c00c5ab3adb1122519a606c773d00cb8085dee45945ff0c13
                          • Opcode Fuzzy Hash: c234d46156a00c57d2ee6b1a05328930363203c683b2f60e2a92f0f8817a0dea
                          • Instruction Fuzzy Hash: C1E1F274A00219CFDB18DFA9C590A9EBBF2FF89315F208569D409AB365DB34AD42CF50
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 405260a4bab6ee4db3f068caccd05481f0aa52d9eaa53865185aefc42fc66570
                          • Instruction ID: 46a79e2a58066f7838e84092d56f39174700def1a05e9ec9be15fda87a842f08
                          • Opcode Fuzzy Hash: 405260a4bab6ee4db3f068caccd05481f0aa52d9eaa53865185aefc42fc66570
                          • Instruction Fuzzy Hash: CDB19D75E003198FCB14CFA9C584ADDBBF2BF89314F2591A9E409AB365D734AA85CF40
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (Yr$(Yr$(Yr
                          • API String ID: 0-2619217467
                          • Opcode ID: 5d6b0781ddfa9868f09dad022d5fec7f7e5acdd16804005c74e56cfab81fc47b
                          • Instruction ID: f9952a6edcba6d556af586faaa1ea9a8273e4c0f5944c0af9c5ce9db556f2a02
                          • Opcode Fuzzy Hash: 5d6b0781ddfa9868f09dad022d5fec7f7e5acdd16804005c74e56cfab81fc47b
                          • Instruction Fuzzy Hash: 1AE1A274E04218CFDB54CFA9C884A9DFBF5BF49314F158296E818AB365D734A946CF40
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (hq$D@$D@
                          • API String ID: 0-833522755
                          • Opcode ID: 07a3189b8a4321ecad2eec68eee9eac083a5a1fe6b1a3687716de6ebd0b81f40
                          • Instruction ID: 601ff9be21be0ec8b9c0d0ff55dabc2369e7ee7ebb8f9ef14d6eaa3d8ed66e90
                          • Opcode Fuzzy Hash: 07a3189b8a4321ecad2eec68eee9eac083a5a1fe6b1a3687716de6ebd0b81f40
                          • Instruction Fuzzy Hash: 71D19274A00259CFDB14CFA8C984A9DBBF1FF49314F1582A9E409AB369D774AD89CF40
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (hq$D@$D@
                          • API String ID: 0-833522755
                          • Opcode ID: 1ff8d87a91fd8d52ffed2215d9114f37784b74b1a208a55c5b16345a4a3d4794
                          • Instruction ID: 462aac3543e629ad58820bddfb0b963a4373a011dcf1dd32628586dce1fa3954
                          • Opcode Fuzzy Hash: 1ff8d87a91fd8d52ffed2215d9114f37784b74b1a208a55c5b16345a4a3d4794
                          • Instruction Fuzzy Hash: B8C1B374A00258CFDB14CFA8C984A9DBBF1FF49314F158299E409AB36AD774AD89CF40
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0e$@T$@T
                          • API String ID: 0-1473502660
                          • Opcode ID: 597b7a94ae7a82600a25b198c02eb63d2fce208e2622b04df69c1591d8f52290
                          • Instruction ID: b629f745f1b150dffe7639cce31ccc99a4d65436b50d2a5c23497317cec53a09
                          • Opcode Fuzzy Hash: 597b7a94ae7a82600a25b198c02eb63d2fce208e2622b04df69c1591d8f52290
                          • Instruction Fuzzy Hash: B9A19675900229CFCB24DF98D880BDDB7B5FF49314F1181A6D519BB265E730AA85CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (Yr$(Yr
                          • API String ID: 0-2090575575
                          • Opcode ID: 5f8562a4f781a46cfed6e0ce33eb42af388c959bb5a74845426e14e65d8cf6bc
                          • Instruction ID: edb1af22ff17cb53d156fd9528a62edc29bf8a185ca3cbced0ccac96c1bb3bd4
                          • Opcode Fuzzy Hash: 5f8562a4f781a46cfed6e0ce33eb42af388c959bb5a74845426e14e65d8cf6bc
                          • Instruction Fuzzy Hash: A531AF74E002098FCB04CFA9C584ADDFBF5BF89305F109166D419AB369D734AA8ACF54
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: heq$heq
                          • API String ID: 0-1648238960
                          • Opcode ID: 5b99c3281326e163825678bd0a1b09d034d50bcacd7716aa9b6a6b8ed507ff9c
                          • Instruction ID: cbdc9337f6a7b7eace3c0d3aee60a739bbd96dd5df41cdec320ea97f713adbb9
                          • Opcode Fuzzy Hash: 5b99c3281326e163825678bd0a1b09d034d50bcacd7716aa9b6a6b8ed507ff9c
                          • Instruction Fuzzy Hash: D4312FB4E0025A8FCB11DFA8D9509EEBFF1BF89310B154696D454BB292D730A906CF51
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: heq$heq
                          • API String ID: 0-1648238960
                          • Opcode ID: 2f5d2ab367bc3b6faf72a35c92c87fb0dce2675ff38b6f2a5dee8aa428bdcf44
                          • Instruction ID: 212d5e54e0bdb2cd2913a30492507bf4f0af263a21844c4d85d2f83d3e4076a6
                          • Opcode Fuzzy Hash: 2f5d2ab367bc3b6faf72a35c92c87fb0dce2675ff38b6f2a5dee8aa428bdcf44
                          • Instruction Fuzzy Hash: 57214C74E0025A9FCF01DFA8D5409EEBBF1EF89310F1082AAD554BB291DB30A946CF90
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: (hq
                          • API String ID: 0-4060669308
                          • Opcode ID: 736361682047591aa38a85a689ca5b1a5fa30f55d2761d8780a3cc00bd2d36aa
                          • Instruction ID: aa3da7d451eb37e95f8f99b3c628bbd80f99f9c84f4a99b461ac6861ea26298e
                          • Opcode Fuzzy Hash: 736361682047591aa38a85a689ca5b1a5fa30f55d2761d8780a3cc00bd2d36aa
                          • Instruction Fuzzy Hash: 33911474A00218CFDB19DFB8C590A9EBBB2FF89315F208569D409AB365DB34AD42CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: pR
                          • API String ID: 0-717699616
                          • Opcode ID: 9e8b3f3549690995924a07b761c3c78fafca932d66a843bc1e43f812e439f046
                          • Instruction ID: b4e96f8840fe55224469062ed4d75cc30ff8621c7ca9db4d61ae58d26ec99bf2
                          • Opcode Fuzzy Hash: 9e8b3f3549690995924a07b761c3c78fafca932d66a843bc1e43f812e439f046
                          • Instruction Fuzzy Hash: A7215E71E0024E9FCF01DBA9D4509EDBFB1EF49310F8582A6D554BB262DB34A946CF50
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: dP
                          • API String ID: 0-363774953
                          • Opcode ID: dfa5295ded3a13e14f3d94eed8a138efc50cef1f7cc7d6de7f6311a4871fc568
                          • Instruction ID: 71b10811a6b0da611a30e5ba4104bb52fbbd1b9f8c7ea58c1c62636e41c1b0fa
                          • Opcode Fuzzy Hash: dfa5295ded3a13e14f3d94eed8a138efc50cef1f7cc7d6de7f6311a4871fc568
                          • Instruction Fuzzy Hash: 33111FB09002199FDB01FF68E85479D7BF5FB84306F008A64E104EB269EB706E49CF90
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d9a93407225da4a7db665a6f9d88c3335bc2d1fa5153e7857474b19427b5a95d
                          • Instruction ID: dcde5f4d665214233c6e1ba6120bbef467ab115c79b7601291e943d802bedd0d
                          • Opcode Fuzzy Hash: d9a93407225da4a7db665a6f9d88c3335bc2d1fa5153e7857474b19427b5a95d
                          • Instruction Fuzzy Hash: 9DD18C6180E3E69FDB139F78D8A05DABFF0AF57214F0944D7D084DB163D628484ACBA6
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1fd4be4194c859db16572f8bd8770d3e132e44a4c72d4f91f077acd78492881b
                          • Instruction ID: e6e288f668ef65951899dc1dbba6493e64ba08741fe9c3ac55c69ca8cb3254c2
                          • Opcode Fuzzy Hash: 1fd4be4194c859db16572f8bd8770d3e132e44a4c72d4f91f077acd78492881b
                          • Instruction Fuzzy Hash: AA51CDB4D042489FDF15CFAAD980AEEBFB1BF49304F24902AE818BB250D7359946DF54
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c37d4ac5028a699691eb9d5174b3b5a29e5e9daa483720fbb5a82e979babc8c2
                          • Instruction ID: efd999c199f90b085dbf235b591962d7b22ed5a7d4680c8173f4d748a2c8bd47
                          • Opcode Fuzzy Hash: c37d4ac5028a699691eb9d5174b3b5a29e5e9daa483720fbb5a82e979babc8c2
                          • Instruction Fuzzy Hash: CD91F574A00218CFDB18DFB8C590A9EBBB2FF89315F208569D509AB365DB35AD42CF50
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ad682fa15ab743fb3b1c087d13ff3aade2c1e93bdc0d017f6e4680286e54e401
                          • Instruction ID: 359c9e37ca59cf4883a5c25c837482a748b9976514d688df5639385bd95f6ab3
                          • Opcode Fuzzy Hash: ad682fa15ab743fb3b1c087d13ff3aade2c1e93bdc0d017f6e4680286e54e401
                          • Instruction Fuzzy Hash: F361CB74E05218CFCB18CFA9C884AEDBBB6FF89314F149169E409AB365D734AD46CB50
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a5c17a42497fd64c1e3af5eec082d3c4bbb4e9eee707a94922e98672cf57ef71
                          • Instruction ID: 66858bb8bb4906378bad7c0f0dd0f9dd7158f944f0efa74606d6969d29818194
                          • Opcode Fuzzy Hash: a5c17a42497fd64c1e3af5eec082d3c4bbb4e9eee707a94922e98672cf57ef71
                          • Instruction Fuzzy Hash: 6941CDB4D002489FDF14CFAAD980AAEFBF1BF49304F24902AE918BB250DB349945DF54
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 46da3e3b1dc3c34fcd138b204f04b7afbc1eae4a7c720aafcf71e3c8c6cb38a0
                          • Instruction ID: 428c056c9471f182c37fe6830231045e39edefb0bb55396850c45a9bcb66a2d6
                          • Opcode Fuzzy Hash: 46da3e3b1dc3c34fcd138b204f04b7afbc1eae4a7c720aafcf71e3c8c6cb38a0
                          • Instruction Fuzzy Hash: 4751CE75E01218DFCB18CFA8C884AEDBBB2FF89314F148169E505BB365D774A986CB50
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f5e6ae9f3f1aa392fe3bf56200bd2cc0553b01622d2776d3b8dc2189bcd27a4f
                          • Instruction ID: 9abea1622981d0f7a55433e9389dd47753234e7c0eaa2618a0bab1b8d6a36a46
                          • Opcode Fuzzy Hash: f5e6ae9f3f1aa392fe3bf56200bd2cc0553b01622d2776d3b8dc2189bcd27a4f
                          • Instruction Fuzzy Hash: D841E274E003198FDB14CFA9C584ADDBBF2BF89314F219199E449AB265D730AE85CF80
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 66acd8e0cdbf60670324f8be1b413f49ba2554e73e2f3fffd31afcccf42104d0
                          • Instruction ID: d1f23c863dabaff9682c33fa21e9d8e316e45135b52eac1825102e1184315e36
                          • Opcode Fuzzy Hash: 66acd8e0cdbf60670324f8be1b413f49ba2554e73e2f3fffd31afcccf42104d0
                          • Instruction Fuzzy Hash: 7021607290C355CFCB27E66C94646793FF5DBD6368B288897C584CB21BC628480DC7D1
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6d1095982378fc929af09ffc6822e41ff062e5ac1552d99f75adb200f94a0068
                          • Instruction ID: c077252eacc94e74573d26187d4ee79cd5771206de4bbb324558b9a7420161d2
                          • Opcode Fuzzy Hash: 6d1095982378fc929af09ffc6822e41ff062e5ac1552d99f75adb200f94a0068
                          • Instruction Fuzzy Hash: 90311B74E0025A9FCB01DFA8D9409EDBBF1FF89310B518296E954BB365D730AA46CF90
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 64809ef86c73cdf0ac59153a513ae95aa31a308ac79d0606c8596f145ab7f4c5
                          • Instruction ID: 5f65f870364cee7e1c0305d0dfc3a4e4fa0c3b254c8e143bb8f5e7929bda5f98
                          • Opcode Fuzzy Hash: 64809ef86c73cdf0ac59153a513ae95aa31a308ac79d0606c8596f145ab7f4c5
                          • Instruction Fuzzy Hash: 17312771E0025A9FCB05DFA8D8509EDBFB1FF89310F4182A6E554BB265D730AA46CF90
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5807a9868679b0c9e7b7b350c39525c6f6cff07f400754ae02ddcd4a2ca9efc5
                          • Instruction ID: f6571e16b23cd5dd29981a800827c15cdb985fcea74bf9a75b59e6fb0f086e6f
                          • Opcode Fuzzy Hash: 5807a9868679b0c9e7b7b350c39525c6f6cff07f400754ae02ddcd4a2ca9efc5
                          • Instruction Fuzzy Hash: AB310AB1E0025A9FCB04DFA9D8909EEBBB1FF89310F414566E451BB2A1D730AD45CF50
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cc15b2d22d02b90188a9794d4cf9f27072383ed34642e6740ab47761512ffe71
                          • Instruction ID: 095efa0ac74cf9527463254be84fc6aa2e0d1136e0e222bcbc865d9c687ca507
                          • Opcode Fuzzy Hash: cc15b2d22d02b90188a9794d4cf9f27072383ed34642e6740ab47761512ffe71
                          • Instruction Fuzzy Hash: E9212870E0025A9FCF05DFA8D9509EDBBF1EF49310F41829AE454BB262D730A946CB90
