Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Order Details.exe

Overview

General Information

Sample name:Order Details.exe
Analysis ID:1464862
MD5:65e2a9349c75ee34280992ed2e7aa548
SHA1:d57c9017e2cbdb589c2698d899ee7f9063e35142
SHA256:552e61ad619a32a252b5a7e52dfee9aff417040e147e34bf0111e3f89dc433aa
Tags:exeSnakeKeylogger
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected UAC Bypass using CMSTP
AI detected suspicious sample
Allocates memory in foreign processes
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
One or more processes crash
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Order Details.exe (PID: 6836 cmdline: "C:\Users\user\Desktop\Order Details.exe" MD5: 65E2A9349C75EE34280992ED2E7AA548)
    • RegSvcs.exe (PID: 6976 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
    • RegSvcs.exe (PID: 7008 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
    • WerFault.exe (PID: 5228 cmdline: C:\Windows\system32\WerFault.exe -u -p 6836 -s 1020 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "rightlut@valleycountysar.org", "Password": "fY,FLoadtsiF", "Host": "valleycountysar.org", "Port": "26"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x1484e:$a1: get_encryptedPassword
      • 0x14b3a:$a2: get_encryptedUsername
      • 0x1465a:$a3: get_timePasswordChanged
      • 0x14755:$a4: get_passwordField
      • 0x14864:$a5: set_encryptedPassword
      • 0x15e37:$a7: get_logins
      • 0x15d9a:$a10: KeyLoggerEventArgs
      • 0x15a33:$a11: KeyLoggerEventArgsEventHandler
      00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x18110:$x1: $%SMTPDV$
      • 0x18176:$x2: $#TheHashHere%&
      • 0x1976d:$x3: %FTPDV$
      • 0x19861:$x4: $%TelegramDv$
      • 0x15a33:$x5: KeyLoggerEventArgs
      • 0x15d9a:$x5: KeyLoggerEventArgs
      • 0x19791:$m2: Clipboard Logs ID
      • 0x199b1:$m2: Screenshot Logs ID
      • 0x19ac1:$m2: keystroke Logs ID
      • 0x19d9b:$m3: SnakePW
      • 0x19989:$m4: \SnakeKeylogger\
      00000001.00000002.4089979880.00000000031CC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 16 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.Order Details.exe.256901bd028.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          0.2.Order Details.exe.256901bd028.0.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            0.2.Order Details.exe.256901bd028.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12c4e:$a1: get_encryptedPassword
            • 0x12f3a:$a2: get_encryptedUsername
            • 0x12a5a:$a3: get_timePasswordChanged
            • 0x12b55:$a4: get_passwordField
            • 0x12c64:$a5: set_encryptedPassword
            • 0x14237:$a7: get_logins
            • 0x1419a:$a10: KeyLoggerEventArgs
            • 0x13e33:$a11: KeyLoggerEventArgsEventHandler
            0.2.Order Details.exe.256901bd028.0.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a56b:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x1979d:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x19bd0:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1ac0f:$a5: \Kometa\User Data\Default\Login Data
            0.2.Order Details.exe.256901bd028.0.unpackINDICATOR_SUSPICIOUS_EXE_DotNetProcHookDetects executables with potential process hoockingditekSHen
            • 0x137d6:$s1: UnHook
            • 0x137dd:$s2: SetHook
            • 0x137e5:$s3: CallNextHook
            • 0x137f2:$s4: _hook
            Click to see the 28 entries

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Found malware configuration
            Source: 00000001.00000002.4089979880.0000000003001000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "rightlut@valleycountysar.org", "Password": "fY,FLoadtsiF", "Host": "valleycountysar.org", "Port": "26"}
            Multi AV Scanner detection for submitted file
            Source: Order Details.exeReversingLabs: Detection: 47%
            Source: Order Details.exeVirustotal: Detection: 44%Perma Link
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: Order Details.exeJoe Sandbox ML: detected

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org

            Exploits

            barindex
            Yara detected UAC Bypass using CMSTP
            Source: Yara matchFile source: 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTR
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49733 version: TLS 1.0
            Source: Order Details.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: mscorlib.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.ni.pdbRSDS source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: mscorlib.ni.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.Core.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.pdbp source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.ni.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.Core.ni.pdbRSDS source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: Microsoft.VisualBasic.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.Core.ni.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 013DF1F6h1_2_013DF007
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 013DFB80h1_2_013DF007
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h1_2_013DE528
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEC8F1h1_2_05BEC648
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEC041h1_2_05BEBD98
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BE1011h1_2_05BE0D60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEF009h1_2_05BEED60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEE759h1_2_05BEE4B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BE0751h1_2_05BE04A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEB791h1_2_05BEB4E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEDEA9h1_2_05BEDC00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEDA51h1_2_05BED7A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BED1A1h1_2_05BECEF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BE1A38h1_2_05BE1620
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEF8B9h1_2_05BEF610
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BE1A38h1_2_05BE1610
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEF461h1_2_05BEF1B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEC499h1_2_05BEC1F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BE1471h1_2_05BE11C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEEBB1h1_2_05BEE908
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BE0BB1h1_2_05BE0900
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BE1A38h1_2_05BE1966
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEBBE9h1_2_05BEB940
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEE301h1_2_05BEE058
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BE02F1h1_2_05BE0040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BED5F9h1_2_05BED350
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BECD49h1_2_05BECAA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 05BEFD11h1_2_05BEFA68
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC8945h1_2_06AC8608
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]1_2_06AC36CE
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC6171h1_2_06AC5EC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC58C1h1_2_06AC5618
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC5D19h1_2_06AC5A70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]1_2_06AC33A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]1_2_06AC33B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC6E79h1_2_06AC6BD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC65C9h1_2_06AC6320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC6A21h1_2_06AC6778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC7751h1_2_06AC74A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC0741h1_2_06AC0498
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC0B99h1_2_06AC08F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC02E9h1_2_06AC0040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC72FAh1_2_06AC7050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC8459h1_2_06AC81B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC5441h1_2_06AC5198
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC7BA9h1_2_06AC7900
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC0FF1h1_2_06AC0D48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06AC8001h1_2_06AC7D58