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b17d73f3e313ca00b0e2e10b1e6f0520377363d56aeb8d02a14132ad5b520ad8
                          • Instruction ID: e944b74b3465c1439de3a7ef2ba69bb9fb2847a209a09cbc16c2a79654d61d32
                          • Opcode Fuzzy Hash: b17d73f3e313ca00b0e2e10b1e6f0520377363d56aeb8d02a14132ad5b520ad8
                          • Instruction Fuzzy Hash: 94213971D0424E9FCB05DFA8D4509EDBBB1EF49320F4081AAD550BB2A1EB74AA46CF90
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1dc26ba14a6d550c9e15a9872462df96c299af61ed3601367d461163bdd56f0d
                          • Instruction ID: 18eff52cf19ac5049fa8d60718c9f60cff998c0706bd48c76dc9e0ea9573c734
                          • Opcode Fuzzy Hash: 1dc26ba14a6d550c9e15a9872462df96c299af61ed3601367d461163bdd56f0d
                          • Instruction Fuzzy Hash: 21110631B041499FCF15DB68C8505EFFBF7ABC8620F18817FD446A7245CA345D468790
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 17e8f70c675fe524da82248f209d7688756652a5b3912a9fb99163b4002dbd4d
                          • Instruction ID: f34e46db1d42ae0a1c38113635b7db4a0e39176c95944070d67b14b8b0f3a001
                          • Opcode Fuzzy Hash: 17e8f70c675fe524da82248f209d7688756652a5b3912a9fb99163b4002dbd4d
                          • Instruction Fuzzy Hash: DB11CE70E0018E9FCB02CFA8D550DECBFB1EF46314B4182DAE054AB262D3309A06CB80
                          Memory Dump Source
                          • Source File: 00000002.00000002.2877546413.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_cad000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1f19e73f04d2d255ae69169c3ab2a05ffde5839781c4cf263329bc7948d58f8a
                          • Instruction ID: dc3b97968a64c4463abe8fd48a974a093147579e8817ada8106f93a45c3228c5
                          • Opcode Fuzzy Hash: 1f19e73f04d2d255ae69169c3ab2a05ffde5839781c4cf263329bc7948d58f8a
                          • Instruction Fuzzy Hash: 5B012B710043459AE7209A16CCC4B6BBFE8DF52339F18C55AEE1F0B696C2749840C6B1
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f9cfc3e13da0e3a45a5292d08b2c43fbaca11a568c3bc08a0fdbc754c3d83e5f
                          • Instruction ID: ad3ea939264a8e564988c10227ee265f75d29d05376f7fcb332fd907b8b52eea
                          • Opcode Fuzzy Hash: f9cfc3e13da0e3a45a5292d08b2c43fbaca11a568c3bc08a0fdbc754c3d83e5f
                          • Instruction Fuzzy Hash: F8017870A05249DFCB16CB69D550AADBFF0AF86304F28C6EAD404AB666C6309E46DB40
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 438c931cf763e9e5f6985bea69b9bf271eb6fbb66850556591f9f20995b6b853
                          • Instruction ID: afddb6b94d39c513e77496b17b88c2bf176a6d2c2d9aad06f47f1f7e4227599d
                          • Opcode Fuzzy Hash: 438c931cf763e9e5f6985bea69b9bf271eb6fbb66850556591f9f20995b6b853
                          • Instruction Fuzzy Hash: F0F0AF75D0824D9ADF10CFAAD4143EEBFF4AB9A314F00502AD450B3250D77C060ACF90
                          Memory Dump Source
                          • Source File: 00000002.00000002.2877546413.0000000000CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CAD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_cad000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c332e8c7b0c6973527c6775a87231ebc35a366fece74cd1f644f5ee669f54c2b
                          • Instruction ID: b61d6785f3e8993d38bf6180203ee643eaefa5cfa06bb6dfbf05d39c2c15ad9a
                          • Opcode Fuzzy Hash: c332e8c7b0c6973527c6775a87231ebc35a366fece74cd1f644f5ee669f54c2b
                          • Instruction Fuzzy Hash: DDF0C2324043449AE7208A06CC84B66FFE8EB91734F18C05AED1A0B296C279A844CAB1
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0e475ea0fb9e365d4ca8a374ab1065bd791125aae83753bf4fc28c1b9f6f48ac
                          • Instruction ID: 234a54bc185790179472f45c2c958501cd38631a2c4dca28bc753cbdb04daf95
                          • Opcode Fuzzy Hash: 0e475ea0fb9e365d4ca8a374ab1065bd791125aae83753bf4fc28c1b9f6f48ac
                          • Instruction Fuzzy Hash: EFF09031D0010ADBDB25DB64C855AEFBFF2AF88300F15892DD442A7290DEB4194ADB92
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3547e1d989130ba0edb1e5d8f1c84c1c60bdac440e322c7899b10e0d489c2ee6
                          • Instruction ID: 5af4e70a4271cc0c9bd99a5ce5e080124c4200b9f729ad84d6f7204621779924
                          • Opcode Fuzzy Hash: 3547e1d989130ba0edb1e5d8f1c84c1c60bdac440e322c7899b10e0d489c2ee6
                          • Instruction Fuzzy Hash: 87E06572B04208AF8714CF4ED400D6EBBAAEBCA364724C02AF84CC7701DA31DC418790
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1e3066f05fcf36af31a74197dbc0f192a15802481079e4c430c698d26b94a2ed
                          • Instruction ID: 4056584931cde4cf657b0d1233acaf285c74af6ccc18e0c26e95e4ee82584af1
                          • Opcode Fuzzy Hash: 1e3066f05fcf36af31a74197dbc0f192a15802481079e4c430c698d26b94a2ed
                          • Instruction Fuzzy Hash: E0F0B2B0D0120DEFDB45EFB8D940AAEBBB4FB45304F1046AAD415A72A0EB709A44CB80
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7f26ea0e9eb994508f83c28e30787314c93ff966c27e8d417106af93454412a0
                          • Instruction ID: 7fd2e80183207ee5720e8519ce5408346e2890cdfb6dc7ab246df236d7bedff9
                          • Opcode Fuzzy Hash: 7f26ea0e9eb994508f83c28e30787314c93ff966c27e8d417106af93454412a0
                          • Instruction Fuzzy Hash: 0BF03230A49248EFCB14CFB8D5409ADBFB1AB46320F6482A8E84823365C336AA45DB40
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ecd1a38566815dacfdd41554df1b83f071d971012af4ad78a886043bf98d15a8
                          • Instruction ID: 4c6912a3bfaba40bb4f5605e1d253c1bc8720da7a0756c48f334ccd78fb2137e
                          • Opcode Fuzzy Hash: ecd1a38566815dacfdd41554df1b83f071d971012af4ad78a886043bf98d15a8
                          • Instruction Fuzzy Hash: E9E0E574E04258CBCB28DF9AE8404ADB7B1FFC5324B009565D015AB264D6309A12CB40
                          Memory Dump Source
                          • Source File: 00000002.00000002.2878769411.0000000001370000.00000040.00000800.00020000.00000000.sdmp, Offset: 01370000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_1370000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: db25c77e6b5ccdb21c6f60279eb284fdde8dfb22b5b4b664351b404371b38158
                          • Instruction ID: 6e1faf06033b5bde85a27c469a3c6efb52fa0ff9a996490297bc98d15ab58888
                          • Opcode Fuzzy Hash: db25c77e6b5ccdb21c6f60279eb284fdde8dfb22b5b4b664351b404371b38158
                          • Instruction Fuzzy Hash: 97E04678E0421C9BCB24CF99D8404DCF7B2AFC2220F009266C069BB264D7309912CB40
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.1633972781.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_10a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: dhq
                          • API String ID: 0-2324836203
                          • Opcode ID: 00db3ba809e6cf7c2a6dd57918a38028c1c7813d6766a63ad68c293f3d60dfa9
                          • Instruction ID: 03ae4bd16189c2c965ad6cfecbf485831ddf06a18f7762a8e594f1611229e40f
                          • Opcode Fuzzy Hash: 00db3ba809e6cf7c2a6dd57918a38028c1c7813d6766a63ad68c293f3d60dfa9
                          • Instruction Fuzzy Hash: 9982A274900229CFCB24DFA8D984BDDBBB1BF49304F5086E6D449AB265D734AE85CF50
                          Memory Dump Source
                          • Source File: 00000003.00000002.1633972781.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_10a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f04626b94450a08502f759e00e5c9b7ad14e1af2033493f0f33253c647d0a085
                          • Instruction ID: 89b6649cfc356f10545b623fb5cf4a72a8228cb1445165a5407dfa5a7d5d4c56
                          • Opcode Fuzzy Hash: f04626b94450a08502f759e00e5c9b7ad14e1af2033493f0f33253c647d0a085
                          • Instruction Fuzzy Hash: F2216DB0904309DFDB02EF78EA546897BF1FB49309F4049A6D0489F66AE7795E49CB80
                          Memory Dump Source
                          • Source File: 00000003.00000002.1633972781.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_10a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 13c4b8f771cdd061e00a9fb15943f506582878a2f82c74621dbc9aab28913b4a
                          • Instruction ID: 96388e336c2cf8ccaf738d2438f313a626f74c5a175892fd2cffdfbac8dfc105
                          • Opcode Fuzzy Hash: 13c4b8f771cdd061e00a9fb15943f506582878a2f82c74621dbc9aab28913b4a
                          • Instruction Fuzzy Hash: BA31B0708093899FD703EB78D9646893FF1EF46309B0549EAD0888F56BE7391D4ACB91
                          Memory Dump Source
                          • Source File: 00000003.00000002.1633972781.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_10a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 11cfb91d6b5ce7e16e8d07a18c74cd61d628a39053d338ffa72df7ff0a87c6e2
                          • Instruction ID: d20a602d4126ab596c09bf17b312d8ed5d6741e6e26e36cf0fc64f2c1bc7e916
                          • Opcode Fuzzy Hash: 11cfb91d6b5ce7e16e8d07a18c74cd61d628a39053d338ffa72df7ff0a87c6e2
                          • Instruction Fuzzy Hash: F9215971E0124A9FCF01DFA8C4509DDBFB1EF4A314F8581A6D4A4BB261DB34AA46CB90
                          Memory Dump Source
                          • Source File: 00000003.00000002.1633972781.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_10a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 67e62712cf32a62209689815e8ca695d36292ffc994de2d832684812b2abb992
                          • Instruction ID: cf071c68252c2cdcaef2347181e291aaaa048d74456f858bbe6748e70f78eccc
                          • Opcode Fuzzy Hash: 67e62712cf32a62209689815e8ca695d36292ffc994de2d832684812b2abb992
                          • Instruction Fuzzy Hash: 3B1136B4D00219DFDB02EFA8E65468D7BF1FB4830AF408A65E0489F66DD7755A45CF80
                          Memory Dump Source
                          • Source File: 00000003.00000002.1633972781.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_10a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7dee64ead913f877f19d88d989ae0ff312ea6a24deedb47e51a0a3a10ec1413d
                          • Instruction ID: 6d090c03ccdd92d502bf74e6f9ac76b095aa55719f8f34b249b730e65679f0e3
                          • Opcode Fuzzy Hash: 7dee64ead913f877f19d88d989ae0ff312ea6a24deedb47e51a0a3a10ec1413d
                          • Instruction Fuzzy Hash: 9EF014B4D042499BDF11DBAAD4143EEBBF4AF4A310F809065D494B7250DB795A4ACFA0
                          Memory Dump Source
                          • Source File: 00000003.00000002.1633972781.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_10a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: da6030b0b21972023b43e648848bfe2069bdae8bfaa5aa36ac86c4fd5cb09e39
                          • Instruction ID: d0ecbdb8a2c5487a2f65d9ab9162fe2816e0d3fb9dcf7594616cae78c504b9e0
                          • Opcode Fuzzy Hash: da6030b0b21972023b43e648848bfe2069bdae8bfaa5aa36ac86c4fd5cb09e39
                          • Instruction Fuzzy Hash: F0010070805309DFCB42DFB8C8505ADBBB0FF06310F1046EAC485EB261EB399A44CB81
                          Memory Dump Source
                          • Source File: 00000003.00000002.1633972781.00000000010A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 010A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_10a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 27cf83aaba6bbcc793a1eae63b62a6218a61dcf6bd600447337585e77c4f9c78
                          • Instruction ID: 6fb1f9d49d9c806708d21510b1ac6bcc114b22f9985416f4eb258cc1f8b960b4
                          • Opcode Fuzzy Hash: 27cf83aaba6bbcc793a1eae63b62a6218a61dcf6bd600447337585e77c4f9c78
                          • Instruction Fuzzy Hash: 24F0AFB0C01209EFCB45EFA8D544AAEBBB4FB05300F5046AAD455A7264EB759A44CB80