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPE
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.4:49733 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: RegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030C6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: RegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030B4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003109000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030C6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003190000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: RegSvcs.exe, 00000001.00000002.4089979880.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: Order Details.exe, 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: RegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: RegSvcs.exe, 00000001.00000002.4089979880.0000000003001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
            Source: RegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003109000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030C6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: Order Details.exe, 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030C6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
            Source: RegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003109000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
            Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: RegSvcs.exe PID: 6976, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: RegSvcs.exe PID: 6976, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: Order Details.exe
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess Stats: CPU usage > 49%
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8A37DC0_2_00007FFD9B8A37DC
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8A8B500_2_00007FFD9B8A8B50
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8B42B80_2_00007FFD9B8B42B8
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8A16080_2_00007FFD9B8A1608
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8AB6310_2_00007FFD9B8AB631
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8A5D980_2_00007FFD9B8A5D98
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8AB1A90_2_00007FFD9B8AB1A9
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8AE1CD0_2_00007FFD9B8AE1CD
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B9700500_2_00007FFD9B970050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013D61081_2_013D6108
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DC1901_2_013DC190
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DF0071_2_013DF007
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DB3281_2_013DB328
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013D95401_2_013D9540
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DC4701_2_013DC470
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DC7521_2_013DC752
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013D68801_2_013D6880
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DBBD21_2_013DBBD2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DCA321_2_013DCA32
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013D4AD91_2_013D4AD9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DBEB01_2_013DBEB0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DE5281_2_013DE528
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DE5171_2_013DE517
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013D35721_2_013D3572
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_013DB4F21_2_013DB4F2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE84601_2_05BE8460
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEC6481_2_05BEC648
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE38701_2_05BE3870
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE7B701_2_05BE7B70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEBD981_2_05BEBD98
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE7D901_2_05BE7D90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEBD881_2_05BEBD88
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE0D601_2_05BE0D60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEED601_2_05BEED60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEED501_2_05BEED50
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE0D511_2_05BE0D51
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEE4B01_2_05BEE4B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE04A01_2_05BE04A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEE4A01_2_05BEE4A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE04901_2_05BE0490
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEB4E81_2_05BEB4E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEB4D71_2_05BEB4D7
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEDC001_2_05BEDC00
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BED7A81_2_05BED7A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BED7981_2_05BED798
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BECEF81_2_05BECEF8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BECEEB1_2_05BECEEB
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEC6381_2_05BEC638
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEF6101_2_05BEF610
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEF6001_2_05BEF600
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEF1B81_2_05BEF1B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE11B01_2_05BE11B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEF1A91_2_05BEF1A9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEC1F01_2_05BEC1F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEC1E01_2_05BEC1E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE11C01_2_05BE11C0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEB9301_2_05BEB930
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEE9081_2_05BEE908
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE09001_2_05BE0900
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEB9401_2_05BEB940
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEE8F81_2_05BEE8F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE08F01_2_05BE08F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE00061_2_05BE0006
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE38601_2_05BE3860
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEE0581_2_05BEE058
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEE04B1_2_05BEE04B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE00401_2_05BE0040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEDBF11_2_05BEDBF1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE73E81_2_05BE73E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BED3501_2_05BED350
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BED3401_2_05BED340
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BECAA01_2_05BECAA0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BECA901_2_05BECA90
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEFA681_2_05BEFA68
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BEFA591_2_05BEFA59
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACB6E81_2_06ACB6E8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC86081_2_06AC8608
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACD6701_2_06ACD670
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACAA581_2_06ACAA58
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACC3881_2_06ACC388
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC8BF21_2_06AC8BF2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACB0A01_2_06ACB0A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACD0281_2_06ACD028
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACA4081_2_06ACA408
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC11A01_2_06AC11A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACC9D81_2_06ACC9D8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACBD381_2_06ACBD38
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC5EB81_2_06AC5EB8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC5EC81_2_06AC5EC8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACB6D91_2_06ACB6D9
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC560B1_2_06AC560B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC86031_2_06AC8603
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC56181_2_06AC5618
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC5A601_2_06AC5A60
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACD6611_2_06ACD661
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC5A701_2_06AC5A70
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACAA531_2_06ACAA53
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC33A81_2_06AC33A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC33B81_2_06AC33B8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACA3F81_2_06ACA3F8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC6BC11_2_06AC6BC1
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC6BD01_2_06AC6BD0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC63201_2_06AC6320
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC37301_2_06AC3730
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC63131_2_06AC6313
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC676B1_2_06AC676B
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC67781_2_06AC6778
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACC3781_2_06ACC378
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC74A81_2_06AC74A8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC28B01_2_06AC28B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACB08F1_2_06ACB08F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC04881_2_06AC0488
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC04981_2_06AC0498
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC74971_2_06AC7497
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC08E01_2_06AC08E0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC08F01_2_06AC08F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC78F01_2_06AC78F0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC44301_2_06AC4430
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC28091_2_06AC2809
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC00061_2_06AC0006
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC28071_2_06AC2807
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACD0181_2_06ACD018
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC70491_2_06AC7049
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC00401_2_06AC0040
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC70501_2_06AC7050
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC81A01_2_06AC81A0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC81B01_2_06AC81B0
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC518F1_2_06AC518F
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC51981_2_06AC5198
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC11911_2_06AC1191
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACC9C81_2_06ACC9C8
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06ACBD281_2_06ACBD28
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC0D391_2_06AC0D39
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC79001_2_06AC7900
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC0D481_2_06AC0D48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC7D481_2_06AC7D48
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06AC7D581_2_06AC7D58
            Source: C:\Users\user\Desktop\Order Details.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6836 -s 1020
            Source: Order Details.exeStatic PE information: No import functions for PE file found
            Source: Order Details.exe, 00000000.00000002.1809623845.00000256902FB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEjejiqosijL vs Order Details.exe
            Source: Order Details.exe, 00000000.00000002.1811313731.00000256F0940000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameEjejiqosijL vs Order Details.exe
            Source: Order Details.exe, 00000000.00000000.1633940477.00000256EEDB2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameUsiluqiqadB vs Order Details.exe
            Source: Order Details.exe, 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs Order Details.exe
            Source: Order Details.exe, 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameEjejiqosijL vs Order Details.exe
            Source: Order Details.exeBinary or memory string: OriginalFilenameUsiluqiqadB vs Order Details.exe
            Source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: RegSvcs.exe PID: 6976, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: RegSvcs.exe PID: 6976, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, --.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@6/5@2/2
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
            Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6836
            Source: C:\Windows\System32\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\d81cd5a7-e947-47e5-b25d-1731c70e8231Jump to behavior
            Source: Order Details.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\Order Details.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: RegSvcs.exe, 00000001.00000002.4089979880.0000000003249000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003257000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003239000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: Order Details.exeReversingLabs: Detection: 47%
            Source: Order Details.exeVirustotal: Detection: 44%
            Source: C:\Users\user\Desktop\Order Details.exeFile read: C:\Users\user\Desktop\Order Details.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\Order Details.exe "C:\Users\user\Desktop\Order Details.exe"
            Source: C:\Users\user\Desktop\Order Details.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
            Source: C:\Users\user\Desktop\Order Details.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
            Source: C:\Users\user\Desktop\Order Details.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 6836 -s 1020
            Source: C:\Users\user\Desktop\Order Details.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Order Details.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: Order Details.exeStatic file information: File size 1170592 > 1048576
            Source: Order Details.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Order Details.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: Microsoft.VisualBasic.ni.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: mscorlib.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.ni.pdbRSDS source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: mscorlib.ni.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.Core.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.pdbp source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: Microsoft.VisualBasic.ni.pdbRSDS& source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.ni.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.Core.ni.pdbRSDS source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: Microsoft.VisualBasic.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Binary string: System.Core.ni.pdb source: WERB9AC.tmp.dmp.5.dr
            Source: Order Details.exeStatic PE information: 0x840105AF [Tue Mar 6 15:11:43 2040 UTC]
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8A77F3 pushad ; retf 0_2_00007FFD9B8A789D
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B8A789E push eax; retf 0_2_00007FFD9B8A78AD
            Source: C:\Users\user\Desktop\Order Details.exeCode function: 0_2_00007FFD9B970050 push esp; retf 4810h0_2_00007FFD9B970312
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE2E78 push esp; iretd 1_2_05BE2E79
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE2840 push esp; retf 1_2_05BE2AC9
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTR
            Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
            Source: C:\Users\user\Desktop\Order Details.exeMemory allocated: 256EF0E0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeMemory allocated: 256F0A80000 memory reserve | memory write watchJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599765Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599547Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599437Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599218Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599108Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598838Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598719Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598609Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598500Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598390Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598281Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598171Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598062Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597953Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597843Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597733Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597622Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597513Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597390Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597281Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597172Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597062Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596953Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596844Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596734Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596625Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596513Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596390Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596281Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596172Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596062Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595953Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595843Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595625Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595405Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595297Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595187Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595078Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594968Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594859Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594750Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594640Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594531Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 7594Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 2261Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599875Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599765Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599547Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599437Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599328Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599218Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599108Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599000Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598838Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598719Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598609Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598500Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598390Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598281Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598171Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598062Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597953Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597843Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597733Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597622Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597513Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597390Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597281Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597172Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597062Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596953Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596844Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596734Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596625Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596513Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596390Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596281Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596172Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596062Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595953Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595843Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595625Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595405Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595297Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595187Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595078Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594968Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594859Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594750Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594640Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594531Jump to behavior
            Source: Amcache.hve.5.drBinary or memory string: VMware
            Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
            Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
            Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
            Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
            Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
            Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
            Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
            Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
            Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
            Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
            Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
            Source: RegSvcs.exe, 00000001.00000002.4089673487.0000000001498000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: Amcache.hve.5.drBinary or memory string: vmci.sys
            Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
            Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
            Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
            Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
            Source: Amcache.hve.5.drBinary or memory string: VMware20,1
            Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
            Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
            Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
            Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
            Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
            Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
            Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
            Source: Order Details.exe, 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
            Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
            Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
            Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
            Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
            Source: C:\Users\user\Desktop\Order Details.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_05BE7B70 LdrInitializeThunk,1_2_05BE7B70
            Source: C:\Users\user\Desktop\Order Details.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Allocates memory in foreign processes
            Source: C:\Users\user\Desktop\Order Details.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\Order Details.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\Order Details.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 402000Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 422000Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 424000Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: FB3008Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"Jump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeQueries volume information: C:\Users\user\Desktop\Order Details.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\Order Details.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
            Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
            Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
            Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
            Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4089979880.00000000031CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4089979880.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6976, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6976, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 0.2.Order Details.exe.256901bd028.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901dda70.1.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901dda70.1.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0.2.Order Details.exe.256901bd028.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4089979880.00000000031CC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.4089979880.0000000003001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Order Details.exe PID: 6836, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 6976, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		311
            Process Injection            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		121
            Security Software Discovery            		Remote Services1
            Email Collection            		11
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            DLL Side-Loading            		31
            Virtualization/Sandbox Evasion            		LSASS Memory31
            Virtualization/Sandbox Evasion            		Remote Desktop Protocol11
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)311
            Process Injection            		Security Account Manager1
            Application Window Discovery            		SMB/Windows Admin Shares1
            Data from Local System            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Deobfuscate/Decode Files or Information            		NTDS1
            System Network Configuration Discovery            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
            Obfuscated Files or Information            		LSA Secrets13
            System Information Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Timestomp            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
            DLL Side-Loading            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Order Details.exe47%ReversingLabsByteCode-MSIL.Trojan.SpyNoon
            Order Details.exe45%VirustotalBrowse
            Order Details.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            reallyfreegeoip.org0%VirustotalBrowse
            checkip.dyndns.com0%VirustotalBrowse
            checkip.dyndns.org1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://upx.sf.net0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://reallyfreegeoip.org0%Avira URL Cloudsafe
            http://checkip.dyndns.org/0%Avira URL Cloudsafe
            http://checkip.dyndns.com0%Avira URL Cloudsafe
            http://checkip.dyndns.org0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
            http://checkip.dyndns.com0%VirustotalBrowse
            http://checkip.dyndns.org/1%VirustotalBrowse
            https://reallyfreegeoip.org0%VirustotalBrowse
            https://reallyfreegeoip.org/xml/8.46.123.33$0%Avira URL Cloudsafe
            http://checkip.dyndns.org/q0%Avira URL Cloudsafe
            http://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/0%Avira URL Cloudsafe
            http://reallyfreegeoip.org0%VirustotalBrowse
            http://checkip.dyndns.org1%VirustotalBrowse
            http://checkip.dyndns.org/q0%VirustotalBrowse
            https://reallyfreegeoip.org/xml/0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            		188.114.97.3
            		truetrueunknown
            checkip.dyndns.com
            		132.226.247.73
            		truefalseunknown
            checkip.dyndns.org
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            http://checkip.dyndns.org/false
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.33false
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            https://reallyfreegeoip.orgRegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003109000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030C6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://upx.sf.netAmcache.hve.5.drfalse
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.orgRegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030B4000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003109000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030C6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003190000.00000004.00000800.00020000.00000000.sdmpfalse
            • 1%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.comRegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030C6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.33$RegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003109000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000001.00000002.4089979880.0000000003001000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.org/qOrder Details.exe, 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://reallyfreegeoip.orgRegSvcs.exe, 00000001.00000002.4089979880.000000000315A000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031AF000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003167000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003182000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000031BE000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.0000000003174000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030DF000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.org/xml/Order Details.exe, 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4089979880.00000000030C6000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            188.114.97.3
            		reallyfreegeoip.orgEuropean Union
            		13335CLOUDFLARENETUStrue
            132.226.247.73
            		checkip.dyndns.comUnited States
            		16989UTMEMUSfalse

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1464862
            Start date and time:2024-06-30 17:14:05 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 7m 30s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:default.jbs
            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
            Number of analysed new started processes analysed:11
            Number of new started drivers analysed:0
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:Order Details.exe
            Detection:MAL
            Classification:mal100.troj.spyw.expl.evad.winEXE@6/5@2/2
            EGA Information:
            • Successful, ratio: 50%
            HCA Information:
            • Successful, ratio: 90%
            • Number of executed functions: 210
            • Number of non-executed functions: 48
            Cookbook Comments:
            • Found application associated with file extension: .exe
            • Override analysis time to 240000 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
            • Excluded IPs from analysis (whitelisted): 20.189.173.22
            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
            • Execution Graph export aborted for target Order Details.exe, PID 6836 because it is empty
            • Not all processes where analyzed, report is missing behavior information
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.
            • Report size getting too big, too many NtSetInformationFile calls found.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            11:14:58API Interceptor12542514x Sleep call for process: RegSvcs.exe modified
            11:15:10API Interceptor1x Sleep call for process: WerFault.exe modified

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            188.114.97.3BbaXbvOA7D.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 228282cm.nyashka.top/ExternalimagevmRequestlongpollsqldbLocal.php
            j05KsN2280.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 640740cm.nyashka.top/providerEternalGameWindowstest.php
            QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • filetransfer.io/data-package/L69kvhYI/download
            Techno_PO LV12406-00311.xla.xlsxGet hashmaliciousUnknownBrowse
            • qr-in.com/cpGHnqq
            QUOTATION_JUNQTRA031244#U0652PDF.scr.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
            • filetransfer.io/data-package/Txmfx0A2/download
            RITS Ref 3379-06.exeGet hashmaliciousFormBookBrowse
            • www.ad14.fun/az6h/
            QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
            • filetransfer.io/data-package/khvbX8Pe/download
            QUOTATION_JUNQTRA031244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
            • filetransfer.io/data-package/khvbX8Pe/download
            NGL 3200-Phase 2- Strainer.exeGet hashmaliciousFormBookBrowse
            • www.ad14.fun/az6h/
            IMG_05831_0172.exeGet hashmaliciousAzorult, PureLog StealerBrowse
            • hqt3.shop/PL341/index.php
            132.226.247.73itinerary_1719382117.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            Halkbank_Ekstre_20240625_082306_910668.bat.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            242010.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            Baltic questionnaire.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            SecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.23220.28486.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            SecuriteInfo.com.Win32.TrojanX-gen.29327.20826.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            CTM USD28600.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            rGcsbax.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • checkip.dyndns.org/
            CTM USD28600.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            H63wbLUzEQ.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            reallyfreegeoip.orgnew order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            IMG_2007_520073.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 188.114.96.3
            PRODUCTS LIST.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            PRODUCTS LIST.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            z1MB267382625AE.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            checkip.dyndns.comnew order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            IMG_2007_520073.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 158.101.44.242
            Find-DscResource_QoS.ps1Get hashmaliciousUnknownBrowse
            • 132.226.8.169
            PRODUCTS LIST.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            CLOUDFLARENETUSBbaXbvOA7D.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 188.114.97.3
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            cL7A9wGE3w.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 188.114.96.3
            https://bit.ly/3RPGSFw?lBj=IgAqyyGiOF?ehd=cNhnM3Ug7IGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            a.exeGet hashmaliciousUnknownBrowse
            • 104.16.184.241
            exeGet hashmaliciousUnknownBrowse
            • 172.67.159.30
            https://fhdqc8.fi59.fdske.com/ec/gAAAAABmfF3sPeQKBD_Act5bCCrkUMkGrd87GXE85ptSvU0h8H9S97li_YZ1W2sNi71P90U8x627NEH6e-kCa62tjlvXVsamrSGp1TAMFtfgRydM8D-QFp4rxbgAeEilnkMUdRVDSB2T_2Qfh0hQuA2S3kIGAGxxOhLGRZlimak4HvWAhPpr3cGXO1dkFMRkycppPQIWKMCxf7zn-Sf2FKVlkV3bIiKpv65JecmpKmv7K1YnibkbTtyYKjzM0RBpe8SGtfO5gpSHLvPTYqZjsrGpeXbXcWmlaR9PZhWomJ586b1OeF7psyrkOXu7PHMFbYVK6t7rkfnsF9FVAXEF_z9qYdd6yq7sZRqhCkgEwDqZaPg8lBDqiVI04is9Ux1ckCdi1zoggbpZr_i4tJ1iUVNzVnpUh4z0GQ==Get hashmaliciousHTMLPhisherBrowse
            • 104.17.2.184
            https://carsales.au1.documents.adobe.com/public/esign?tsid=CBFCIBAACBSCTBABDUAAABACAABAAfnb-qPSyZecO9B5ZfywmNLbpLvp031ot7ln8fPgu7eWwZ19_ZPQHTOqDMGxjirJcrmCsSaiIDmPdIRas_zn4z1go8wNiaf6T7KGdMemdAI87j-2cWRTSM8MgKsIEHUt-&Get hashmaliciousUnknownBrowse
            • 162.247.243.29
            j05KsN2280.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
            • 188.114.97.3
            UTMEMUSLETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            Find-DscResource_QoS.ps1Get hashmaliciousUnknownBrowse
            • 132.226.8.169
            LEpsypIZxU.elfGet hashmaliciousMirai, MoobotBrowse
            • 128.169.91.82
            itinerary_1719382117.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            Halkbank_Ekstre_20240625_082306_910668.bat.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            242010.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            MT STENA IMPRESSION Vessel Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            Baltic questionnaire.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            SecuriteInfo.com.TrojanLoader.MSIL.DaVinci.Heur.23220.28486.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73

            JA3 Fingerprints

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            54328bd36c14bd82ddaa0c04b25ed9adnew order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            MT Marine Tiger.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            vsl particulars packing list.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            new order.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            IMG_2007_520073.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 188.114.97.3
            30 - 3050324.scr.exeGet hashmaliciousRemcosBrowse
            • 188.114.97.3
            PRODUCTS LIST.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            PRODUCTS LIST.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3

            Dropped Files

            No context

            Created / dropped Files

            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Order Details.ex_9715ab41e2aa1b5a6cab55974f5a7035c329fd_101e8af1_6d7596c0-b8b6-416a-be38-884cb1d59bf7\Report.wer

            Download File
            Process:C:\Windows\System32\WerFault.exe
            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):65536
            Entropy (8bit):0.9977283849752264
            Encrypted:false
            SSDEEP:96:agFWdOeYsBmqboNy/qhGQXIDcQqc6jcEOcw3W3+BHUHZ0ownOgFkEwH3d2FYAKcb:PGOeYT50UnU1aWB9fCzuiFqZ24lO8x
            MD5:DBD16D5362813DDD32043984EDDA005A
            SHA1:031427D87305E5B0413650BD8AB657210EE4070B
            SHA-256:C12CACB65F7CF93D5F48CEA6E72ED662CFBCC096E589D5CC7BDEB3BEBE6133FB
            SHA-512:D8243E03338C91D34EAAAF579D914256435B9418B00F5B77EB59771DDC9A5E16CEEDE73CEA798DD497B1163148E6FE121D02612AA9B1AB5FC3BA6045A5C0E833
            Malicious:false
            Reputation:low
            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.4.2.3.4.0.9.3.9.2.2.9.5.9.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.4.2.3.4.0.9.4.9.6.9.8.3.5.3.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.6.d.7.5.9.6.c.0.-.b.8.b.6.-.4.1.6.a.-.b.e.3.8.-.8.8.4.c.b.1.d.5.9.b.f.7.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.1.8.f.4.b.8.3.-.4.0.f.2.-.4.7.f.b.-.b.4.1.1.-.6.e.9.4.f.9.1.6.6.4.b.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.O.r.d.e.r. .D.e.t.a.i.l.s...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.U.s.i.l.u.q.i.q.a.d.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.b.4.-.0.0.0.1.-.0.0.1.4.-.e.a.5.1.-.e.d.4.1.0.0.c.b.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.f.2.1.3.d.f.2.b.d.2.3.1.1.3.a.8.f.7.5.2.b.5.b.9.1.1.6.e.7.b.f.8.0.0.0.0.0.0.0.0.!.0.0.0.0.d.5.7.c.9.0.1.7.e.2.c.b.d.b.5.8.9.c.2.6.9.8.d.8.9.9.e.e.7.f.9.0.6.3.e.3.5.1.4.2.!.O.r.d.e.r. .D.e.t.

            C:\ProgramData\Microsoft\Windows\WER\Temp\WERB9AC.tmp.dmp

            Download File
            Process:C:\Windows\System32\WerFault.exe
            File Type:Mini DuMP crash report, 16 streams, Sun Jun 30 15:14:54 2024, 0x1205a4 type
            Category:dropped
            Size (bytes):384897
            Entropy (8bit):3.2812206526945844
            Encrypted:false
            SSDEEP:3072:vV0vCzK2G7JnHDkzd40JyPhcSHl1CCq/p9u3+v008R:vqvN97V+SpdqB83QJ8
            MD5:9B596BE29FC5D87DE76FD31BA1902E2C
            SHA1:83C0323B3BED445483EF0E9B65B34A2C76C30471
            SHA-256:59B81DD8B657FF526BD856A42BA92AEBCBD712E35D017F3F61FBB5BD80CF3B0F
            SHA-512:E6AA5C42EA9D2876ECB99EB20C1B7469F592C2588789994B0C7855DA90914EF520EFDD0BCAF45A2C75922452047BF886F3FF6DF9BF6BB1B7586F60E1F1F69FAE
            Malicious:false
            Reputation:low
            Preview:MDMP..a..... .......nv.f....................................$.......................dD..^s..........l.......8...........T...........`(..!...........\6..........H8..............................................................................eJ.......8......Lw......................T...........lv.f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\ProgramData\Microsoft\Windows\WER\Temp\WERBCF9.tmp.WERInternalMetadata.xml

            Download File
            Process:C:\Windows\System32\WerFault.exe
            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
            Category:dropped
            Size (bytes):8610
            Entropy (8bit):3.710796941476304
            Encrypted:false
            SSDEEP:192:R6l7wVeJIDCX6Y9oGxTfgmfC6JTpr+89bLgs4fWZm:R6lXJIGX6YiGxTfgmfCiJLgbfZ
            MD5:53B0AB9FABC775B109E927CBCEB9EB5B
            SHA1:813DD37E56652593B1D7D100FA4A2340F7583900
            SHA-256:DEF7E6FB3EE60569F53A90D2EBB67082305DA8C276882432B670F64C431138F1
            SHA-512:B6AADEE5CBF9DB7DB24415D4B3437C950429617C1A0BF6D5377137B96168F18F43F192A7207030721FD992E3786808C14D03E76791D8B762A00BDD2663C93B88
            Malicious:false
            Reputation:low
            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.8.3.6.<./.P.i.

            C:\ProgramData\Microsoft\Windows\WER\Temp\WERBD28.tmp.xml

            Download File
            Process:C:\Windows\System32\WerFault.exe
            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):4775
            Entropy (8bit):4.504052753785976
            Encrypted:false
            SSDEEP:48:cvIwWl8zsEJg771I9YLWpW8VYcYm8M4JmAFZMkyq85txibM1LsK5d:uIjfCI7n67VkJvyibM1LsK5d
            MD5:F2999F5A3DA6E4E470C5DDEFBA437B86
            SHA1:C542F355F500EDE264A37EA143774426D4D81C88
            SHA-256:3879C94F2F1F67D0F1A061CC1C27714993EC1DA7B6361A654B08CBB2A423C3D2
            SHA-512:CB06B460436605CAE6BED295E42B5412AA8D2775D4E1EB0F7A67AB94E1E34C704A47CEB175050F5A0D3F8E2B994CE828C8DF788D0416826A5C2AB26FD3AFB376
            Malicious:false
            Reputation:low
            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="390617" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

            C:\Windows\appcompat\Programs\Amcache.hve

            Download File
            Process:C:\Windows\System32\WerFault.exe
            File Type:MS Windows registry file, NT/2000 or above
            Category:dropped
            Size (bytes):1835008
            Entropy (8bit):4.466006107662499
            Encrypted:false
            SSDEEP:6144:9IXfpi67eLPU9skLmb0b40WSPKaJG8nAgejZMMhA2gX4WABl0uNFdwBCswSbN:uXD940WlLZMM6YFHb+N
            MD5:CC4E39E74E4A853C3490FBCFDD21C8C4
            SHA1:1C4835D907D028F5B5DB96FA591A44C95522178B
            SHA-256:F8578355039A35F19528AD1E6A39E88D7670817392B90FF0765C105A2655BAA0
            SHA-512:CCD97993814A3CD91F5039A22C8A1FBA029FBBB468522ABDA083AF31B5468980F98DCC3AD99FF97D06218552A99891900B2C80ADE896E53682CBD9A003A62E2E
            Malicious:false
            Reputation:low
            Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm>0.B.................................................................................................................................................................................................................................................................................................................................................a.v........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            Static File Info

            General

            File type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
            Entropy (8bit):5.86448692771438
            TrID:
            • Win64 Executable GUI (202006/5) 92.65%
            • Win64 Executable (generic) (12005/4) 5.51%
            • Generic Win/DOS Executable (2004/3) 0.92%
            • DOS Executable Generic (2002/1) 0.92%
            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
            File name:Order Details.exe
            File size:1'170'592 bytes
            MD5:65e2a9349c75ee34280992ed2e7aa548
            SHA1:d57c9017e2cbdb589c2698d899ee7f9063e35142
            SHA256:552e61ad619a32a252b5a7e52dfee9aff417040e147e34bf0111e3f89dc433aa
            SHA512:c9e75dc48d42b67cada4b0e91123439c39d1609f241c40e39b0e7461befc1f9016e1c0e13f4046f9c3556284e5ff7befbd810c1bdf48fa7744fe510678c07796
            SSDEEP:12288:7fioXCFj7X9WyhW9f1hL5JyqPY3dhaGIUZo6Pku:eoX4tWb1Jy/hvhK6Pt
            TLSH:08451296B1970E17FE525830C0FABAF261FD1E6732F8B11FEF291C11428913CA5A4972
            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."...0..4............... ....@...... ....................................`................................