                          Execution Graph

                          Execution Coverage:9.5%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:142
                          Total number of Limit Nodes:3
                          execution_graph 14188 239f538 14189 239f55a 14188->14189 14210 4dbb1b1 14189->14210 14215 4dbb1e5 14189->14215 14220 4dbb0e9 14189->14220 14225 4dbb0f8 14189->14225 14190 239f634 14191 239f694 14190->14191 14230 4dbe0e6 14190->14230 14235 4dbdb27 14190->14235 14240 4dbdd42 14190->14240 14248 4dbe0ac 14190->14248 14253 4dbdeaf 14190->14253 14258 4dbdf6f 14190->14258 14263 4dbe688 14190->14263 14268 4dbe433 14190->14268 14273 4dbda10 14190->14273 14278 4dbe492 14190->14278 14283 4dbe253 14190->14283 14291 4dbdae8 14190->14291 14296 4dbdbb8 14190->14296 14304 4dbe765 14190->14304 14211 4dbb183 14210->14211 14309 4dbd098 14211->14309 14313 4dbd091 14211->14313 14212 4dbc025 14212->14190 14216 4dbb183 14215->14216 14218 4dbd098 NtResumeThread 14216->14218 14219 4dbd091 NtResumeThread 14216->14219 14217 4dbc025 14217->14190 14218->14217 14219->14217 14221 4dbb12c 14220->14221 14223 4dbd098 NtResumeThread 14221->14223 14224 4dbd091 NtResumeThread 14221->14224 14222 4dbc025 14222->14190 14223->14222 14224->14222 14226 4dbb12c 14225->14226 14228 4dbd098 NtResumeThread 14226->14228 14229 4dbd091 NtResumeThread 14226->14229 14227 4dbc025 14227->14190 14228->14227 14229->14227 14231 4dbe0f2 14230->14231 14317 4dbd2b8 14231->14317 14321 4dbd2b0 14231->14321 14232 4dbe18c 14236 4dbdaba 14235->14236 14238 4dbd098 NtResumeThread 14236->14238 14239 4dbd091 NtResumeThread 14236->14239 14237 4dbe937 14237->14191 14238->14237 14239->14237 14241 4dbdd5a 14240->14241 14325 4dbeb78 14241->14325 14330 4dbeb77 14241->14330 14242 4dbde3d 14246 4dbd2b8 NtWriteVirtualMemory 14242->14246 14247 4dbd2b0 NtWriteVirtualMemory 14242->14247 14243 4dbde79 14246->14243 14247->14243 14249 4dbe0b0 14248->14249 14251 4dbd2b8 NtWriteVirtualMemory 14249->14251 14252 4dbd2b0 NtWriteVirtualMemory 14249->14252 14250 4dbe18c 14251->14250 14252->14250 14254 4dbdebb 14253->14254 14343 4dbd459 14254->14343 14347 4dbd460 14254->14347 14255 4dbdee0 14259 4dbdf9a 14258->14259 14261 4dbeb78 2 API calls 14259->14261 14262 4dbeb77 2 API calls 14259->14262 14260 4dbdfb6 14261->14260 14262->14260 14264 4dbe6a0 14263->14264 14266 4dbd459 NtSetContextThread 14264->14266 14267 4dbd460 NtSetContextThread 14264->14267 14265 4dbe74e 14266->14265 14267->14265 14269 4dbe43f 14268->14269 14271 4dbeb78 2 API calls 14269->14271 14272 4dbeb77 2 API calls 14269->14272 14270 4dbe45b 14271->14270 14272->14270 14274 4dbda44 14273->14274 14276 4dbd098 NtResumeThread 14274->14276 14277 4dbd091 NtResumeThread 14274->14277 14275 4dbe937 14275->14191 14276->14275 14277->14275 14279 4dbe4ae 14278->14279 14281 4dbd2b8 NtWriteVirtualMemory 14279->14281 14282 4dbd2b0 NtWriteVirtualMemory 14279->14282 14280 4dbe536 14281->14280 14282->14280 14284 4dbe25f 14283->14284 14289 4dbeb78 2 API calls 14284->14289 14290 4dbeb77 2 API calls 14284->14290 14285 4dbe27b 14287 4dbd098 NtResumeThread 14285->14287 14288 4dbd091 NtResumeThread 14285->14288 14286 4dbe36b 14287->14286 14288->14286 14289->14285 14290->14285 14292 4dbdaba 14291->14292 14292->14291 14294 4dbd098 NtResumeThread 14292->14294 14295 4dbd091 NtResumeThread 14292->14295 14293 4dbe937 14293->14191 14294->14293 14295->14293 14297 4dbdbc4 14296->14297 14302 4dbeb78 2 API calls 14297->14302 14303 4dbeb77 2 API calls 14297->14303 14298 4dbdc11 14351 4dbd198 14298->14351 14355 4dbd190 14298->14355 14299 4dbdc4f 14302->14298 14303->14298 14305 4dbe77a 14304->14305 14307 4dbeb78 2 API calls 14305->14307 14308 4dbeb77 2 API calls 14305->14308 14306 4dbe796 14307->14306 14308->14306 14310 4dbd0dc NtResumeThread 14309->14310 14312 4dbd133 14310->14312 14312->14212 14314 4dbd0dc NtResumeThread 14313->14314 14316 4dbd133 14314->14316 14316->14212 14318 4dbd301 NtWriteVirtualMemory 14317->14318 14320 4dbd39a 14318->14320 14320->14232 14322 4dbd301 NtWriteVirtualMemory 14321->14322 14324 4dbd39a 14322->14324 14324->14232 14327 4dbeb9c 14325->14327 14326 4dbec45 14326->14242 14327->14326 14335 4dbcedc 14327->14335 14339 4dbcee0 14327->14339 14332 4dbeb9c 14330->14332 14331 4dbec45 14331->14242 14332->14331 14333 4dbcedc NtReadVirtualMemory 14332->14333 14334 4dbcee0 NtReadVirtualMemory 14332->14334 14333->14332 14334->14332 14336 4dbcf2c NtReadVirtualMemory 14335->14336 14338 4dbcfa4 14336->14338 14338->14327 14340 4dbcf2c NtReadVirtualMemory 14339->14340 14342 4dbcfa4 14340->14342 14342->14327 14344 4dbd4a9 NtSetContextThread 14343->14344 14346 4dbd521 14344->14346 14346->14255 14348 4dbd4a9 NtSetContextThread 14347->14348 14350 4dbd521 14348->14350 14350->14255 14352 4dbd1dc VirtualAllocEx 14351->14352 14354 4dbd254 14352->14354 14354->14299 14356 4dbd1dc VirtualAllocEx 14355->14356 14358 4dbd254 14356->14358 14358->14299 14363 854cd0 14364 854d1d VirtualProtect 14363->14364 14365 854d89 14364->14365 14359 4dbc250 14361 4dbc2e0 CreateProcessW 14359->14361 14362 4dbc6b4 14361->14362 14366 4dbc830 14368 4dbc854 14366->14368 14367 4dbc8fd 14368->14367 14369 4dbcedc NtReadVirtualMemory 14368->14369 14370 4dbcee0 NtReadVirtualMemory 14368->14370 14369->14368 14370->14368

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 131 4dbc245-4dbc30a 133 4dbc3c2-4dbc3d7 131->133 134 4dbc310-4dbc34b 131->134 135 4dbc3dd-4dbc423 133->135 136 4dbc487-4dbc48b 133->136 148 4dbc34d-4dbc355 134->148 149 4dbc383-4dbc394 134->149 154 4dbc461-4dbc46c 135->154 155 4dbc425-4dbc42d 135->155 137 4dbc48d-4dbc4cf 136->137 138 4dbc4d5-4dbc526 136->138 137->138 140 4dbc5de-4dbc5f0 138->140 141 4dbc52c-4dbc567 138->141 144 4dbc60d-4dbc61f 140->144 145 4dbc5f2-4dbc60a 140->145 173 4dbc569-4dbc571 141->173 174 4dbc59f-4dbc5b0 141->174 151 4dbc63c-4dbc6b2 CreateProcessW 144->151 152 4dbc621-4dbc639 144->152 145->144 156 4dbc378-4dbc381 148->156 157 4dbc357-4dbc361 148->157 164 4dbc39a-4dbc3ba 149->164 158 4dbc6bb-4dbc6fc 151->158 159 4dbc6b4-4dbc6ba 151->159 152->151 171 4dbc472-4dbc481 154->171 160 4dbc42f-4dbc439 155->160 161 4dbc450-4dbc45f 155->161 156->164 162 4dbc363 157->162 163 4dbc365-4dbc374 157->163 177 4dbc6fe-4dbc70d 158->177 178 4dbc713-4dbc72a 158->178 159->158 168 4dbc43b 160->168 169 4dbc43d-4dbc44c 160->169 161->171 162->163 163->163 170 4dbc376 163->170 164->133 168->169 169->169 179 4dbc44e 169->179 170->156 171->136 180 4dbc573-4dbc57d 173->180 181 4dbc594-4dbc59d 173->181 182 4dbc5b6-4dbc5d6 174->182 177->178 189 4dbc72c-4dbc738 178->189 190 4dbc743-4dbc753 178->190 179->161 184 4dbc57f 180->184 185 4dbc581-4dbc590 180->185 181->182 182->140 184->185 185->185 188 4dbc592 185->188 188->181 189->190 191 4dbc76a-4dbc7ad 190->191 192 4dbc755-4dbc764 190->192 197 4dbc7af-4dbc7b3 191->197 198 4dbc7bd-4dbc7c1 191->198 192->191 197->198 199 4dbc7b5-4dbc7b8 call 4db0768 197->199 200 4dbc7c3-4dbc7c7 198->200 201 4dbc7d1-4dbc7d5 198->201 199->198 200->201 203 4dbc7c9-4dbc7cc call 4db0768 200->203 204 4dbc7d7-4dbc7db 201->204 205 4dbc7e5 201->205 203->201 204->205 207 4dbc7dd-4dbc7e0 call 4db0768 204->207 209 4dbc7e6 205->209 207->205 209->209
                          APIs
                          • CreateProcessW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?), ref: 04DBC69F
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID: W
                          • API String ID: 963392458-655174618
                          • Opcode ID: a4ffd960c95919395401d28151b86df3d03596aa977729af21fe78beada99028
                          • Instruction ID: 1ab0f6a393ed2e7c9525c670f2ab36c4f3e5a17f3c61da3b6b0de95498e16c86
                          • Opcode Fuzzy Hash: a4ffd960c95919395401d28151b86df3d03596aa977729af21fe78beada99028
                          • Instruction Fuzzy Hash: 73F1C274E10219CFDB24CFA9C884BDDBBB1BF49704F1081A9E859A7250D734AA85CF94

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 210 2399fa0-2399fc3 211 2399fca-239a016 210->211 212 2399fc5 210->212 215 239a019 211->215 212->211 216 239a020-239a03c 215->216 217 239a03e 216->217 218 239a045-239a046 216->218 217->215 217->218 219 239a158-239a15c 217->219 220 239a1fa-239a219 217->220 221 239a13c-239a153 217->221 222 239a23e-239a250 217->222 223 239a21e-239a239 217->223 224 239a0b0-239a0b6 217->224 225 239a0d5-239a103 217->225 226 239a255-239a2d3 217->226 227 239a108-239a137 217->227 228 239a188-239a1bc 217->228 229 239a04b-239a050 217->229 230 239a1c1-239a1f5 217->230 231 239a080-239a084 217->231 218->226 232 239a16f-239a176 219->232 233 239a15e-239a16d 219->233 220->216 221->216 222->216 223->216 246 239a0be-239a0d0 224->246 225->216 253 239a2db-239a2e5 226->253 227->216 228->216 234 239a063-239a06a 229->234 235 239a052-239a061 229->235 230->216 236 239a097-239a09e 231->236 237 239a086-239a095 231->237 238 239a17d-239a183 232->238 233->238 242 239a071-239a07e 234->242 235->242 244 239a0a5-239a0ab 236->244 237->244 238->216 242->216 244->216 246->216
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tedq$Tedq
                          • API String ID: 0-4137347946
                          • Opcode ID: e0dfc87b79588c18eb8e9db027361f7d43bf27d8918922d6681bfdd30954c708
                          • Instruction ID: 5a99d028b32a0c820acb5a7cc06d86fa3554fe48fe0987ee123623f95435b954
                          • Opcode Fuzzy Hash: e0dfc87b79588c18eb8e9db027361f7d43bf27d8918922d6681bfdd30954c708
                          • Instruction Fuzzy Hash: 6EB1C0B4E05219CFDF04CFA9C9849AEBBB6BF89300F20962AD815BB355D735A901CF54