            File Icon

            Icon Hash:90cececece8e8eb0

            Static PE Info

            General

            Entrypoint:0x400000
            Entrypoint Section:
            Digitally signed:false
            Imagebase:0x400000
            Subsystem:windows gui
            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Time Stamp:0x840105AF [Tue Mar 6 15:11:43 2040 UTC]
            TLS Callbacks:
            CLR (.Net) Version:
            OS Version Major:4
            OS Version Minor:0
            File Version Major:4
            File Version Minor:0
            Subsystem Version Major:4
            Subsystem Version Minor:0
            Import Hash:

            Entrypoint Preview

            Instruction
            dec ebp
            pop edx
            nop
            add byte ptr [ebx], al
            add byte ptr [eax], al
            add byte ptr [eax+eax], al
            add byte ptr [eax], al

            Data Directories

            NameVirtual AddressVirtual Size Is in Section
            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000xa7c.rsrc
            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
            IMAGE_DIRECTORY_ENTRY_DEBUG0x54720x1c.text
            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_IAT0x00x0
            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

            Sections

            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
            .text0x20000x348e0x36008bd465a19b83ee31e11166defc133addFalse0.6351996527777778data6.114967319530224IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            .rsrc0x60000xa7c0xc002c54a8c5457bb92e34b67bcc204d342fFalse0.2721354166666667data4.390347394933058IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

            Resources

            NameRVASizeTypeLanguageCountryZLIB Complexity
            RT_VERSION0x60b80x3ecdata0.4800796812749004
            RT_VERSION0x64a40x3ecdataEnglishUnited States0.4800796812749004
            RT_MANIFEST0x68900x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

            Possible Origin

            Language of compilation systemCountry where language is spokenMap
            EnglishUnited States

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jun 30, 2024 17:14:54.499954939 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:54.504869938 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:54.504947901 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:54.505137920 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:54.510329962 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:55.329866886 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:55.375973940 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:55.597003937 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:55.909534931 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:56.414688110 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:56.414866924 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:56.518883944 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:57.485394001 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:57.485467911 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:57.488096952 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:57.488141060 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:57.490314007 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:57.490365982 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:57.490597963 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:57.490607977 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:57.490616083 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:57.490623951 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:57.704346895 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:57.753266096 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:57.871407032 CEST49733443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:57.871442080 CEST44349733188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:57.871505022 CEST49733443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:57.877315044 CEST49733443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:57.877331972 CEST44349733188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:58.398123026 CEST44349733188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:58.398243904 CEST49733443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:58.404139042 CEST49733443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:58.404148102 CEST44349733188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:58.404669046 CEST44349733188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:58.441529989 CEST49733443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:58.484535933 CEST44349733188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:58.564114094 CEST44349733188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:58.564388037 CEST44349733188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:58.564450979 CEST49733443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:58.571280956 CEST49733443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:58.574218988 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:58.579430103 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:59.015006065 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:59.016525984 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:59.016573906 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:59.018394947 CEST49735443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:59.018429041 CEST44349735188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:59.018481970 CEST49735443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:59.018757105 CEST49735443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:59.018769979 CEST44349735188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:59.496247053 CEST44349735188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:59.503072023 CEST49735443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:59.503091097 CEST44349735188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:59.909477949 CEST44349735188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:59.909738064 CEST44349735188.114.97.3192.168.2.4
            Jun 30, 2024 17:14:59.909797907 CEST49735443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:59.910140038 CEST49735443192.168.2.4188.114.97.3
            Jun 30, 2024 17:14:59.913966894 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:59.914974928 CEST4973880192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:59.922239065 CEST8049738132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:59.922310114 CEST4973880192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:59.922424078 CEST4973880192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:59.925920010 CEST8049731132.226.247.73192.168.2.4
            Jun 30, 2024 17:14:59.925971031 CEST4973180192.168.2.4132.226.247.73
            Jun 30, 2024 17:14:59.927248001 CEST8049738132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:00.786710978 CEST8049738132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:00.787966013 CEST49740443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:00.787996054 CEST44349740188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:00.788053989 CEST49740443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:00.788266897 CEST49740443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:00.788280010 CEST44349740188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:00.831351995 CEST4973880192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:01.262841940 CEST44349740188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:01.269231081 CEST49740443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:01.269260883 CEST44349740188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:01.393939972 CEST44349740188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:01.394402981 CEST44349740188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:01.394459009 CEST49740443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:01.394855976 CEST49740443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:01.397732973 CEST4973880192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:01.398704052 CEST4974180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:01.403036118 CEST8049738132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:01.403162956 CEST4973880192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:01.403799057 CEST8049741132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:01.403867960 CEST4974180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:01.404000998 CEST4974180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:01.408893108 CEST8049741132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:09.874614954 CEST8049741132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:09.875776052 CEST49747443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:09.875825882 CEST44349747188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:09.875891924 CEST49747443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:09.876131058 CEST49747443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:09.876144886 CEST44349747188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:09.925052881 CEST4974180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:10.369076014 CEST44349747188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:10.379329920 CEST49747443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:10.379359961 CEST44349747188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:10.523003101 CEST44349747188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:10.523087025 CEST44349747188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:10.523222923 CEST49747443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:10.523588896 CEST49747443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:10.526361942 CEST4974180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:10.527384996 CEST4974980192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:10.532193899 CEST8049741132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:10.532205105 CEST8049749132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:10.532257080 CEST4974180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:10.532315016 CEST4974980192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:10.532398939 CEST4974980192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:10.537241936 CEST8049749132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:11.208267927 CEST8049749132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:11.209316015 CEST49750443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:11.209362984 CEST44349750188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:11.209430933 CEST49750443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:11.209733009 CEST49750443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:11.209745884 CEST44349750188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:11.253160000 CEST4974980192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:11.716442108 CEST44349750188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:11.718210936 CEST49750443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:11.718240976 CEST44349750188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:11.846434116 CEST44349750188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:11.846528053 CEST44349750188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:11.846657038 CEST49750443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:11.847316027 CEST49750443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:11.859282017 CEST4975180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:11.864357948 CEST8049751132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:11.864444971 CEST4975180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:11.864548922 CEST4975180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:11.870085955 CEST8049751132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:12.569753885 CEST8049751132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:12.571201086 CEST49753443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:12.571263075 CEST44349753188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:12.571397066 CEST49753443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:12.571671963 CEST49753443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:12.571685076 CEST44349753188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:12.612525940 CEST4975180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:13.040035963 CEST44349753188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:13.041805029 CEST49753443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:13.041830063 CEST44349753188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:13.189938068 CEST44349753188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:13.190026999 CEST44349753188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:13.190469027 CEST49753443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:13.190836906 CEST49753443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:13.244396925 CEST4975180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:13.246144056 CEST4975480192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:13.249598980 CEST8049751132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:13.249666929 CEST4975180192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:13.251060963 CEST8049754132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:13.251123905 CEST4975480192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:13.251399994 CEST4975480192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:13.256247044 CEST8049754132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:13.927423954 CEST8049754132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:13.928860903 CEST49755443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:13.928952932 CEST44349755188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:13.929023027 CEST49755443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:13.929286003 CEST49755443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:13.929325104 CEST44349755188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:13.971918106 CEST4975480192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:14.403131962 CEST44349755188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:14.404900074 CEST49755443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:14.404952049 CEST44349755188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:14.545206070 CEST44349755188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:14.545286894 CEST44349755188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:14.545416117 CEST49755443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:14.545882940 CEST49755443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:14.549205065 CEST4975480192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:14.550343037 CEST4975680192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:14.554399967 CEST8049754132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:14.555089951 CEST4975480192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:14.555355072 CEST8049756132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:14.555424929 CEST4975680192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:14.555517912 CEST4975680192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:14.560496092 CEST8049756132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:15.234318018 CEST8049756132.226.247.73192.168.2.4
            Jun 30, 2024 17:15:15.236553907 CEST49757443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:15.236620903 CEST44349757188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:15.236701965 CEST49757443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:15.236947060 CEST49757443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:15.236978054 CEST44349757188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:15.284389973 CEST4975680192.168.2.4132.226.247.73
            Jun 30, 2024 17:15:15.744839907 CEST44349757188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:15.746361017 CEST49757443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:15.746406078 CEST44349757188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:15.876182079 CEST44349757188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:15.876254082 CEST44349757188.114.97.3192.168.2.4
            Jun 30, 2024 17:15:15.876569986 CEST49757443192.168.2.4188.114.97.3
            Jun 30, 2024 17:15:15.876718998 CEST49757443192.168.2.4188.114.97.3
            Jun 30, 2024 17:16:16.208129883 CEST8049749132.226.247.73192.168.2.4
            Jun 30, 2024 17:16:16.210350037 CEST4974980192.168.2.4132.226.247.73
            Jun 30, 2024 17:16:20.233983040 CEST8049756132.226.247.73192.168.2.4
            Jun 30, 2024 17:16:20.234056950 CEST4975680192.168.2.4132.226.247.73
            Jun 30, 2024 17:16:55.240870953 CEST4975680192.168.2.4132.226.247.73
            Jun 30, 2024 17:16:55.248692989 CEST8049756132.226.247.73192.168.2.4

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jun 30, 2024 17:14:54.480103970 CEST5283853192.168.2.41.1.1.1
            Jun 30, 2024 17:14:54.488773108 CEST53528381.1.1.1192.168.2.4
            Jun 30, 2024 17:14:57.854355097 CEST4935153192.168.2.41.1.1.1
            Jun 30, 2024 17:14:57.870848894 CEST53493511.1.1.1192.168.2.4

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jun 30, 2024 17:14:54.480103970 CEST192.168.2.41.1.1.10x8a14Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jun 30, 2024 17:14:57.854355097 CEST192.168.2.41.1.1.10x78c9Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jun 30, 2024 17:14:54.488773108 CEST1.1.1.1192.168.2.40x8a14No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jun 30, 2024 17:14:54.488773108 CEST1.1.1.1192.168.2.40x8a14No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jun 30, 2024 17:14:54.488773108 CEST1.1.1.1192.168.2.40x8a14No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jun 30, 2024 17:14:54.488773108 CEST1.1.1.1192.168.2.40x8a14No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jun 30, 2024 17:14:54.488773108 CEST1.1.1.1192.168.2.40x8a14No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jun 30, 2024 17:14:54.488773108 CEST1.1.1.1192.168.2.40x8a14No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jun 30, 2024 17:14:57.870848894 CEST1.1.1.1192.168.2.40x78c9No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jun 30, 2024 17:14:57.870848894 CEST1.1.1.1192.168.2.40x78c9No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • reallyfreegeoip.org
            • checkip.dyndns.org