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 286 4dbc250-4dbc30a 288 4dbc3c2-4dbc3d7 286->288 289 4dbc310-4dbc34b 286->289 290 4dbc3dd-4dbc423 288->290 291 4dbc487-4dbc48b 288->291 303 4dbc34d-4dbc355 289->303 304 4dbc383-4dbc394 289->304 309 4dbc461-4dbc46c 290->309 310 4dbc425-4dbc42d 290->310 292 4dbc48d-4dbc4cf 291->292 293 4dbc4d5-4dbc526 291->293 292->293 295 4dbc5de-4dbc5f0 293->295 296 4dbc52c-4dbc567 293->296 299 4dbc60d-4dbc61f 295->299 300 4dbc5f2-4dbc60a 295->300 328 4dbc569-4dbc571 296->328 329 4dbc59f-4dbc5b0 296->329 306 4dbc63c-4dbc6b2 CreateProcessW 299->306 307 4dbc621-4dbc639 299->307 300->299 311 4dbc378-4dbc381 303->311 312 4dbc357-4dbc361 303->312 319 4dbc39a-4dbc3ba 304->319 313 4dbc6bb-4dbc6fc 306->313 314 4dbc6b4-4dbc6ba 306->314 307->306 326 4dbc472-4dbc481 309->326 315 4dbc42f-4dbc439 310->315 316 4dbc450-4dbc45f 310->316 311->319 317 4dbc363 312->317 318 4dbc365-4dbc374 312->318 332 4dbc6fe-4dbc70d 313->332 333 4dbc713-4dbc72a 313->333 314->313 323 4dbc43b 315->323 324 4dbc43d-4dbc44c 315->324 316->326 317->318 318->318 325 4dbc376 318->325 319->288 323->324 324->324 334 4dbc44e 324->334 325->311 326->291 335 4dbc573-4dbc57d 328->335 336 4dbc594-4dbc59d 328->336 337 4dbc5b6-4dbc5d6 329->337 332->333 344 4dbc72c-4dbc738 333->344 345 4dbc743-4dbc753 333->345 334->316 339 4dbc57f 335->339 340 4dbc581-4dbc590 335->340 336->337 337->295 339->340 340->340 343 4dbc592 340->343 343->336 344->345 346 4dbc76a-4dbc7ad 345->346 347 4dbc755-4dbc764 345->347 352 4dbc7af-4dbc7b3 346->352 353 4dbc7bd-4dbc7c1 346->353 347->346 352->353 354 4dbc7b5-4dbc7b8 call 4db0768 352->354 355 4dbc7c3-4dbc7c7 353->355 356 4dbc7d1-4dbc7d5 353->356 354->353 355->356 358 4dbc7c9-4dbc7cc call 4db0768 355->358 359 4dbc7d7-4dbc7db 356->359 360 4dbc7e5 356->360 358->356 359->360 362 4dbc7dd-4dbc7e0 call 4db0768 359->362 364 4dbc7e6 360->364 362->360 364->364
                          APIs
                          • CreateProcessW.KERNELBASE(?,00000000,?,?,?,?,?,?,?,?), ref: 04DBC69F
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: c8ac3c3cfc64b982e26b4e6720d2007727f542c2ffad1870c61c1305d3782d2a
                          • Instruction ID: ae3ca4e245d6092b52c8658cb7f84de6310e0165247f21c934a31d2274dc3876
                          • Opcode Fuzzy Hash: c8ac3c3cfc64b982e26b4e6720d2007727f542c2ffad1870c61c1305d3782d2a
                          • Instruction Fuzzy Hash: 3402C270E10219CFDB64CFA9C884BDDBBF1BF49704F1081A9E459A7250DB34AA85CF94

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 383 4dbd2b0-4dbd320 385 4dbd322-4dbd334 383->385 386 4dbd337-4dbd398 NtWriteVirtualMemory 383->386 385->386 388 4dbd39a-4dbd3a0 386->388 389 4dbd3a1-4dbd3f3 386->389 388->389
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 04DBD388
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID:
                          • API String ID: 3527976591-0
                          • Opcode ID: 79840b4e88fabdd1374aff19d5ffb71d1307bd67f9916cf519a1709360d14ad4
                          • Instruction ID: 51af6daa9cb595be3463dcf4b83da9589b1e1c883d5033133ec464f10049d421
                          • Opcode Fuzzy Hash: 79840b4e88fabdd1374aff19d5ffb71d1307bd67f9916cf519a1709360d14ad4
                          • Instruction Fuzzy Hash: B541B9B4D012588FCF00CFA9D984ADEBBF1BB49314F20902AE819B7240C739AA45CB54

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 394 4dbd2b8-4dbd320 396 4dbd322-4dbd334 394->396 397 4dbd337-4dbd398 NtWriteVirtualMemory 394->397 396->397 399 4dbd39a-4dbd3a0 397->399 400 4dbd3a1-4dbd3f3 397->400 399->400
                          APIs
                          • NtWriteVirtualMemory.NTDLL(?,?,?,?,?), ref: 04DBD388
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: MemoryVirtualWrite
                          • String ID:
                          • API String ID: 3527976591-0
                          • Opcode ID: 8401992792a8717e4bc8fd3f3672f298ff4c4dbcd7f9f3222d035eb6d97a5f7a
                          • Instruction ID: 02a4b830c3ddf9860d3bb68f04095cf2dd8d39f65b5c32658fbc92e95c81aba9
                          • Opcode Fuzzy Hash: 8401992792a8717e4bc8fd3f3672f298ff4c4dbcd7f9f3222d035eb6d97a5f7a
                          • Instruction Fuzzy Hash: 6C41AAB4D012589FCF00CFA9D984ADEFBF1BB49314F24902AE819B7250D739AA45CF54

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 405 4dbcedc-4dbcfa2 NtReadVirtualMemory 408 4dbcfab-4dbcffd 405->408 409 4dbcfa4-4dbcfaa 405->409 409->408
                          APIs
                          • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 04DBCF92
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: MemoryReadVirtual
                          • String ID:
                          • API String ID: 2834387570-0
                          • Opcode ID: bdaec4dfe0f5e534efa1f7a6501f0746e72f664af392780728428aa3e12a4659
                          • Instruction ID: 72ac6ec999ff4f4075b7f0db8889d967cf9b5b218b82c211bfd1164fd8785b87
                          • Opcode Fuzzy Hash: bdaec4dfe0f5e534efa1f7a6501f0746e72f664af392780728428aa3e12a4659
                          • Instruction Fuzzy Hash: 3041A8B4D00258DFCF00CFAAD884AEEFBB1BB49310F14942AE819B7240D735A946CF64

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 414 4dbcee0-4dbcfa2 NtReadVirtualMemory 417 4dbcfab-4dbcffd 414->417 418 4dbcfa4-4dbcfaa 414->418 418->417
                          APIs
                          • NtReadVirtualMemory.NTDLL(?,?,?,?,?), ref: 04DBCF92
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: MemoryReadVirtual
                          • String ID:
                          • API String ID: 2834387570-0
                          • Opcode ID: 7b384e75b570f3d645b40e03deb85579765db2b717a36881821dba2acb6ddb44
                          • Instruction ID: b7565986f4a382fac2ff59b2d899d6f1a56c1d03115b2377c06da3ef7d429762
                          • Opcode Fuzzy Hash: 7b384e75b570f3d645b40e03deb85579765db2b717a36881821dba2acb6ddb44
                          • Instruction Fuzzy Hash: 8E4197B5D04258DFCF10CFAAD884AEEFBB1BB49310F14942AE819B7240D735A945DF68
                          APIs
                          • NtSetContextThread.NTDLL(?,?), ref: 04DBD50F
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ContextThread
                          • String ID:
                          • API String ID: 1591575202-0
                          • Opcode ID: 579f9c5e4f9a149c75abcd068f25058d24df4b5cd6665d309a960070fc524c99
                          • Instruction ID: 4140c39ae7f5805ae817ac4d0c849b78ec18a7d2aea633775e29049eb200a2ae
                          • Opcode Fuzzy Hash: 579f9c5e4f9a149c75abcd068f25058d24df4b5cd6665d309a960070fc524c99
                          • Instruction Fuzzy Hash: D441ACB5D01259DFCB14CFAAD884ADEBBF1BF49314F24802AE459B7240D738A945CF94
                          APIs
                          • NtSetContextThread.NTDLL(?,?), ref: 04DBD50F
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ContextThread
                          • String ID:
                          • API String ID: 1591575202-0
                          • Opcode ID: 0a2daad88c25f6946b9c7f6706563f6c4036459daf131aa5a02eff3a9fe959af
                          • Instruction ID: 22095418493de671b6664cde431a613faf379c3209accf732e81193ecdcc2f76
                          • Opcode Fuzzy Hash: 0a2daad88c25f6946b9c7f6706563f6c4036459daf131aa5a02eff3a9fe959af
                          • Instruction Fuzzy Hash: 11319AB4D01258DFCB14DFAAD884AEEFBF1BB49314F24802AE459B7240D739A945CF94
                          APIs
                          • NtResumeThread.NTDLL(?,?), ref: 04DBD121
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: e5ca3a9aff879dc7345061594e8dfc69d6f04c26731812e11ac05db9f9f2440a
                          • Instruction ID: dd8a6ed7ce70e19c39119be63086bc2d879c1e347e0d366b74235d664bed9951
                          • Opcode Fuzzy Hash: e5ca3a9aff879dc7345061594e8dfc69d6f04c26731812e11ac05db9f9f2440a
                          • Instruction Fuzzy Hash: C73189B4D012189FCB10CFA9E984ADEFBF1FB49324F10942AE815B7340D775A946CB94
                          APIs
                          • NtResumeThread.NTDLL(?,?), ref: 04DBD121
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 98babd50c29a7c0c5a46b8c30e469c8908800fc3089bae798093cfb8250c8e1c
                          • Instruction ID: 5021e2c8a3ca2ea83b3af55c263a46d836d01d17f930125c675751d70dc3ee21
                          • Opcode Fuzzy Hash: 98babd50c29a7c0c5a46b8c30e469c8908800fc3089bae798093cfb8250c8e1c
                          • Instruction Fuzzy Hash: 343186B4D012189FCB10CFA9D984ADEFBF5BB49320F20942AE819B7340D775A945CF94
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 89f0e6111e247279e102c22aae6b08af1b8bac57345e268f7ba12bbe5e1c080e
                          • Instruction ID: a9ed0b7f143032c86dac2cc53a50ffea939c0dbb2bca4bf5e0def3947933d768
                          • Opcode Fuzzy Hash: 89f0e6111e247279e102c22aae6b08af1b8bac57345e268f7ba12bbe5e1c080e
                          • Instruction Fuzzy Hash: C5D11D70D0520ADFCB04CF99C9814AEFBB6FF8A300B54E956D415AB365D734AA42CF94
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 46da4e71a01ebce5900cc8004a1b841e55432fe85f6bee76060074cfad7b6a61
                          • Instruction ID: 57828e0741b649bcb9607dc313dc21b7dcd978b72ed08b8303d1b9939f3331d8
                          • Opcode Fuzzy Hash: 46da4e71a01ebce5900cc8004a1b841e55432fe85f6bee76060074cfad7b6a61
                          • Instruction Fuzzy Hash: C0514E71E016588BEB5CCF6B8D4078AFAF7AFC9200F14C1BA990CAA265DB7056428F11
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2830cd4b7f5da319c60710db69e623c2e3fcea4b7aa7dc0fb75c14e6399cb707
                          • Instruction ID: 44cd916b8c43ddb697f02d8a28b8015e3963254c8933bf8870a144b75b04dcfe
                          • Opcode Fuzzy Hash: 2830cd4b7f5da319c60710db69e623c2e3fcea4b7aa7dc0fb75c14e6399cb707
                          • Instruction Fuzzy Hash: 4E411171E016588BEB5CCF6B9D4079EFAF7BFC9204F14C5BA950CAA214DB7016468F11

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 274 23960fa-239619a 279 23961a5-2396202 274->279 283 239621b-2396225 279->283 284 2396204-2396219 279->284 285 239622f-239623b 283->285 284->285
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: XP_$XP_
                          • API String ID: 0-374244083
                          • Opcode ID: bf60d7ab904d1cd9754793c190ac907d348a0b4a3bcd00875685a1e35e76d13b
                          • Instruction ID: 64b37e186842b5cbe9a1be07b694f63beebc16b9ce2b569dfe9e62f57f476ea1
                          • Opcode Fuzzy Hash: bf60d7ab904d1cd9754793c190ac907d348a0b4a3bcd00875685a1e35e76d13b
                          • Instruction Fuzzy Hash: 5B316F78E112298FDBA5DF24C989B99BBB9BB49304F5081D9D40DA7310DB709E82CF11

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 365 854c11-854c24 366 854c26-854c54 365->366 367 854c6e-854d87 VirtualProtect 365->367 370 854d90-854dcc 367->370 371 854d89-854d8f 367->371 371->370
                          Memory Dump Source
                          • Source File: 00000004.00000002.1654337510.0000000000850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_850000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5d3c14589fb1dc337eec9f5961220f28d1ea3baa6c591829817d63d0fb1ce9f9
                          • Instruction ID: 6dc04463fc2fb6ccf8a64bd3dbc327c8f4131a4e05ea2779a21374420336157a
                          • Opcode Fuzzy Hash: 5d3c14589fb1dc337eec9f5961220f28d1ea3baa6c591829817d63d0fb1ce9f9
                          • Instruction Fuzzy Hash: 9A513574C0435ADFCB02CFA8D495A9EBBF0FF0A310F1590AAE854AB221E3349955DF60

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 374 854c55-854c58 375 854c9e-854d87 VirtualProtect 374->375 376 854c5a-854c9b 374->376 379 854d90-854dcc 375->379 380 854d89-854d8f 375->380 376->375 380->379
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00854D77
                          Memory Dump Source
                          • Source File: 00000004.00000002.1654337510.0000000000850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_850000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 784ba9675b8e4fb6f788192faf5e6762db3213afc1d92e18c5126de604077673
                          • Instruction ID: 8ebcbb6360ed1b0308d350203f56089cb8c1255b5f048d37b8181d21f5dcbdce
                          • Opcode Fuzzy Hash: 784ba9675b8e4fb6f788192faf5e6762db3213afc1d92e18c5126de604077673
                          • Instruction Fuzzy Hash: 9B5112B4C04349DFCB02CFA9D545A9EBBF0FF0A310F1590AAE854AB261E3349955DF60

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 423 4dbd190-4dbd252 VirtualAllocEx 426 4dbd25b-4dbd2a5 423->426 427 4dbd254-4dbd25a 423->427 427->426
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04DBD242
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 47afe71ad1f8ef10ef4bcd6b6525e2d4b92b749ad28eed6713250cf076b14dfb
                          • Instruction ID: e392a4a3ba8eb2e3fa9511c4bcfdd403b944e426dd4b4d33d1852036c17d8e8a
                          • Opcode Fuzzy Hash: 47afe71ad1f8ef10ef4bcd6b6525e2d4b92b749ad28eed6713250cf076b14dfb
                          • Instruction Fuzzy Hash: 793197B8D002589FCF10CFA9D984ADEBBB1BB49310F10942AE815BB240D735A946CF54

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 432 4dbd198-4dbd252 VirtualAllocEx 435 4dbd25b-4dbd2a5 432->435 436 4dbd254-4dbd25a 432->436 436->435
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 04DBD242
                          Memory Dump Source
                          • Source File: 00000004.00000002.1659672150.0000000004DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DB0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_4db0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 5fbbf76d2d5566732dc1862e2833263dadf33fae8ed69d4e0b6b11da486fe2d5
                          • Instruction ID: 323212d4e65ea74ac0ac3bf04bea0ce561fe13d217d984eae62a9e24d4694729
                          • Opcode Fuzzy Hash: 5fbbf76d2d5566732dc1862e2833263dadf33fae8ed69d4e0b6b11da486fe2d5
                          • Instruction Fuzzy Hash: 063187B8D00258DFCF10CFA9D984ADEFBB5BB49310F10942AE815B7250D735A945CF58
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00854D77
                          Memory Dump Source
                          • Source File: 00000004.00000002.1654337510.0000000000850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_850000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: a8c77bda2c525be3c3f7088155de5bad020065a22cc7de0becdd74a15cbb12e9
                          • Instruction ID: 03bd88dc1e5f0a81b72e3b12d548fa5e111e473fd086572f2c421384d23a03ab
                          • Opcode Fuzzy Hash: a8c77bda2c525be3c3f7088155de5bad020065a22cc7de0becdd74a15cbb12e9
                          • Instruction Fuzzy Hash: 3D317AB9D042589FCB10CFA9E584ADEFBF1BB09314F24A02AE814B7250D775A949CF64
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0085A28F
                          Memory Dump Source
                          • Source File: 00000004.00000002.1654337510.0000000000850000.00000040.00000800.00020000.00000000.sdmp, Offset: 00850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_850000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: dd2275e814d0a6bc4575b68810022db93352e2b335abe0f4b40459ba835ce87e
                          • Instruction ID: 50f1cc1edd9dd0ae375cdf92307d8801072a69f0129ba23c2612b5ad35ca00fa
                          • Opcode Fuzzy Hash: dd2275e814d0a6bc4575b68810022db93352e2b335abe0f4b40459ba835ce87e
                          • Instruction Fuzzy Hash: AD3197B9D042589FCB14CFAAD884ADEFBF1FB19310F24902AE814B7250D375A949CF64
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: $dq
                          • API String ID: 0-847773763
                          • Opcode ID: 74c00a281a141eda48331f820855aa85af1c0d46e8a8fb0d27b155edbad42745
                          • Instruction ID: 18210a30468e2c4439dbfd245c020435c7e3b564f8ba61063448307ad0add5df
                          • Opcode Fuzzy Hash: 74c00a281a141eda48331f820855aa85af1c0d46e8a8fb0d27b155edbad42745
                          • Instruction Fuzzy Hash: E4117FB4908229CFCB66DF25D94869EBBB6BB89301F1095EA9409A7251DB315E81CF40
                          Strings
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: <
                          • API String ID: 0-4251816714
                          • Opcode ID: 3a55bec8ce62b5ffb1b3b0aa97bef916128209f29fca09743207764d314c805d
                          • Instruction ID: a5e9ab323b428da859e84dd7dd80cd06ace55caadb4675ca96ade72e07b29acb
                          • Opcode Fuzzy Hash: 3a55bec8ce62b5ffb1b3b0aa97bef916128209f29fca09743207764d314c805d
                          • Instruction Fuzzy Hash: AF01D6B0D102698FCB69CF25C855B99BBB5FF5A304F0486E9C1596B260C7B05AC1CF51
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6647842bfd53f3ac1b0aa8b287c3d827433d63c0552bde31c8cfe6dcc9a6cf72
                          • Instruction ID: 364dbbd3d74e6fd834855f0ee54a3546cabefe53573c4526baefc34255d1eb43
                          • Opcode Fuzzy Hash: 6647842bfd53f3ac1b0aa8b287c3d827433d63c0552bde31c8cfe6dcc9a6cf72
                          • Instruction Fuzzy Hash: EE61A1B8D01318DFCB44DFA9EA94A9DBBB6FB99301F10912AD819A7314DB346D42CF00
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fad5cc9bf63870810ea73c31b85f96761e5082dfcccbec10145005a346cc8955
                          • Instruction ID: c865126b367e382d56d99176f96503ff1b078cb6cff0985dd3f24d7494aa676a
                          • Opcode Fuzzy Hash: fad5cc9bf63870810ea73c31b85f96761e5082dfcccbec10145005a346cc8955
                          • Instruction Fuzzy Hash: D03126B4909386DFCB02DF78D8606A9BFF0BF07301B0545EAD898DB262E3749991CB51
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2f94473023c0055adf4d3bd08c86a62c24f7df2dc4900175c2dcd7216330ccab
                          • Instruction ID: 2df4e212a3615dcbc1f1b8c064a15b2a9c2c7d1fef19595019d034dcda4c80c1
                          • Opcode Fuzzy Hash: 2f94473023c0055adf4d3bd08c86a62c24f7df2dc4900175c2dcd7216330ccab
                          • Instruction Fuzzy Hash: B33183B4E04219DFCB84CFA9C580AAEFBF2BB89300F10956AD819E7755D774AA41CF50
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a9d3e9c2b836ec12b565efe656b39d52c4f25bb0d8a02542ad2e2b5bfeea7b0b
                          • Instruction ID: 4f15ef28151c386b66852263c79411db550ef7b04a2b4f143950023a509c7740
                          • Opcode Fuzzy Hash: a9d3e9c2b836ec12b565efe656b39d52c4f25bb0d8a02542ad2e2b5bfeea7b0b
                          • Instruction Fuzzy Hash: F621267490A386DFCB038F788820298BFF0AF47302B4944FAD4C8DB262E3354485CB52
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 998f6d2cc82e4bdf9121b6778eb3b24b4fe00ecd7891ade12866f06bc3fc7397
                          • Instruction ID: b5631b7534e522878fcc5d4b9a819ddd5e0fb65d570456bf0c98f7e2b29eeb13
                          • Opcode Fuzzy Hash: 998f6d2cc82e4bdf9121b6778eb3b24b4fe00ecd7891ade12866f06bc3fc7397
                          • Instruction Fuzzy Hash: 50015E74B012598FDB29CF24C950B5AB2BBAFC6300F1085EA848A67344CE709F91CF11
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cb92fa2a0ce03fa2c00d05efa4617faa79c145d6231f2e6763c5ccb005e33d58
                          • Instruction ID: 551f34fe3d3ddd447655144518c84c4d86778e9c68b35658c53fbb54df167ca8
                          • Opcode Fuzzy Hash: cb92fa2a0ce03fa2c00d05efa4617faa79c145d6231f2e6763c5ccb005e33d58
                          • Instruction Fuzzy Hash: 8E016675E00208EFCB44DFA9C948A9DBFF1BF88310F45C0A5A9089B365D6349940DF41
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 56706b378becebe2ce22d9f11da2fc5ca7ac4ff3d1a7d5c4628e78e9280dead0
                          • Instruction ID: d083838a5b0cb94954d931f3bafc35ac9c5f3249bd1df00d625297a49c2d50a4
                          • Opcode Fuzzy Hash: 56706b378becebe2ce22d9f11da2fc5ca7ac4ff3d1a7d5c4628e78e9280dead0
                          • Instruction Fuzzy Hash: AFF0F874A01169CFEF14CFA4C940B9EB7B6BB8A300F40C5A6C60AB7340D7745AA1CF24
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0cd39a127f2675aff3b0669730d2f46ce92426ef92df2f1afdcec8bf95949afd
                          • Instruction ID: c665b406b6239e42689a183f9021a33d761c6c80fbf3aaab6c06abeabd884adb
                          • Opcode Fuzzy Hash: 0cd39a127f2675aff3b0669730d2f46ce92426ef92df2f1afdcec8bf95949afd
                          • Instruction Fuzzy Hash: 87F01CB0D04319AFCB45DFA8D8547AEBFB0FB09305F1085AEDA5897351D7714952CB81
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1edbf6764344692715e52a70b076e9a6b82da2956595abd63c86285b4fe4b787
                          • Instruction ID: a01a112dba2cf130f2020a82fa1986d4f9981a935e61ed069ffe31092509a5e3
                          • Opcode Fuzzy Hash: 1edbf6764344692715e52a70b076e9a6b82da2956595abd63c86285b4fe4b787
                          • Instruction Fuzzy Hash: F9E0E5B4D00209EFCB54EFB8D8006ADBBF1FB48300F5086AAD818A3310E7719690DB80
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f614350ebc1bf7b1ed58590b477dcd7d95ac75bd8f4154bb0eccbc4f82d43079
                          • Instruction ID: 224592db1e1d88d0597a7da000a11defeeed1cdfeee8a51d1d9bfae83c55bc2b
                          • Opcode Fuzzy Hash: f614350ebc1bf7b1ed58590b477dcd7d95ac75bd8f4154bb0eccbc4f82d43079
                          • Instruction Fuzzy Hash: DEE0E5B0D00319EFCB44EFA8D8016AEBBF5FB08300F5086AAD928A3300D7719A51DB81
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8a171075847db0f26ec8c5ff4f0dccab4a04e08e64eb9ab8c349ffd06ac9959c
                          • Instruction ID: 4acfa5bff84f930bd66d347552f15721220801ee99dee21171ff0fc044aef399
                          • Opcode Fuzzy Hash: 8a171075847db0f26ec8c5ff4f0dccab4a04e08e64eb9ab8c349ffd06ac9959c
                          • Instruction Fuzzy Hash: CFD05E74814314CACF10CB50C4007EDB3B5BB45300F1057598246A7A80DB349943CF05
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 57c2b799ef92622b128501738dcd7056c5bfedfe9d20d07b5ed86358c7193cdc
                          • Instruction ID: 8bb1626ebcc147d1d1b8dd2036fcbd318bfb269a6d583e46ebf07bbfe22f924d
                          • Opcode Fuzzy Hash: 57c2b799ef92622b128501738dcd7056c5bfedfe9d20d07b5ed86358c7193cdc
                          • Instruction Fuzzy Hash: E1D05E75D042598FCF20CE94C840B9EB7B9EF8A340F00A5A5820AFB348E3749A82CF10
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c407b936967a3d03042d2f3d3e697acb4994be6ef02a09b3497ce9151ab3b73e
                          • Instruction ID: a352b6d287d89a00683c28332963da369c20785dda39048457aff8a25af511f0
                          • Opcode Fuzzy Hash: c407b936967a3d03042d2f3d3e697acb4994be6ef02a09b3497ce9151ab3b73e
                          • Instruction Fuzzy Hash: 56D05E74D0122B8ECF24CBA4C840B6DF6BAAF89340F1495AA820AA7250E2309A42CF14
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e442c0bf7b37224c780c296e335bbface769d3d72547eff60c6a80e20569edfc
                          • Instruction ID: 62c39b25d18f446c606e7c9db5104ab38dc51bf033c02f67023a86a6c4b3fbb9
                          • Opcode Fuzzy Hash: e442c0bf7b37224c780c296e335bbface769d3d72547eff60c6a80e20569edfc
                          • Instruction Fuzzy Hash: E2E0EC3491522A9FCB16CF14CC40758B7F9FB48301F009595900AA6224D7316F82CF10
                          Memory Dump Source
                          • Source File: 00000004.00000002.1655689922.0000000002390000.00000040.00000800.00020000.00000000.sdmp, Offset: 02390000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_4_2_2390000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9d24cafe73ccaa6f0fc0e9df589810b488ea36fb935237f642a951a7eba625fb
                          • Instruction ID: 396700dce7e649fe4a44896febf03bca59ed7f086b0d00c47cd009003fc4052a
                          • Opcode Fuzzy Hash: 9d24cafe73ccaa6f0fc0e9df589810b488ea36fb935237f642a951a7eba625fb
                          • Instruction Fuzzy Hash: A1D0127490021C8ACF50DF98C800BEEB27ABB57300F0057558287B7340DA345647CF55
                          Strings
                          Memory Dump Source
                          • Source File: 00000006.00000002.1646219838.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_2990000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: dhq
                          • API String ID: 0-2324836203
                          • Opcode ID: ebb20a4e91f5f171ae8f00183be2a8496adb1672c477ee88f1bfd290eedee540
                          • Instruction ID: 61df75a5a7d23429e8cb08e853dc23ed82ecdcdb63ac6709de96afbc0e92a8a8
                          • Opcode Fuzzy Hash: ebb20a4e91f5f171ae8f00183be2a8496adb1672c477ee88f1bfd290eedee540
                          • Instruction Fuzzy Hash: 5E829174E00229CFDB24DF68D984BDDBBB5BF49314F1086AAD409AB365D730AA85CF50
                          Memory Dump Source
                          • Source File: 00000006.00000002.1646219838.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_2990000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f4cdb3534da0395fcdfd5114beecb8aeeeca9e684d244180926b03ea6cde777f
                          • Instruction ID: dcbad80c330b73e07b19a442ea31cea8dc1f0a7ea61e58d099c2b26e03d589ac
                          • Opcode Fuzzy Hash: f4cdb3534da0395fcdfd5114beecb8aeeeca9e684d244180926b03ea6cde777f
                          • Instruction Fuzzy Hash: 2A31C1709093959FCB03EF38E9647897FF0EF02305B1449D6D0488F2AAD7341A89CB91
                          Memory Dump Source
                          • Source File: 00000006.00000002.1646219838.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_2990000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 862f5d92ae249c9bd97a2d4b27fec75ad376b3a2d0499bac764dc418f568fbef
                          • Instruction ID: 81f4c0abf9ed9c9dd5f203a5161d4972b7ee28e4e750d192eea7c0bfddc1f407
                          • Opcode Fuzzy Hash: 862f5d92ae249c9bd97a2d4b27fec75ad376b3a2d0499bac764dc418f568fbef
                          • Instruction Fuzzy Hash: E5219074D003199FCB02EF68E5647997FF1FB45309F1089A9D0089F6AAD7701A88CB80
                          Memory Dump Source
                          • Source File: 00000006.00000002.1646219838.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_2990000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6ddebad758080dba648a381338d091b5c2fb5346cd75ff0f16a4131ca8b592f3
                          • Instruction ID: e02586137c4c48153d4af1e6a9f699b737575840ec62ecca39192773477a8523
                          • Opcode Fuzzy Hash: 6ddebad758080dba648a381338d091b5c2fb5346cd75ff0f16a4131ca8b592f3
                          • Instruction Fuzzy Hash: 35216874E0024A9FCF01DFA8D4509DDBFB1EF49310F8481A6D464BB361DB30AA46CB90
                          Memory Dump Source
                          • Source File: 00000006.00000002.1646219838.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_2990000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 279f21cfb88a8dbbd95fe8a3a6b618b2f023e84591afdd9a3ff6734f46fc68de
                          • Instruction ID: f0217eb8df2474e06adcdfeeaa74da89e9ea5d727f423b74c6c7814782962249
                          • Opcode Fuzzy Hash: 279f21cfb88a8dbbd95fe8a3a6b618b2f023e84591afdd9a3ff6734f46fc68de
                          • Instruction Fuzzy Hash: 721129B4D003199FCB01EF68E554B8D7BF1EB44309F209A68D0089B659EB706A89CF80
                          Memory Dump Source
                          • Source File: 00000006.00000002.1646219838.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_2990000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 54157f2c4f99638cb9df50154201fae944db084f67494a49a4a8ad4a912df7ee
                          • Instruction ID: 789a4986b0013e9686f64e8fecdb73800d019086568bf0a6b902c3112300d106
                          • Opcode Fuzzy Hash: 54157f2c4f99638cb9df50154201fae944db084f67494a49a4a8ad4a912df7ee
                          • Instruction Fuzzy Hash: D9F06978D0424A8BCF00CFAAD4142EEBBF4AF8A320F005465D454B7244DB381646DFA0
                          Memory Dump Source
                          • Source File: 00000006.00000002.1646219838.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_2990000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 515dc71d66ada9b147814f7a025638abf97a3a83d535197e2933805427abd3e3
                          • Instruction ID: 7567e0faa5cdd89b32c1a37935a2459d987d2a7e76eaf36f5803791ef0b0de83
                          • Opcode Fuzzy Hash: 515dc71d66ada9b147814f7a025638abf97a3a83d535197e2933805427abd3e3
                          • Instruction Fuzzy Hash: 4F011974C05309DFCB05DFB8C8545ADBBB0FF05304F1445EAD455AB291EB305A80CB81
                          Memory Dump Source
                          • Source File: 00000006.00000002.1646219838.0000000002990000.00000040.00000800.00020000.00000000.sdmp, Offset: 02990000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_6_2_2990000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 64c187e64ffcd60c843bca57dd17dc1d043146ffcade0ab9d709a151749b8c95
                          • Instruction ID: 00726c9395b5b8587bee6a564574a102cf25e7a11b60b94b7c87544b0e3abd1a
                          • Opcode Fuzzy Hash: 64c187e64ffcd60c843bca57dd17dc1d043146ffcade0ab9d709a151749b8c95
                          • Instruction Fuzzy Hash: 1EF0B274C0121DEFCB45EFB8D555AAEBBB4FB05304F204AAAC415A7294EB709A90CB80
                          Strings
                          Memory Dump Source
                          • Source File: 00000008.00000002.1646510057.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_2800000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: dhq
                          • API String ID: 0-2324836203
                          • Opcode ID: 87696a6f489baded7f856acac6bcac2a540df4928c891fc63aa3a39a8a315f09
                          • Instruction ID: bcdfc74a884f65a6629d7819c7735cad22d46f8ccdd9448e434e887c270617eb
                          • Opcode Fuzzy Hash: 87696a6f489baded7f856acac6bcac2a540df4928c891fc63aa3a39a8a315f09
                          • Instruction Fuzzy Hash: 41829378900229CFCB64DF68D984BDDBBB1BF49314F1086A6D409AB365DB70AA85CF50
                          Memory Dump Source
                          • Source File: 00000008.00000002.1646510057.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_2800000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8a7901d8703542b3daf8744d75fb4a9c663f49aacff53d893017654017b43363
                          • Instruction ID: 9a6a0c3dcb08b0a4b81c7a016c9f3c21ad7997a2d66f7eb401c9985f9da19bb4
                          • Opcode Fuzzy Hash: 8a7901d8703542b3daf8744d75fb4a9c663f49aacff53d893017654017b43363
                          • Instruction Fuzzy Hash: 8231BC749097949FD703EB78E894A883FB1EF57305B0549D6D084CF2BBDA381949CBA2
                          Memory Dump Source
                          • Source File: 00000008.00000002.1646510057.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_2800000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 540cdd5ee85e3d8406f759b86f64eb7b3395e6959253d491f1138319d2878236
                          • Instruction ID: ab9417b15aecc6c042c9a84dccb10e20a1ae996f621773efb714d59e6beed0a2
                          • Opcode Fuzzy Hash: 540cdd5ee85e3d8406f759b86f64eb7b3395e6959253d491f1138319d2878236
                          • Instruction Fuzzy Hash: 27213E70E0125A9FCF01DFA9D4509DDBFB1EF49310F8581A6D454BB2A1DB30AA46CFA4
                          Memory Dump Source
                          • Source File: 00000008.00000002.1646510057.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_2800000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0d4f8b781f60a6b2339b0291d562c1f09167d628beaebc3ddd1844a963f51c34
                          • Instruction ID: 20e90342558b70d440ac82fda872be33a5cc913afc2879a14318702bbd40e39d
                          • Opcode Fuzzy Hash: 0d4f8b781f60a6b2339b0291d562c1f09167d628beaebc3ddd1844a963f51c34
                          • Instruction Fuzzy Hash: 99110AB4900719DFCB01EF68F944B8D7BF2EB54306F109AA4E0089B369EB785A45CF90
                          Memory Dump Source
                          • Source File: 00000008.00000002.1646510057.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_2800000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aa4cc8a94a4b1e0427e006f3ee53a25e7bca592a0eb42dd04d27e9db07e4c81d
                          • Instruction ID: 379f885bc88d12c4cead1fe12e90b19204d5988b1b7703f8f6a2b20fcfe2cf42
                          • Opcode Fuzzy Hash: aa4cc8a94a4b1e0427e006f3ee53a25e7bca592a0eb42dd04d27e9db07e4c81d
                          • Instruction Fuzzy Hash: 32F08CB9D0424DDBDF40DF9AD8583EEBBF4AB4A324F409065D414B6280DB785A05CFA5
                          Memory Dump Source
                          • Source File: 00000008.00000002.1646510057.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_2800000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4d3d7a0ef9ae8e00303a178ba2bed7d34dffbc0eded79232153ac18f5cabb3d6
                          • Instruction ID: 14f90a23d4600f14898efcefc77c729330ef3644909bafe7f04703bdf5a173c5
                          • Opcode Fuzzy Hash: 4d3d7a0ef9ae8e00303a178ba2bed7d34dffbc0eded79232153ac18f5cabb3d6
                          • Instruction Fuzzy Hash: 57016D70C05348DFCB06DFB8C8506ADBFB0BF06200F0545EAC484D72A2EB304A44CB91
                          Memory Dump Source
                          • Source File: 00000008.00000002.1646510057.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_8_2_2800000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d11b572fd09477ca63f17087224085687ab2af75932943c14ec9c5ae07b64296
                          • Instruction ID: 0448ae19ffacc3056b1facba0dd30deda6d89a0ac6fcc48b2f7c960c7332569c
                          • Opcode Fuzzy Hash: d11b572fd09477ca63f17087224085687ab2af75932943c14ec9c5ae07b64296
                          • Instruction Fuzzy Hash: A2F0AF74C01209EFCB45EFA8D940AAEBBB4FF05304F1046AA9815E73A0EB709A40CB80