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449731132.226.247.73806976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            Jun 30, 2024 17:14:54.505137920 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jun 30, 2024 17:14:55.329866886 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:55 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: c02cca598192016e1017da7d88bc9fd8
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jun 30, 2024 17:14:55.375973940 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jun 30, 2024 17:14:55.597003937 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jun 30, 2024 17:14:55.909534931 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jun 30, 2024 17:14:56.414688110 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:55 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: c02cca598192016e1017da7d88bc9fd8
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jun 30, 2024 17:14:56.518883944 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jun 30, 2024 17:14:57.485394001 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:55 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: c02cca598192016e1017da7d88bc9fd8
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jun 30, 2024 17:14:57.488096952 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:55 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: c02cca598192016e1017da7d88bc9fd8
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jun 30, 2024 17:14:57.490314007 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:55 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: c02cca598192016e1017da7d88bc9fd8
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jun 30, 2024 17:14:57.704346895 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:57 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 654a6a0f9c8f96d63cec6026143790a1
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jun 30, 2024 17:14:58.574218988 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jun 30, 2024 17:14:59.015006065 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:58 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: ead89fcd470991e07ab304742cc6e80d
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jun 30, 2024 17:14:59.016525984 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:58 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: ead89fcd470991e07ab304742cc6e80d
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449738132.226.247.73806976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            Jun 30, 2024 17:14:59.922424078 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jun 30, 2024 17:15:00.786710978 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:00 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 6acce699cb6a5aa18ad135eafebd1f0f
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.449741132.226.247.73806976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            Jun 30, 2024 17:15:01.404000998 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jun 30, 2024 17:15:09.874614954 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:09 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 197d3e8c384276dd5be7550589f33963
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.449749132.226.247.73806976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            Jun 30, 2024 17:15:10.532398939 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jun 30, 2024 17:15:11.208267927 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:11 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 3ad60338492112577bf5751844dcd373
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.449751132.226.247.73806976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            Jun 30, 2024 17:15:11.864548922 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jun 30, 2024 17:15:12.569753885 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:12 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: e416d899fe6e529511a6ad187daa76d7
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.449754132.226.247.73806976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            Jun 30, 2024 17:15:13.251399994 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jun 30, 2024 17:15:13.927423954 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:13 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 724570d9b105f6ac2b2b3e22a1c435a3
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.449756132.226.247.73806976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            Jun 30, 2024 17:15:14.555517912 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jun 30, 2024 17:15:15.234318018 CEST320INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:15 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 511eb04515cd182f209d86a4472c8402
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.449733188.114.97.34436976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            2024-06-30 15:14:58 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-06-30 15:14:58 UTC707INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:58 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 3062
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9DaofKCz3Y8PVs6nB%2BUQK1B9B5nTO%2Fg8uA3Cj42bIKoS%2BgTJ0eLPo8kDjcFJVIkVGRHoAlyu1z%2B0LmOqASKz25r934T3b9CPgWIkfOYRB0Lv0X6WLqhjHYF89wEhMwUvRx8N34Hc"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89bf1beb7aa64405-EWR
            alt-svc: h3=":443"; ma=86400
            2024-06-30 15:14:58 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-06-30 15:14:58 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.449735188.114.97.34436976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            2024-06-30 15:14:59 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-06-30 15:14:59 UTC709INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:14:59 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 3063
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fl%2BOidcdSwdnrhN1j4gAoRWvBs6g7UjeI9zGDcrGXEdKuyp%2BovVAfOXTyqTrwwXwzxZ2o0V%2BV%2F4khOsSg88PL4Ed96XeavK9BfVBnQC7JsU0rjPXp0Y81GCUJyG%2FFdSKUUx8zDwf"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89bf1bf24d0478d3-EWR
            alt-svc: h3=":443"; ma=86400
            2024-06-30 15:14:59 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-06-30 15:14:59 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.449740188.114.97.34436976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            2024-06-30 15:15:01 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-06-30 15:15:01 UTC707INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:01 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 3065
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u8eNJCUipMJm8Svoytjy6ImzuXHOw01jOgUjBesUIZJzlHLDjIWm4Dc2OyJ7uhZcQZtL6Fs8cwNyGtzZNvwc%2FYWahyJxd9brHN9GTdtyCp0Y795XkYi%2B%2FCG%2BD790q4m2qR4BGHdt"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89bf1bfd39037d08-EWR
            alt-svc: h3=":443"; ma=86400
            2024-06-30 15:15:01 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-06-30 15:15:01 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.449747188.114.97.34436976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            2024-06-30 15:15:10 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-06-30 15:15:10 UTC713INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:10 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 3074
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h6GcvyfuyrPepSfoACQJs%2B7NUlCH%2Fff2DITKuAp%2BCquZyCBkeWI%2FSyJ%2BXnG6Qy4LWRBRqymDxXciQ6UiQKvFA8I2vtDXSuhoqdlFu0yyf%2BT3%2BgkPmZgz3hb8BbGL4raTs6X4Xvpj"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89bf1c364ead439a-EWR
            alt-svc: h3=":443"; ma=86400
            2024-06-30 15:15:10 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-06-30 15:15:10 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.449750188.114.97.34436976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            2024-06-30 15:15:11 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-06-30 15:15:11 UTC709INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:11 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 3075
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NAJhpt3623fYumw50jmf5TkBWgQdyPMAdrcw%2FuodQ1djAD122Rm%2BJlJhe6lgyxFsV8ZSQbjiP9m3%2BN1bF2%2FfOoOZbcC0HALMJ1sNvhyovFxmHHhyFwTKxKkA0lwp%2BFbv2Mhb6Rgn"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89bf1c3e882243c1-EWR
            alt-svc: h3=":443"; ma=86400
            2024-06-30 15:15:11 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-06-30 15:15:11 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.449753188.114.97.34436976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            2024-06-30 15:15:13 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-06-30 15:15:13 UTC709INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:13 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 3077
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g99Z1AxVK7687C17Vb7wdUdDQrdXJZfSzYt%2BjvD7VZQWgTbNFWpcwRC5Eb81%2B33%2F5mTl1gpUHsga0VpfTWhY9h1Fuoa0yn2NdR9%2F859qzGbP7d2lM1W9ce8PXBSNI4PWjT7R%2BKGC"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89bf1c46f9a442b7-EWR
            alt-svc: h3=":443"; ma=86400
            2024-06-30 15:15:13 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-06-30 15:15:13 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.449755188.114.97.34436976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            2024-06-30 15:15:14 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-06-30 15:15:14 UTC709INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:14 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 3078
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rRd%2FitbTy9zBV89WHDNYDFs61MTtYdIWyRFpdD1tQ1g%2BH8ofUwj4PrhPiYjPmhACpgsTZRgDk7QX%2FobmaDrmfjiX2nV0Y1whh8ERwUw0GBNqA%2BPYovT%2B6n6TR4AGaH1DhJv0Wf5g"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89bf1c4f7d6f8c7e-EWR
            alt-svc: h3=":443"; ma=86400
            2024-06-30 15:15:14 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-06-30 15:15:14 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.449757188.114.97.34436976C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            TimestampBytes transferredDirectionData
            2024-06-30 15:15:15 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-06-30 15:15:15 UTC701INHTTP/1.1 200 OK
            Date: Sun, 30 Jun 2024 15:15:15 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 3079
            Last-Modified: Sun, 30 Jun 2024 14:23:56 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TL6sHstK1QvUcSjRR5weAmhSXAOZoYxY6BlcdF2lJPrrmPG95UJ5As7V2oFxlacnZlcZYp%2FFpsMELx5ivuXkuoUhNLKJlXAB3tdrnVJRGt7vg4bBYqNFNw2JIIzf8akPaTd3Bh2W"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89bf1c57c95043cf-EWR
            alt-svc: h3=":443"; ma=86400
            2024-06-30 15:15:15 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-06-30 15:15:15 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:11:14:52
            Start date:30/06/2024
            Path:C:\Users\user\Desktop\Order Details.exe
            Wow64 process (32bit):false
            Commandline:"C:\Users\user\Desktop\Order Details.exe"
            Imagebase:0x256eedb0000
            File size:1'170'592 bytes
            MD5 hash:65E2A9349C75EE34280992ED2E7AA548
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.1809623845.0000025690127000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.1809258786.0000025680037000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:true

            General

            Target ID:1
            Start time:11:14:53
            Start date:30/06/2024
            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            Wow64 process (32bit):true
            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
            Imagebase:0xd70000
            File size:45'984 bytes
            MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000001.00000002.4087508064.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.4089979880.00000000031CC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.4089979880.0000000003001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:high
            Has exited:false

            General

            Target ID:2
            Start time:11:14:53
            Start date:30/06/2024
            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
            Wow64 process (32bit):
            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\regsvcs.exe"
            Imagebase:
            File size:45'984 bytes
            MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:false

            General

            Target ID:5
            Start time:11:14:53
            Start date:30/06/2024
            Path:C:\Windows\System32\WerFault.exe
            Wow64 process (32bit):false
            Commandline:C:\Windows\system32\WerFault.exe -u -p 6836 -s 1020
            Imagebase:0x7ff7e7e00000
            File size:570'736 bytes
            MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            Disassembly