                          Execution Graph

                          Execution Coverage:10.1%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:3
                          Total number of Limit Nodes:0
                          execution_graph 8508 1594cd0 8509 1594d1d VirtualProtect 8508->8509 8510 1594d89 8509->8510

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 124 4f79fa0-4f79fc3 125 4f79fc5 124->125 126 4f79fca-4f7a016 124->126 125->126 129 4f7a019 126->129 130 4f7a020-4f7a03c 129->130 131 4f7a045-4f7a046 130->131 132 4f7a03e 130->132 134 4f7a255-4f7a2d3 131->134 132->129 132->131 133 4f7a0d5-4f7a103 132->133 132->134 135 4f7a0b0-4f7a0b6 132->135 136 4f7a23e-4f7a250 132->136 137 4f7a21e-4f7a239 132->137 138 4f7a13c-4f7a153 132->138 139 4f7a1fa-4f7a219 132->139 140 4f7a158-4f7a15c 132->140 141 4f7a1c1-4f7a1f5 132->141 142 4f7a080-4f7a084 132->142 143 4f7a04b-4f7a050 132->143 144 4f7a108-4f7a137 132->144 145 4f7a188-4f7a1bc 132->145 133->130 167 4f7a2db-4f7a2e5 134->167 152 4f7a0be-4f7a0d0 135->152 136->130 137->130 138->130 139->130 146 4f7a16f-4f7a176 140->146 147 4f7a15e-4f7a16d 140->147 141->130 150 4f7a097-4f7a09e 142->150 151 4f7a086-4f7a095 142->151 148 4f7a063-4f7a06a 143->148 149 4f7a052-4f7a061 143->149 144->130 145->130 155 4f7a17d-4f7a183 146->155 147->155 159 4f7a071-4f7a07e 148->159 149->159 161 4f7a0a5-4f7a0ab 150->161 151->161 152->130 155->130 159->130 161->130
                          Strings
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: Tedq$Tedq
                          • API String ID: 0-4137347946
                          • Opcode ID: e913227b2199e03087b254b6bc30443efe0092a4eb62b3d05d13514f48457fe6
                          • Instruction ID: c3e9b852bf0fee4b71c0314f1229bcc94ae7179ad33179adc4a02dbd05082847
                          • Opcode Fuzzy Hash: e913227b2199e03087b254b6bc30443efe0092a4eb62b3d05d13514f48457fe6
                          • Instruction Fuzzy Hash: 3EB1D2B5E05319CFDB08CFA9C9849AEBBB2BF89300F20952AD415BB354D735A942CF54