            Reset < >

              Executed Functions

              Function 00007FFD9B970050 Relevance: 2.4, Instructions: 2434COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812302241.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b970000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fa194d293e94e1c3f4b754a5487da0aa12bd4b5b2d40a37f1c6c78f4072588a
              • Instruction ID: daaffeb9fa9473e574bcd3c70c13f0e5653e02ba415055b2ba1ac55f2aa8911c
              • Opcode Fuzzy Hash: 7fa194d293e94e1c3f4b754a5487da0aa12bd4b5b2d40a37f1c6c78f4072588a
              • Instruction Fuzzy Hash: 44F25A31A1F7C95FEB66DB6888A55A47FE0FF56700F0A01FED089CB1A3DA146906C781
              Function 00007FFD9B8A1608 Relevance: 2.0, Strings: 1, Instructions: 704COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: d
              • API String ID: 0-2564639436
              • Opcode ID: bbc6b9c291f70de200a3664eebf67ec0af02c213097279897d970f185bd8c10f
              • Instruction ID: d84210b150fb792ee61c8d96f42332aa4f3182bc5a16356c5ffc1ad6a707d16a
              • Opcode Fuzzy Hash: bbc6b9c291f70de200a3664eebf67ec0af02c213097279897d970f185bd8c10f
              • Instruction Fuzzy Hash: 92128931B0EA4A0FEB6CDB6894A157177D1EF49310B0942BED49EC71A7EE24F8438391
              Function 00007FFD9B8A5D98 Relevance: 1.9, Strings: 1, Instructions: 617COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: c
              • API String ID: 0-112844655
              • Opcode ID: c544c5bd36cb84e19df96f5ac3f586d25cab24864df4f6c47ad0489fd81e6fc6
              • Instruction ID: 31ad5165d2a12ff83de37f28d0130ceb1e9f4de30d4d398ed70827490a5beb87
              • Opcode Fuzzy Hash: c544c5bd36cb84e19df96f5ac3f586d25cab24864df4f6c47ad0489fd81e6fc6
              • Instruction Fuzzy Hash: 3F12AA31B0E65A4FE768DB38C4645B577E1FF99300B1545BEE08AC71E2DE39A942CB80
              Function 00007FFD9B8A37DC Relevance: 1.7, Strings: 1, Instructions: 439COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: fish
              • API String ID: 0-1064584243
              • Opcode ID: fa84c3fbc26d0b61e1f6e1478b3f90607a1daf1276650bfe7dcb537601aa5520
              • Instruction ID: b4647edfa3136cd7bd337f4bec578b162b933c88c007560ca15779f8e9ded32e
              • Opcode Fuzzy Hash: fa84c3fbc26d0b61e1f6e1478b3f90607a1daf1276650bfe7dcb537601aa5520
              • Instruction Fuzzy Hash: 74C15E31B1DB8D0FD76CAB6898655B977E1EF5A210B0541BFD48BC31E3DD28A9068381
              Function 00007FFD9B8AE1CD Relevance: 1.7, Instructions: 1651COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 78e124b8b9288d80a6172229af580972c6b5e5d3923f540b7f311b5da3ab15fb
              • Instruction ID: cf6dad43515e7a54e11e59951da732a0c0269829ee2de063564e8c72dd1d27fa
              • Opcode Fuzzy Hash: 78e124b8b9288d80a6172229af580972c6b5e5d3923f540b7f311b5da3ab15fb
              • Instruction Fuzzy Hash: 53B2993070DB894FD369DB68C4A14B5B7E1FF99301B1449BEE48AC72A6DE34E942C781
              Function 00007FFD9B8AB631 Relevance: 1.6, Instructions: 1643COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8f0d18d76701d5fff5d35ce6e77731b3c83d21fb084cc75a2bc8bae8013a37d2
              • Instruction ID: c9e1c0663b2a6146e3d1ca634ebbe3623170cc8ddb53241d110463d288b1eb51
              • Opcode Fuzzy Hash: 8f0d18d76701d5fff5d35ce6e77731b3c83d21fb084cc75a2bc8bae8013a37d2
              • Instruction Fuzzy Hash: F1B2493060E78A4FD31ADB74C8A44A57BF1FF9A300B1545BED08AC72B7DA38A946C751
              Function 00007FFD9B8A8B50 Relevance: .9, Instructions: 932COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a515ba9cf508c042491459a87dd51af213eeea5bc43899343d502f0625647dd
              • Instruction ID: 3f8d5671a0943b670cc25974929d6f26e5a9d57c1a29d5388cd05c55be695441
              • Opcode Fuzzy Hash: 1a515ba9cf508c042491459a87dd51af213eeea5bc43899343d502f0625647dd
              • Instruction Fuzzy Hash: 2352E730B09A0D4FDB68DB68D865A7977E1EF59300F1501BEE44EC72A2DE24ED428B91
              Function 00007FFD9B8AB1A9 Relevance: .5, Instructions: 520COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e6125f3d3bbf11f83b3d8cef83285634276c1a34d0bd0d3e9a1d9c2f54ec693a
              • Instruction ID: 1d5da5122ca096b790586e0a49cd8c557e6f84519c432722edfd65953f169fcb
              • Opcode Fuzzy Hash: e6125f3d3bbf11f83b3d8cef83285634276c1a34d0bd0d3e9a1d9c2f54ec693a
              • Instruction Fuzzy Hash: 29F19D31A0EB8A4FE32DCB6884A11B577D2FF95301B15467ED4CAC72A1DE28E942C791
              Function 00007FFD9B8B42B8 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e53e082955d0e8d2c1d30c4106272f8ec9d1890e5d1a95a2d09cfe293234476d
              • Instruction ID: efdf3d8d1ed702dd9d4f439b5d0b40b6b7a277ed8a1261f6561031fa25113bd5
              • Opcode Fuzzy Hash: e53e082955d0e8d2c1d30c4106272f8ec9d1890e5d1a95a2d09cfe293234476d
              • Instruction Fuzzy Hash: AE210A7270D91D0FE72CDA7C9C2657673D6E786221756833EE187C26A6DD25A80342C0
              Function 00007FFD9B8A8B5D Relevance: 2.6, Strings: 2, Instructions: 134COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: L_^$L_^
              • API String ID: 0-2199681630
              • Opcode ID: 489420d901a5745013ddbb86717a650604a10bbd33d230d2e8485e5ce6475f64
              • Instruction ID: 20646e5dc8de17b6061855a4ed2beeb38d9a122ba10fb42aefe5ee30443fcfcf
              • Opcode Fuzzy Hash: 489420d901a5745013ddbb86717a650604a10bbd33d230d2e8485e5ce6475f64
              • Instruction Fuzzy Hash: 74415AB2A0F54A4FD7298B2988754B937E0FF4431874942BAC49DCB1E3DF24B5078761
              Function 00007FFD9B8A8B58 Relevance: 2.2, Strings: 1, Instructions: 943COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: 3L_H
              • API String ID: 0-4286477518
              • Opcode ID: 370e680a8eb3dcb3428f670a02660a11e9ba36b4740f8932a525177dd6e2fc7f
              • Instruction ID: d4598e1e682628728092f8241725e208a4e2a4d0a3b855df1f4166732a244b82
              • Opcode Fuzzy Hash: 370e680a8eb3dcb3428f670a02660a11e9ba36b4740f8932a525177dd6e2fc7f
              • Instruction Fuzzy Hash: 2B52483071EA594FE7A8DB6CD4A5A7537E1FF99700B0500BDE48AC72B2DE24AD41CB81
              Function 00007FFD9B8A19F9 Relevance: 1.8, Strings: 1, Instructions: 581COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: d
              • API String ID: 0-2564639436
              • Opcode ID: 36b082f65b50dc25ee32b12aa3fae894bbfbdae7688140c100e94cc8d9a204ad
              • Instruction ID: c0dd9f0d7e73a65ecd9f3ce67b27cac22b2993f361443a00f1d8a3df0919ee12
              • Opcode Fuzzy Hash: 36b082f65b50dc25ee32b12aa3fae894bbfbdae7688140c100e94cc8d9a204ad
              • Instruction Fuzzy Hash: F9020331B1EA494FE7A9EB588465A7477E1EF9A300B0601FAD05EC71A3EE24BD42C351
              Function 00007FFD9B8B31B3 Relevance: 1.8, Strings: 1, Instructions: 581COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: <TbV
              • API String ID: 0-634381197
              • Opcode ID: 4d6659279bafc6324edb559c32aed0a9a20cfd6ece6100c360f01d92efb60fc6
              • Instruction ID: f1e9dce546329d2cd419d37c42b256390bfe34fb2cb5a4ece9f38952e0fcae35
              • Opcode Fuzzy Hash: 4d6659279bafc6324edb559c32aed0a9a20cfd6ece6100c360f01d92efb60fc6
              • Instruction Fuzzy Hash: 5F024831B0E99A4FE37DD77C98665A57BD0EF9D310B0502BAD08DC72B2DE1869068BC1
              Function 00007FFD9B8AF3DA Relevance: 1.7, Strings: 1, Instructions: 437COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: -L_H
              • API String ID: 0-1337480290
              • Opcode ID: 750b20b36d4c006af2c751aeca6da3bc88a55435f9a31f77084e7243286abb51
              • Instruction ID: 8b60a895757d9ba16d0006380c670bb084a53af55e15a3a982cc08495310d833
              • Opcode Fuzzy Hash: 750b20b36d4c006af2c751aeca6da3bc88a55435f9a31f77084e7243286abb51
              • Instruction Fuzzy Hash: ECE10871A0EA8D4FEBA4DBAC88656B97BE1FF5D300F0501FAD04CC75A2DE286846C751
              Function 00007FFD9B8A5E93 Relevance: 1.6, Strings: 1, Instructions: 381COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: ;(
              • API String ID: 0-3979793246
              • Opcode ID: 19496b650d5c529a0702bbaeb4a9dee8f8fe332eb6ca2ad32451794c42adc2d0
              • Instruction ID: 31fe90eba258751fe1fb68750c603c4508911eb496e0591f18b8dfff8414dfe1
              • Opcode Fuzzy Hash: 19496b650d5c529a0702bbaeb4a9dee8f8fe332eb6ca2ad32451794c42adc2d0
              • Instruction Fuzzy Hash: A9C12870A09A1E4FDB58EF68C860AE977E1FF59304B1505BDC41ADB1AACE34E942C790
              Function 00007FFD9B8A06F8 Relevance: 1.6, Strings: 1, Instructions: 375COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: d
              • API String ID: 0-2564639436
              • Opcode ID: 5e1571f8ee91a9a979117abb85a31986e1b3a87de32d267c0d2f533e11a9e34d
              • Instruction ID: 5d67de32783ea2cd0180da4730a7e27e95cdce3f56f911477392ff2c67dbc86d
              • Opcode Fuzzy Hash: 5e1571f8ee91a9a979117abb85a31986e1b3a87de32d267c0d2f533e11a9e34d
              • Instruction Fuzzy Hash: B4B11E30B18A094FE379EB58D4A1971B3E1FF59310B1046B9D49FC36AAEE25F8438780
              Function 00007FFD9B8A04C0 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: 4M_E
              • API String ID: 0-500849405
              • Opcode ID: ef9a48cabbeb02203f1a94ffbbff94b7662f2e79d949c4e820ea0c9eb9ecc057
              • Instruction ID: d6bcab18b19de18bd3ee77e1bf10d1335919ba24b310d5b42c7586b1e2344213