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 272 4f7c168-4f7c18d 273 4f7c194-4f7c1b1 272->273 274 4f7c18f 272->274 275 4f7c1b9 273->275 274->273 276 4f7c1c0-4f7c1dc 275->276 277 4f7c1e5-4f7c1e6 276->277 278 4f7c1de 276->278 294 4f7c59a-4f7c5ad 277->294 278->275 278->277 279 4f7c3f6-4f7c402 278->279 280 4f7c2b5-4f7c2c7 278->280 281 4f7c531-4f7c551 278->281 282 4f7c2f1-4f7c306 278->282 283 4f7c4b1-4f7c4bd 278->283 284 4f7c33f-4f7c343 278->284 285 4f7c4e5-4f7c4fc 278->285 286 4f7c2a3-4f7c2b0 278->286 287 4f7c36f-4f7c37b 278->287 288 4f7c56d-4f7c579 278->288 289 4f7c1eb-4f7c1f7 278->289 290 4f7c42a-4f7c441 278->290 291 4f7c556-4f7c568 278->291 292 4f7c39c-4f7c3bc 278->292 293 4f7c51a-4f7c52c 278->293 278->294 295 4f7c259-4f7c25d 278->295 296 4f7c446-4f7c45d 278->296 297 4f7c501-4f7c515 278->297 298 4f7c3c1-4f7c3ca 278->298 299 4f7c481-4f7c485 278->299 300 4f7c2cc-4f7c2ec 278->300 301 4f7c30b-4f7c317 278->301 302 4f7c289-4f7c29e 278->302 309 4f7c404 279->309 310 4f7c409-4f7c425 279->310 280->276 281->276 282->276 315 4f7c4c4-4f7c4e0 283->315 316 4f7c4bf 283->316 319 4f7c356-4f7c35d 284->319 320 4f7c345-4f7c354 284->320 285->276 286->276 321 4f7c382-4f7c397 287->321 322 4f7c37d 287->322 303 4f7c580-4f7c595 288->303 304 4f7c57b 288->304 317 4f7c1fe-4f7c214 289->317 318 4f7c1f9 289->318 290->276 291->276 292->276 293->276 307 4f7c270-4f7c277 295->307 308 4f7c25f-4f7c26e 295->308 325 4f7c465-4f7c47c 296->325 297->276 305 4f7c3dd-4f7c3e4 298->305 306 4f7c3cc-4f7c3db 298->306 313 4f7c487-4f7c496 299->313 314 4f7c498-4f7c49f 299->314 300->276 311 4f7c31e-4f7c33a 301->311 312 4f7c319 301->312 302->276 303->276 304->303 324 4f7c3eb-4f7c3f1 305->324 306->324 328 4f7c27e-4f7c284 307->328 308->328 309->310 310->276 311->276 312->311 326 4f7c4a6-4f7c4ac 313->326 314->326 315->276 316->315 338 4f7c216 317->338 339 4f7c21b-4f7c231 317->339 318->317 331 4f7c364-4f7c36a 319->331 320->331 321->276 322->321 324->276 325->276 326->276 328->276 331->276 338->339 341 4f7c233 339->341 342 4f7c238-4f7c254 339->342 341->342 342->276
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cf22d00eb82cb320d09614689879ff661b152b8e66a93aa1677c4b23d447b44d
                          • Instruction ID: 9c17526232295d28bc14cdedd30282b1145e3f92a94013d37c4a9fdb7d5b9d48
                          • Opcode Fuzzy Hash: cf22d00eb82cb320d09614689879ff661b152b8e66a93aa1677c4b23d447b44d
                          • Instruction Fuzzy Hash: 9CD15F71E0524ADFCB14CFA5C5808AEFBB2FF89340B24D466D515AB354D738AA82CF94
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 00c240b1109debe201e98cc00489638bd69f996572853f54f4fb90143063e677
                          • Instruction ID: 4d45afc7ae5726fa2c20cef03f49a84214a8171438bed026c7041ab3e6b62a10
                          • Opcode Fuzzy Hash: 00c240b1109debe201e98cc00489638bd69f996572853f54f4fb90143063e677
                          • Instruction Fuzzy Hash: 1F412071E016188BEB1CCF6B9D4479EFAF7AFC9200F14C1BAD51CAA258DB3416868F11
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 258b8ee7e3d9a2b5a6578eb70aace18b44e74d55cda02320926b398f0f72ccd4
                          • Instruction ID: 8e7a8c9b16a83eae21d830029bba4b66d04f8140253fd7d962b5563e987fa6d1
                          • Opcode Fuzzy Hash: 258b8ee7e3d9a2b5a6578eb70aace18b44e74d55cda02320926b398f0f72ccd4
                          • Instruction Fuzzy Hash: 81413271E016588BEB5CCF6B8D4078AFAF7BFC9200F14C1BAD50CAA269DB3419468F11

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 168 4f760fa-4f7619a 173 4f761a5-4f76202 168->173 177 4f76204-4f76219 173->177 178 4f7621b-4f76225 173->178 179 4f7622f-4f7623b 177->179 178->179
                          Strings
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: XP_$XP_
                          • API String ID: 0-374244083
                          • Opcode ID: 88f312bf7be1e10b71a961b87e10eeb21921eddefff07e285ac2394af1b37d85
                          • Instruction ID: ed536d966de601f998c72965557eddf6ce06009f662f21afbfb7c3d759fd6523
                          • Opcode Fuzzy Hash: 88f312bf7be1e10b71a961b87e10eeb21921eddefff07e285ac2394af1b37d85
                          • Instruction Fuzzy Hash: 1A317278E112298FDBA5DF24C998799BBB5BF49314F5081DAD40DA7310EB706E81DF01

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 180 1594c11-1594d87 VirtualProtect 183 1594d89-1594d8f 180->183 184 1594d90-1594dcc 180->184 183->184
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 01594D77
                          Memory Dump Source
                          • Source File: 00000011.00000002.2273846405.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_1590000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 73deb013f22847ca6cbef597b1e9d6b41655c17faa13f49a7aa093a70ee1fb02
                          • Instruction ID: 5d26af69240c1f0cc0d6dcd5a8aa686739f5c78967ba3ce572e9f3a2980293ae
                          • Opcode Fuzzy Hash: 73deb013f22847ca6cbef597b1e9d6b41655c17faa13f49a7aa093a70ee1fb02
                          • Instruction Fuzzy Hash: EF512376D493588FEB58CF95E8826DDFBB0FB45335F20806FD540A6280DB3958468F90

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 193 159a1e8-159a29f VirtualProtect 195 159a2a8-159a2e4 193->195 196 159a2a1-159a2a7 193->196 196->195
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 0159A28F
                          Memory Dump Source
                          • Source File: 00000011.00000002.2273846405.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_1590000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 422722d057ca2ee20578554f4d908f1bc83ac82406f94143f359d2482e188fc3
                          • Instruction ID: be126d7018a1f0e46055270f7446cb04b088f15f4c8a5a85a90aa77361e2cd9c
                          • Opcode Fuzzy Hash: 422722d057ca2ee20578554f4d908f1bc83ac82406f94143f359d2482e188fc3
                          • Instruction Fuzzy Hash: 2A3197B9D042589FCF10CFAAD984ADEFBF1BB19310F24906AE814B7250D375A945CF64

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 187 1594cd0-1594d87 VirtualProtect 189 1594d89-1594d8f 187->189 190 1594d90-1594dcc 187->190 189->190
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 01594D77
                          Memory Dump Source
                          • Source File: 00000011.00000002.2273846405.0000000001590000.00000040.00000800.00020000.00000000.sdmp, Offset: 01590000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_1590000_SecuriteInfo.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 3cd717173ba24e0a750dd8231497064e90b1449adcddd5508f87c62ede9fba20
                          • Instruction ID: 5cff5441208c9a76adc4d72b450350bfd30f725f78f90e8536f974d726a9c546
                          • Opcode Fuzzy Hash: 3cd717173ba24e0a750dd8231497064e90b1449adcddd5508f87c62ede9fba20
                          • Instruction Fuzzy Hash: 153198B9D002589FCF10CFA9E584ADEFBF1BB09310F24902AE818B7250D335A945CF64

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 227 4f77477-4f774b9 231 4f774c4-4f7754a 227->231
                          Strings
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: $dq
                          • API String ID: 0-847773763
                          • Opcode ID: 25f8d72f7d6b134b2d32d53eed3a2a66d18fd06dedb350f0abf6a7197bd3d7d3
                          • Instruction ID: 3c394af1f6395e7ec1ac580f0a266a528cfdc9b691d423323f72739a1f9873b1
                          • Opcode Fuzzy Hash: 25f8d72f7d6b134b2d32d53eed3a2a66d18fd06dedb350f0abf6a7197bd3d7d3
                          • Instruction Fuzzy Hash: E81183B4918229CFCB65DF25D84469EBBB6BF89300F1095EA940DA7250EB315E859F40