              • Opcode Fuzzy Hash: ef9a48cabbeb02203f1a94ffbbff94b7662f2e79d949c4e820ea0c9eb9ecc057
              • Instruction Fuzzy Hash: 01515921B1E64E0FE769ABB868621B57B91DF47720F0502B9C4DEC71A7D81978438391
              Function 00007FFD9B8B0680 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: H
              • API String ID: 0-2852464175
              • Opcode ID: 2935e807d40f258f6239166c8f68aaaacb318e550b86a4bfaea1143127793dd6
              • Instruction ID: 89e44a129fe23c679b68fc4cc34334c8f41e97c2df13b1f98242b082cf2e1ac1
              • Opcode Fuzzy Hash: 2935e807d40f258f6239166c8f68aaaacb318e550b86a4bfaea1143127793dd6
              • Instruction Fuzzy Hash: CD614871A2E79D8FE3749B6484225B477E0EF99710B0501FDC04DC75A3EE296E068BC1
              Function 00007FFD9B8A2DE0 Relevance: 1.4, Strings: 1, Instructions: 198COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: d
              • API String ID: 0-2564639436
              • Opcode ID: dbe6f6c17154b6b95640abfb6b39b8573698a6dec3218bcb09b25d0c2e32d0ca
              • Instruction ID: a8b8e210f97026503cd1bb7b22224696f52c1cb90823e7f8119d383daf9e2723
              • Opcode Fuzzy Hash: dbe6f6c17154b6b95640abfb6b39b8573698a6dec3218bcb09b25d0c2e32d0ca
              • Instruction Fuzzy Hash: 1151C230A19A094BDB6CEF48C4A193573D1FF59304B1901BCD95EC72A7DE24F953C691
              Function 00007FFD9B8B05F4 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: H
              • API String ID: 0-2852464175
              • Opcode ID: 16f6d6922375871e6cbdfa346d7cbe78a6e5736229a45ac96407a002449ceb91
              • Instruction ID: 03748fec5e32e83f88bfd1567435736a702f6a09940a7586e80b56420c22ce49
              • Opcode Fuzzy Hash: 16f6d6922375871e6cbdfa346d7cbe78a6e5736229a45ac96407a002449ceb91
              • Instruction Fuzzy Hash: 18414A7161D74D8FE7749B68842157477D0EF99710F0101BED48AC71A2DE29AA46CBC1
              Function 00007FFD9B8A09E5 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: 4M_E
              • API String ID: 0-500849405
              • Opcode ID: 78516ad3e647c4d2315f8544cff0b1635439074f1f50729323b7fa214bfe13b3
              • Instruction ID: dfcaafeed1650086014ab255b3b7105f5665bec856606af0cd0e4f9a8836b242
              • Opcode Fuzzy Hash: 78516ad3e647c4d2315f8544cff0b1635439074f1f50729323b7fa214bfe13b3
              • Instruction Fuzzy Hash: CF319E52E1FA4D1FE765A7B858665F53BD4DF17620B0A02B9C8DEC71A7E808B80383D1
              Function 00007FFD9B8A8B39 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: L_^
              • API String ID: 0-925995230
              • Opcode ID: ce603c0ac0884d7b844b1c555d267395488a9fa921ba51cc147e69356ff02793
              • Instruction ID: 6fc9e1cd9799797fdaf1a6a874a1e2e522cb36f6f4c707afc8a0fd093d78fad0
              • Opcode Fuzzy Hash: ce603c0ac0884d7b844b1c555d267395488a9fa921ba51cc147e69356ff02793
              • Instruction Fuzzy Hash: 43215731B0E65A4BD3699B6CA8604B977E0EF99315B04017BE449C71A2DE28A547C391
              Function 00007FFD9B8A0DA2 Relevance: 1.3, Strings: 1, Instructions: 18COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID: 1M_H
              • API String ID: 0-1421203058
              • Opcode ID: 0dd85f9d7955ee64959626c928e64101a706253dfc702b02e134a18883587dc4
              • Instruction ID: ec7db5a3067179ade94c5585cfdb3986d599f2a11407b170c2d77734db0e4e67
              • Opcode Fuzzy Hash: 0dd85f9d7955ee64959626c928e64101a706253dfc702b02e134a18883587dc4
              • Instruction Fuzzy Hash: 52E0170065F5C62FD346D7B808F98FA3FA4CF9B10534908ED98E9DB5B2C80D250AD366
              Function 00007FFD9B8AD510 Relevance: .7, Instructions: 728COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 307cc2657b906baabafd53d31e22e0522e69ec8d5bd230d940ce63372089b45d
              • Instruction ID: 585b095c2533d580e8a09dd8911f2d9ccbc093c5bdcf0398de66ac6ec2b4288f
              • Opcode Fuzzy Hash: 307cc2657b906baabafd53d31e22e0522e69ec8d5bd230d940ce63372089b45d
              • Instruction Fuzzy Hash: 5E225922B0EA4E0FE7B8DB6854656B537D1EF9D310B0501BED48EC72E7ED18B9068391
              Function 00007FFD9B8A1610 Relevance: .5, Instructions: 509COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d7fe1546ca142c5ee13e59b355e24537b54b85f3e5009c1f7ff28ea4b3daf2fa
              • Instruction ID: 9c28b7db4fc1896f75c5a7c0b06c39101100d88ef86486167e2ae06f1be64bfd
              • Opcode Fuzzy Hash: d7fe1546ca142c5ee13e59b355e24537b54b85f3e5009c1f7ff28ea4b3daf2fa
              • Instruction Fuzzy Hash: CBE19971B0EA4A4FEB6C9B6884A05B5B3D1EF59310B1502BDD09FC75EADD28F842C390
              Function 00007FFD9B8A3331 Relevance: .4, Instructions: 450COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4a90c3cced6dfc99d4bebe8cacae539340796642962b3280cb635b42bb6a1426
              • Instruction ID: c3a75f8875d2df919538aa84e1140aef4348b8106f5b11bc157228317221bdaa
              • Opcode Fuzzy Hash: 4a90c3cced6dfc99d4bebe8cacae539340796642962b3280cb635b42bb6a1426
              • Instruction Fuzzy Hash: 91C19E21B1EA5A4FE7399B94D8A11B977D1FF99300B19417ED08BC32E6DE2CB9438250
              Function 00007FFD9B8A723D Relevance: .4, Instructions: 401COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db5dc3753182e095e27938b7c9737e65f1cc3b69bbbb9401a4591a47204de27c
              • Instruction ID: 32d15c9bc315ac6a1e31bc655979812448257609f97f276a6548120bd55a08cc
              • Opcode Fuzzy Hash: db5dc3753182e095e27938b7c9737e65f1cc3b69bbbb9401a4591a47204de27c
              • Instruction Fuzzy Hash: BDB14831B0E69E8FDB45EBACD8759EC7BB0EF55310F0900BAD099CB1A3DA246846C751
              Function 00007FFD9B8A8EB0 Relevance: .3, Instructions: 322COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4000a91b6d73b1ab1b9de2fd60388f5aa9aef97691f5af88f541b7b527b4d731
              • Instruction ID: 3dd274b5d9041f2617ab1d01780339cc9afa320cd76fec30d3eba7f4595983be
              • Opcode Fuzzy Hash: 4000a91b6d73b1ab1b9de2fd60388f5aa9aef97691f5af88f541b7b527b4d731
              • Instruction Fuzzy Hash: 48A13230B1DB494FE729DB28C8A55B1B7E1EF59300B1148BDD09BC36A7DA29BC438790
              Function 00007FFD9B8ACA2A Relevance: .3, Instructions: 312COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1f7d0a7ad59257d0915287a4557f49f1ae14c3f75116ef3542e9ac765a782694
              • Instruction ID: 58888e3a964c12adf8d1a609615d3f48aa4d11ea9e1e3ba11496cc03306f1026
              • Opcode Fuzzy Hash: 1f7d0a7ad59257d0915287a4557f49f1ae14c3f75116ef3542e9ac765a782694
              • Instruction Fuzzy Hash: 91911871B0990D4FDBB8DB6C9869A7977D5EF5C301B0500BEE04EC32A2DE24ED428B91
              Function 00007FFD9B8A8E3D Relevance: .3, Instructions: 305COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d83b82bc2ed0c622d53189e0dfe33ba31feb1307c03a1e83a3151da1b7c183b
              • Instruction ID: 6ddb2ddd51299996b173a18e7e62afc1604fb77709b7b560a0c952f63c38443b
              • Opcode Fuzzy Hash: 6d83b82bc2ed0c622d53189e0dfe33ba31feb1307c03a1e83a3151da1b7c183b
              • Instruction Fuzzy Hash: 46913531B1EB494FE729CB6888655B0BBE0FF5930071545BEC09BC75A3DE29B80383A0
              Function 00007FFD9B8B2455 Relevance: .3, Instructions: 251COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7f0d863f816f6b0c20adbc14f78f6cee6b0faac616a9d35dbb1415b68aa3aa07
              • Instruction ID: 246888d3ebeff9c24577c1f8ed0a4759da90914118739fae19b570617598b8f0
              • Opcode Fuzzy Hash: 7f0d863f816f6b0c20adbc14f78f6cee6b0faac616a9d35dbb1415b68aa3aa07
              • Instruction Fuzzy Hash: C0712931A0D98D4FDB58EFACE465AF97BE1EF59300B0501AED04DC31A6DE24AD02CB81
              Function 00007FFD9B8A8780 Relevance: .2, Instructions: 247COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 978967bab32ec5441d169b57ea0b3b19557c54ebeb8bcf38bb88c9fc9889c6f8
              • Instruction ID: 58301bc2fc12a428672eaeb5cbc9c95e28c3bdfa13044eb3938df3cc743442d9
              • Opcode Fuzzy Hash: 978967bab32ec5441d169b57ea0b3b19557c54ebeb8bcf38bb88c9fc9889c6f8
              • Instruction Fuzzy Hash: 9671F231B0DA4D4FDB58EB6CD8659F97BE0EF59300F0541BAE49AC71A2DE24A842C781
              Function 00007FFD9B8B3698 Relevance: .2, Instructions: 247COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9d1fbb569af941598d0a1dd997a87ac8146b5ab1c500ab8a434c9b2905035693
              • Instruction ID: 1b55c42ec4fa1562f3ec38d69f1f74638faf311bf10e5fc2ac8621b495a97868
              • Opcode Fuzzy Hash: 9d1fbb569af941598d0a1dd997a87ac8146b5ab1c500ab8a434c9b2905035693
              • Instruction Fuzzy Hash: A371D962B1DF8A4BE75DA7785871AA5B7E1EFA4310F0442FBD05AC31EBFC28A4058741
              Function 00007FFD9B8A3DDD Relevance: .2, Instructions: 246COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1283097bd9ab77dd66fcaacb1f84f3382d227ba41574ba49cef4996b08addd45
              • Instruction ID: 5f72da05ae252fde38929d9ac797cee3e75b195ffcbc4751e04f2e168f490f2d
              • Opcode Fuzzy Hash: 1283097bd9ab77dd66fcaacb1f84f3382d227ba41574ba49cef4996b08addd45
              • Instruction Fuzzy Hash: BB613721B0E92E4FE768EFACE4645B97BD0EF4D310B0101BAE44DC71B6CD18A94287D1
              Function 00007FFD9B8A04B8 Relevance: .2, Instructions: 246COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15116581a90b54edf81b782faab0382bf50a20fe880765ee82643c53ef8dc3eb
              • Instruction ID: 1b0785f4efc0c63616a7067766ad6fbb7b4f5685d488e7446f07f0359408da63