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 242 4f75ac5-4f75adc 243 4f75ae2-4f75b04 242->243 245 4f75b06-4f75b1b 243->245 246 4f75b1d-4f75b27 243->246 247 4f75b31-4f75b41 245->247 246->247
                          Strings
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: <
                          • API String ID: 0-4251816714
                          • Opcode ID: eeef21d6abccff07414dd1698aa2abef99676b6639bd738144ba6fa5aa893a6f
                          • Instruction ID: f8b88c0dfc8df6a5b2e34caa37c55c4a338d0110df76ba6eef844b5782b72f4b
                          • Opcode Fuzzy Hash: eeef21d6abccff07414dd1698aa2abef99676b6639bd738144ba6fa5aa893a6f
                          • Instruction Fuzzy Hash: 870104B0E10269CFCB68CF28C855BA9BBB5FF49304F0486E9C1496B260D7B45AC1CF50
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 142bf8eaf564e66a919cf1586aac37377c23619e6df535eeef60734db69f28a5
                          • Instruction ID: 7392ee65e8f1884843ed07df6ede17f55a04fb03bdb6b112dd16da376c9e2e14
                          • Opcode Fuzzy Hash: 142bf8eaf564e66a919cf1586aac37377c23619e6df535eeef60734db69f28a5
                          • Instruction Fuzzy Hash: B661AD78E11349DFCB44DFA9E9956ADBBB2FB88301F60812AE816A7314DB306945DF10
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1bde1884d77716389020d4bf61e936546d735113f5c9ad148157da536b93fa0d
                          • Instruction ID: 06bb799c1b27052635c7bd946dd452b4efb5842d85c58b03ba5633bde1197227
                          • Opcode Fuzzy Hash: 1bde1884d77716389020d4bf61e936546d735113f5c9ad148157da536b93fa0d
                          • Instruction Fuzzy Hash: 3C3185B4E04209DFCB54CFA9C580AAEFBF2FB88300F11856AD819A7755D778AA41CF50
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 56df467766a099e39578842a68e8ba1c6347d6a5da800e1c69db6d342127782d
                          • Instruction ID: 64d944c195de626f8f7a968f85452d23a0fc780c4ccc12ae1b17048bd9a4b3dc
                          • Opcode Fuzzy Hash: 56df467766a099e39578842a68e8ba1c6347d6a5da800e1c69db6d342127782d
                          • Instruction Fuzzy Hash: ED015234B012598FDB59CF24C950B9A727BBFC9200F1084EA808967284CA749E91CF11
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 272b0d7ff0d06e1555af525d3ad2af28789672c30e7631e8588fa94d7a9964cd
                          • Instruction ID: 0686aaafb1512219f4667e9c95d7dd521c9b2e2c03a3977d6de336a6ae77513e
                          • Opcode Fuzzy Hash: 272b0d7ff0d06e1555af525d3ad2af28789672c30e7631e8588fa94d7a9964cd
                          • Instruction Fuzzy Hash: DA016278E01208AFDB54DFA9C598A9DFFF5AF88310F45C0A5E8189B3A5D634E981DF40
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 14f07bbce726fd4ed40c31752b63921085d89284bc325f76554c310e4be8671f
                          • Instruction ID: a87ea7bc6b22a151c43e0a6106be1f5cbfc1ff0b7884682b586e9a42fe98c473
                          • Opcode Fuzzy Hash: 14f07bbce726fd4ed40c31752b63921085d89284bc325f76554c310e4be8671f
                          • Instruction Fuzzy Hash: 4FF01C70C01208AFCB44EFA8DA527EDBBB4FB04300F5485AAD824A3340E770A642DB80
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7cddcd3503437ed09b37a209e1a861108fd222abdf5fae00d4e589676f9b70d2
                          • Instruction ID: 54277451a61096d7747d220253bd3217c1c06302babee448af78ef0de7bc2bb1
                          • Opcode Fuzzy Hash: 7cddcd3503437ed09b37a209e1a861108fd222abdf5fae00d4e589676f9b70d2
                          • Instruction Fuzzy Hash: 40F0D474A011698BEB14CFA4DD40B9EB7B6FB89340F40C5AA9609B7640D6786E91CF24
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 327a2aaa15a71cab233823e289c5db023c8b54f6d4ef1f5b59e6a92d9e7f9ee3
                          • Instruction ID: 1068662b7140f0956732ca8069717880138a8ad7b9f110ebe698b82d23b3e079
                          • Opcode Fuzzy Hash: 327a2aaa15a71cab233823e289c5db023c8b54f6d4ef1f5b59e6a92d9e7f9ee3
                          • Instruction Fuzzy Hash: 34F015B0C00208EFCB04EFBCD840AADBBF0BF48310F5086AAD824A7311E7719690DB80
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6cda7c0861dadb95a41a0b2c4589e786b46b50eecce8b8aa264177c3e41b60c8
                          • Instruction ID: 7be22215379681bb9d6b9d5d87014c02a109d9682287c00b4188879dd38696ee
                          • Opcode Fuzzy Hash: 6cda7c0861dadb95a41a0b2c4589e786b46b50eecce8b8aa264177c3e41b60c8
                          • Instruction Fuzzy Hash: 56E0ED70D00319EFCB44EFA8D5416ADBBF5FB04310F5085AAD824A3300D7715651DB81
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a164d9cab919b573cec1bfa551fcdf93127e63e09ec8ea9326935310442e296
                          • Instruction ID: b562ec5eedfe03da4228ff9407cf6c5586f9d55859bf8dc7ba9b529d0b4d1a34
                          • Opcode Fuzzy Hash: 2a164d9cab919b573cec1bfa551fcdf93127e63e09ec8ea9326935310442e296
                          • Instruction Fuzzy Hash: 34E0E5B4D00208EFCB54EFB8D9406ADBBF0FB48310F5086AAD824A3300E7719691DB80
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8a171075847db0f26ec8c5ff4f0dccab4a04e08e64eb9ab8c349ffd06ac9959c
                          • Instruction ID: baba329e3743816c7713b9dcd8e67fc5493d4b4135be62293d951b2f814b5480
                          • Opcode Fuzzy Hash: 8a171075847db0f26ec8c5ff4f0dccab4a04e08e64eb9ab8c349ffd06ac9959c
                          • Instruction Fuzzy Hash: D5D05E71814214CADB00CB54CC007EDB3B5FB44304F10575A8145A7680DB38A943CF05
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 57c2b799ef92622b128501738dcd7056c5bfedfe9d20d07b5ed86358c7193cdc
                          • Instruction ID: ec47eafcfc646e3df7edf099b52cd98cd565f4c544e0b35a68657e208dbff121
                          • Opcode Fuzzy Hash: 57c2b799ef92622b128501738dcd7056c5bfedfe9d20d07b5ed86358c7193cdc
                          • Instruction Fuzzy Hash: 24D05E71D042598FCB10CE94CC40B9EB7B9EF89340F00A5AA8109FB248E338AA82CF10
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c407b936967a3d03042d2f3d3e697acb4994be6ef02a09b3497ce9151ab3b73e
                          • Instruction ID: 2e6fb47947085a3c1b5db04c95de1b9158331745b9608f65b695f34fd537c334
                          • Opcode Fuzzy Hash: c407b936967a3d03042d2f3d3e697acb4994be6ef02a09b3497ce9151ab3b73e
                          • Instruction Fuzzy Hash: 8AD05E74D0112A8ECB14CBA4CC40BADF6BAAF88240F1495AB8109A7250E234AA428F14
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9d24cafe73ccaa6f0fc0e9df589810b488ea36fb935237f642a951a7eba625fb
                          • Instruction ID: adf5a0305255fa7c55cccd7cccba1b1302d5e03795d24d08052d0b2eadd0b054
                          • Opcode Fuzzy Hash: 9d24cafe73ccaa6f0fc0e9df589810b488ea36fb935237f642a951a7eba625fb
                          • Instruction Fuzzy Hash: 64D0127194021C8ADF40DF9CCC00BEEB279FB56300F00575A8147B7240DA386A47CF55
                          Memory Dump Source
                          • Source File: 00000011.00000002.2278180371.0000000004F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F70000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_17_2_4f70000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9bde67f48410aa2e55a76c7e6baf7aa476a373632117c8fa6fe338033fe1b052
                          • Instruction ID: 4604393de58b5b1bc89233df4c9b181641bf3670cd4b480a5f13f7e1c7f0a0fe
                          • Opcode Fuzzy Hash: 9bde67f48410aa2e55a76c7e6baf7aa476a373632117c8fa6fe338033fe1b052
                          • Instruction Fuzzy Hash: DEE0EC359101299FCB26CB24CC40798B7F9FB88301F0095959019A7258D7316F81CF10
                          Strings
                          Memory Dump Source
                          • Source File: 00000012.00000002.2267406694.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_18_2_30b0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: dhq
                          • API String ID: 0-2324836203
                          • Opcode ID: 8ee1388b971ce6a21a3a6037789e4b5b3ebe67e60e87833e2da11afddf20d7fe
                          • Instruction ID: 3a607d9caa4b085efdf209277fc7361886e8343d4ca923024e5a3d334e4aceb9
                          • Opcode Fuzzy Hash: 8ee1388b971ce6a21a3a6037789e4b5b3ebe67e60e87833e2da11afddf20d7fe
                          • Instruction Fuzzy Hash: B2828074E01229CFCB24CF68D994BDDBBB1BF49304F1486AAD409AB265D734AE85CF50
                          Memory Dump Source
                          • Source File: 00000012.00000002.2267406694.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_18_2_30b0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 145ac011d6053f0f9ecc6f3759a1c795ea8e463f0e5e99b2c114ac24cd3edcf7
                          • Instruction ID: f0c0e8c1de9123a294ed631823b2fba61d9a8c916b860dc09cf3bf2c8bd1d373
                          • Opcode Fuzzy Hash: 145ac011d6053f0f9ecc6f3759a1c795ea8e463f0e5e99b2c114ac24cd3edcf7
                          • Instruction Fuzzy Hash: 4541AD70E082859FC702DB6CF9A86C8BFB0FF46345F0445E6C4848B266D6781A96CF91
                          Memory Dump Source
                          • Source File: 00000012.00000002.2267406694.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_18_2_30b0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b365a1a571567e0d7d565e081803ab178f194f2f389a4a641e65d41394fb33a9
                          • Instruction ID: 597581392618ea82424c474dd246523760db5c65e39e52ee3c86e0ee65696bb8
                          • Opcode Fuzzy Hash: b365a1a571567e0d7d565e081803ab178f194f2f389a4a641e65d41394fb33a9
                          • Instruction Fuzzy Hash: 25213970E0124A9FCF01DFA8D4509EDBFB1EF49310F8581AAD564BB262DB30AA46CF50
                          Memory Dump Source
                          • Source File: 00000012.00000002.2267406694.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_18_2_30b0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 13567f011a1b329ce5b9efc3890e241c42515018821fd35dfe2e52c913635b91
                          • Instruction ID: e6db35dcda5538521e54769a62193f2d4e5bde87fa6a0df014471082a794bfc6
                          • Opcode Fuzzy Hash: 13567f011a1b329ce5b9efc3890e241c42515018821fd35dfe2e52c913635b91
                          • Instruction Fuzzy Hash: 8311FE70E00219DFCB01DF6CF54868DBBF1FB49346F008564D9089B255D7755E568F81
                          Memory Dump Source
                          • Source File: 00000012.00000002.2267406694.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_18_2_30b0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 78f2c0b2865ef18519d312faaa27fc0db9288cecf0c39131a0ea5e6d24530589
                          • Instruction ID: 3fa7f325c19337ec7cba9caa49a52ef447b4c5e05766d94358e1114adffc573a
                          • Opcode Fuzzy Hash: 78f2c0b2865ef18519d312faaa27fc0db9288cecf0c39131a0ea5e6d24530589
                          • Instruction Fuzzy Hash: BFF03C78D05249CBCF15CFA5D5142EEBBF4BB8D310F04546AD554B6241D7784606DFA0
                          Memory Dump Source
                          • Source File: 00000012.00000002.2267406694.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_18_2_30b0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 00124ca23dce0ee5c2a0520730a79d5f14df6f54c6c62a635e4049bd00b74928
                          • Instruction ID: 3b313bc9456496aef8ef1a9ccbcd5cf24f43e8d2330b87e5e96716d37979b7e6
                          • Opcode Fuzzy Hash: 00124ca23dce0ee5c2a0520730a79d5f14df6f54c6c62a635e4049bd00b74928
                          • Instruction Fuzzy Hash: 3A01FD70D01209DFCB45EFA8C8546EEBBB0FF0A300F144AAAC455A7265EB704A91CF80
                          Memory Dump Source
                          • Source File: 00000012.00000002.2267406694.00000000030B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 030B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_18_2_30b0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: eaa5e0962160975cf9d90f202bfa68f8b643d0ae7ae929c7b57262f1ae320dc9
                          • Instruction ID: be37fbc2f9fa3fe1b2ca8d302a393271f03e97da15115301c32b423b11b885fe
                          • Opcode Fuzzy Hash: eaa5e0962160975cf9d90f202bfa68f8b643d0ae7ae929c7b57262f1ae320dc9
                          • Instruction Fuzzy Hash: 5DF0B274D01209EFCB45EFB8D544AEEBBB4FB09300F104AAAC415A7254EB709A45CF80
                          Strings
                          Memory Dump Source
                          • Source File: 00000013.00000002.2267454196.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_19_2_11a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID: dhq
                          • API String ID: 0-2324836203
                          • Opcode ID: ee9b161cd7b3d2fc3c49676c00455d6786ba1d8b60cb3bd0f07d2af2dfa96f99
                          • Instruction ID: 6c28b63b675fec4b83956ab833411c0875a70418a5705a8d0dbc6d5e90e57d67
                          • Opcode Fuzzy Hash: ee9b161cd7b3d2fc3c49676c00455d6786ba1d8b60cb3bd0f07d2af2dfa96f99
                          • Instruction Fuzzy Hash: 3D8294B8900229CFCB24DF68D984BDDBBB1BF49304F5086A6D409AB365D734AE85CF50
                          Memory Dump Source
                          • Source File: 00000013.00000002.2267454196.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_19_2_11a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c8a95999e2d485679c1e2a66c3a6c9bcf7adc183bd235c7167491960f666a27c
                          • Instruction ID: 8d1d77ac813ed02c373e58127d89cc6b59436af2d48c1517482e2bd4dfdf1806
                          • Opcode Fuzzy Hash: c8a95999e2d485679c1e2a66c3a6c9bcf7adc183bd235c7167491960f666a27c
                          • Instruction Fuzzy Hash: CC31D7B5D293869FCB03EB74D8946883FB1EF56301F0589E6D084CF267E639194ACB91
                          Memory Dump Source
                          • Source File: 00000013.00000002.2267454196.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_19_2_11a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b8857b6cadb9f6917f3cdd1f083cc355a968cd71e20757e9a273a56314d678c0
                          • Instruction ID: 9657410c6afdb25382aabad1a8b7925b506a78f96f806474b0c8ae9aa5406805
                          • Opcode Fuzzy Hash: b8857b6cadb9f6917f3cdd1f083cc355a968cd71e20757e9a273a56314d678c0
                          • Instruction Fuzzy Hash: 2A2190B592430B9FCB02EF68E9907897FF1FB45305F0089A9E0449F76AD779194ACB81
                          Memory Dump Source
                          • Source File: 00000013.00000002.2267454196.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_19_2_11a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6d9826ed20009d201f740137670b6a2b8fd4ab8958d04d5607dba85a0c98fdeb
                          • Instruction ID: dc3e0dd206c5eb9ef16a4d0467a8682c379d658a1b7d8d0e24af1b69087323bd
                          • Opcode Fuzzy Hash: 6d9826ed20009d201f740137670b6a2b8fd4ab8958d04d5607dba85a0c98fdeb
                          • Instruction Fuzzy Hash: C2213AB1E0024A9FCF01DFA9D5909DDBFB1EF49310F8581A6D564BB251DB30AA46CB90
                          Memory Dump Source
                          • Source File: 00000013.00000002.2267454196.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_19_2_11a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3289db107294ac36ae84833c85c4ba28075d4f12d3eb3685cdaa4c0ed63b602
                          • Instruction ID: eb3b696a3e3b0bab56bb15d422755f00c3668de0df6c9fdbe41458154229c736
                          • Opcode Fuzzy Hash: f3289db107294ac36ae84833c85c4ba28075d4f12d3eb3685cdaa4c0ed63b602
                          • Instruction Fuzzy Hash: 71111FB5D2031B9FCB01EF68E98468D7BF1FB44305F408A68E1449B35ADB795A46CF80
                          Memory Dump Source
                          • Source File: 00000013.00000002.2267454196.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_19_2_11a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1ebc141f076421680c462579e8a7aecb903b638650427cf8d15df5bdd4de8429
                          • Instruction ID: 4c57e3905dcbf9135d054b7c1ec3258ef8b98daaa32c9bb62bed3dd3b079aa6b
                          • Opcode Fuzzy Hash: 1ebc141f076421680c462579e8a7aecb903b638650427cf8d15df5bdd4de8429
                          • Instruction Fuzzy Hash: 02F037B8D04209ABCF05DF96D8543EEBBF4EB89314F805025D514B6240D7795A0ACFA5
                          Memory Dump Source
                          • Source File: 00000013.00000002.2267454196.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_19_2_11a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 671e8586b068bab7f093c0c402a0a2036e8f30cf7ff1a5bce406a3a72550ab4b
                          • Instruction ID: 0d2ea22a9824883496707ee96976ecab4d93362f720bf6eec5b474aa7f74c007
                          • Opcode Fuzzy Hash: 671e8586b068bab7f093c0c402a0a2036e8f30cf7ff1a5bce406a3a72550ab4b
                          • Instruction Fuzzy Hash: 3301F6B4C052099FCB05DFA8C9946ADBBB0FF05200F5045AAD495E7251E7355A45CB81
                          Memory Dump Source
                          • Source File: 00000013.00000002.2267454196.00000000011A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 011A0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_19_2_11a0000_SecuriteInfo.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 89f92c2c087aa1425d988cc0b23caf10055e62d4a8f9865b6e1aac2031b915a0
                          • Instruction ID: b67ddcbea8576fd420d4d54fc09d8740435c66d12e081b5c510fa2e550c08139
                          • Opcode Fuzzy Hash: 89f92c2c087aa1425d988cc0b23caf10055e62d4a8f9865b6e1aac2031b915a0
                          • Instruction Fuzzy Hash: E4F0B2B4C01209EFCB45EFB8D584AAEBBB4FB05300F5046AAD455E7254EB719A44DB80