              • Opcode Fuzzy Hash: 15116581a90b54edf81b782faab0382bf50a20fe880765ee82643c53ef8dc3eb
              • Instruction Fuzzy Hash: 5F71D530B19A0D4FF768A7B898257B9B6D2EFCD714F15407EE00EC32E7DD28A9428251
              Function 00007FFD9B8A6E80 Relevance: .2, Instructions: 245COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ed0ba09776f5f6efa6e32555d4c0b57d1e5d33f00582cf36431436fe82e7b9ed
              • Instruction ID: 9bd8de59744573f45c0d5c19bee0fbbb1bfffc8d11af2546ae9c523e0a4bff81
              • Opcode Fuzzy Hash: ed0ba09776f5f6efa6e32555d4c0b57d1e5d33f00582cf36431436fe82e7b9ed
              • Instruction Fuzzy Hash: 89712570B1DA098FEB28DB18C4655B1B7E1EF59300B5145BDD49FC36A6DE29FC038690
              Function 00007FFD9B8A69B0 Relevance: .2, Instructions: 242COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 897f566f71cdab94bb46ba44fc87f16d6414b058fa1e11b16651ddf37eb5c236
              • Instruction ID: f13bd2be2ff13c5e3150e62ab42f602d69836c681ee02ddbc7382c848076eb5c
              • Opcode Fuzzy Hash: 897f566f71cdab94bb46ba44fc87f16d6414b058fa1e11b16651ddf37eb5c236
              • Instruction Fuzzy Hash: FF811770B1964E8FDB59DF98C4A05B9B7E2FF88300B1581B9D01DC729ADA34F982C790
              Function 00007FFD9B8B2470 Relevance: .2, Instructions: 240COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0f56c5ac1852b0e3a44ee8d5ff974abce5837bb58024442ecc2fffb11e0b0076
              • Instruction ID: 79db54a3700a25a2656db55530cb68e8b24ae35df87a5d814068184e0a013a65
              • Opcode Fuzzy Hash: 0f56c5ac1852b0e3a44ee8d5ff974abce5837bb58024442ecc2fffb11e0b0076
              • Instruction Fuzzy Hash: 6B61E631A0994D4FDB98EB9CE465AF97BE1EF59310B0401AEE44DC31A6DE24A842CB81
              Function 00007FFD9B8B44E7 Relevance: .2, Instructions: 223COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6b1fa7d296d7b06d854ada9e7b10300b09d6a5e9c6363495827de8b2fc7ad187
              • Instruction ID: 4c95a91d30beed69ac52de310acf49218d94e15dc01d9c335f5570b0a9cb33f2
              • Opcode Fuzzy Hash: 6b1fa7d296d7b06d854ada9e7b10300b09d6a5e9c6363495827de8b2fc7ad187
              • Instruction Fuzzy Hash: 2571AE6250E7D54FE3179B7888665A17FB1EF53220B1A41EFC0C5CB1F3E528A90AC762
              Function 00007FFD9B8A1678 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 171839c4d23574b04dc8b6566e52e129646a7dd67758287978e79cad4de60ead
              • Instruction ID: 35ff0a90be3bfd7b6383beee850de988650aac65f95c5cdfdaf3eade4d609e5a
              • Opcode Fuzzy Hash: 171839c4d23574b04dc8b6566e52e129646a7dd67758287978e79cad4de60ead
              • Instruction Fuzzy Hash: 5C61E620B1DA0D4FE768A7B894257B9B7D2EFCD714F1541BAD00EC32E7DD2869028261
              Function 00007FFD9B8AAE8F Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b507bdf8ecb128cdfe1823480752e39b723eb34dc103ff0ca74776c96b56c21a
              • Instruction ID: c0acd8d3b6c7c3c0956f653c314d5d9581f00bc93a0f4f6812421cc7a29bba33
              • Opcode Fuzzy Hash: b507bdf8ecb128cdfe1823480752e39b723eb34dc103ff0ca74776c96b56c21a
              • Instruction Fuzzy Hash: DA614B7160DB894FE369CB5884A1475BBD2FFD9300F08857ED4D9C32B6DA34A942C791
              Function 00007FFD9B8A1698 Relevance: .2, Instructions: 209COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 985fe61c089855d50f7a103d9a71e1a84c1b08e24d0263690a76ad21c0f86344
              • Instruction ID: 3d283d31101bb1aaa5803750cd25221ff23ffd17b8410167df0433df908a250d
              • Opcode Fuzzy Hash: 985fe61c089855d50f7a103d9a71e1a84c1b08e24d0263690a76ad21c0f86344
              • Instruction Fuzzy Hash: C651D620B19A0D4FE768B7B894257BDB6D2EFCD714F15417AE40EC32E7DD28AD028251
              Function 00007FFD9B8AC6DD Relevance: .2, Instructions: 208COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0e0181d91ab668ff6f46a311cf5b2103dd0c01e8efd2a6088d9ebcec0651e73a
              • Instruction ID: 77bc25e0deb6397ad8583e09de267ab45976055f2ad51b9d8d9f876249f2b315
              • Opcode Fuzzy Hash: 0e0181d91ab668ff6f46a311cf5b2103dd0c01e8efd2a6088d9ebcec0651e73a
              • Instruction Fuzzy Hash: 4D514A3060E7894FD36D976D88654767BD1FF8A610B0507BEE0CBC32D2DD29A9038791
              Function 00007FFD9B8B2F75 Relevance: .2, Instructions: 186COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b30581d81a480ba6595dab9da96885a23a745ad66bef49631e5ba01866b594f8
              • Instruction ID: cc19f753f27ded7e4a50687d0ed5dd13bf9c1df4af5ae9d383c3bc80af0d0b83
              • Opcode Fuzzy Hash: b30581d81a480ba6595dab9da96885a23a745ad66bef49631e5ba01866b594f8
              • Instruction Fuzzy Hash: 6251283190AA5D8FDB55EF68D465AE97FF0FF1E300B0901EED049D72B2CA25A841CB81
              Function 00007FFD9B8A6056 Relevance: .2, Instructions: 177COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35b59ae5854a0bacb9ee2ad1070b756e680738cee7158e93d63edf244b045736
              • Instruction ID: 98508327b8e1a4e3832577d30ee682135abb1d897ff002be91a0040c83a0dbbc
              • Opcode Fuzzy Hash: 35b59ae5854a0bacb9ee2ad1070b756e680738cee7158e93d63edf244b045736
              • Instruction Fuzzy Hash: 1E512775A1991E8FEF98EF58C460EE977E1FF58304B1102B8C419DB1AACA35F542CB80
              Function 00007FFD9B8A29ED Relevance: .2, Instructions: 158COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4440546ebe082eace8325c3cb5d52ca1bc78255fa878e68e860c4b90873ac2e9
              • Instruction ID: d7e73e60bd88bd84da05a9a0f1f40087a8e6da6f0613d4f5230b3eb62cb54260
              • Opcode Fuzzy Hash: 4440546ebe082eace8325c3cb5d52ca1bc78255fa878e68e860c4b90873ac2e9
              • Instruction Fuzzy Hash: 53410A21B0AA4D4FDB68EBBC58656B877D2FF5D351B0501BAD00DC32E6DD28A8018751
              Function 00007FFD9B8A7334 Relevance: .2, Instructions: 153COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 297ed8fd87b01090d2aa4a0642175cfe4523b9b3071712f058c6a2156f2c9eb2
              • Instruction ID: 207f85cae397407e5a3af1293b16b6e6f22c472164e770fb58bfd4591b4ffaaa
              • Opcode Fuzzy Hash: 297ed8fd87b01090d2aa4a0642175cfe4523b9b3071712f058c6a2156f2c9eb2
              • Instruction Fuzzy Hash: 9131B631A0EA8D4FDF55EB5CC465AAC7BF1FF59300F0500A6E04DDB2A2DA24A940CB51
              Function 00007FFD9B9710C9 Relevance: .2, Instructions: 152COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812302241.00007FFD9B970000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B970000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b970000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8adc421623d73c15db7119a5f1f600595b50d6c33aad21a6ba9946ce7f33e93a
              • Instruction ID: 926b15f3c43781bd3e8ea8c34622139b71250c4b16f171fd2a6a6398b6ea52f8
              • Opcode Fuzzy Hash: 8adc421623d73c15db7119a5f1f600595b50d6c33aad21a6ba9946ce7f33e93a
              • Instruction Fuzzy Hash: 95418B31A1E6DC5FDB56DB68C8A44A97FF0FF56308B0A01EED089CB1A3CA15A905C380
              Function 00007FFD9B8A8680 Relevance: .2, Instructions: 151COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e80c9615e1796951623d28197462f5fb128161043f9a4665bb65943b756a4d7
              • Instruction ID: f7b10f0ab7cd317a7b66193d9ca061d1fa542c034ecf0cb2e8407c2e3b10ee53
              • Opcode Fuzzy Hash: 6e80c9615e1796951623d28197462f5fb128161043f9a4665bb65943b756a4d7
              • Instruction Fuzzy Hash: E0418431A0691D8FDF94EF68D465AEA7BF0FF5D310F0401AED44AE72B1CA25A841CB81
              Function 00007FFD9B8B06B8 Relevance: .2, Instructions: 150COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74d10fbcaf42a7ebc1603e99b5bd0d86550197040939fe9696bc1088f135b289
              • Instruction ID: 29ff068c7e183244f480326f85eae18f94ea5b53e6b7c5459f3e4fc3c53df834
              • Opcode Fuzzy Hash: 74d10fbcaf42a7ebc1603e99b5bd0d86550197040939fe9696bc1088f135b289
              • Instruction Fuzzy Hash: 5F41053172DA5D8FE778DB28C46167473D0FF99710F1101BAD48EC31A2DE25A9468BC1
              Function 00007FFD9B8A31C9 Relevance: .2, Instructions: 150COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 00b86d2b1295de52b9a082ab2cc085e0a844e575ddcac728146f31f400374d51
              • Instruction ID: 09a601212de2d67f7f8c5c955659a9dd70aa82e40788ec019546b0d516fd73fc
              • Opcode Fuzzy Hash: 00b86d2b1295de52b9a082ab2cc085e0a844e575ddcac728146f31f400374d51
              • Instruction Fuzzy Hash: 20411822B0EA8E0FE76997A898753B83BD1EF59251F0901BBE04DC71E3DD1C59858352
              Function 00007FFD9B8AF209 Relevance: .1, Instructions: 146COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 94e6e9d67416f86a19af6578673f3f8442a28c204cce627afd9a83a43566abb5
              • Instruction ID: aeed3ce4416ac066b6ce2a9af7d63196896f053b45b8987a261edcb6c6ec98d9
              • Opcode Fuzzy Hash: 94e6e9d67416f86a19af6578673f3f8442a28c204cce627afd9a83a43566abb5
              • Instruction Fuzzy Hash: 3C410751B0EACA1FE35996AC18767B57BD2EFA9640F0501BFA08DC76E7EC092C068351
              Function 00007FFD9B8A8788 Relevance: .1, Instructions: 142COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 968ef42d99b827f6d1044a1a3fd878da2b7220e216fa8290f50a5b8e391d5bd2
              • Instruction ID: bcd3c96b17678cbec0781ccc360d080873f9ed944100890dcec6147c10ed220e
              • Opcode Fuzzy Hash: 968ef42d99b827f6d1044a1a3fd878da2b7220e216fa8290f50a5b8e391d5bd2
              • Instruction Fuzzy Hash: 39412A51B1DA8A1BF76896AC1C7A7B577D2DFDD640F0401BEA48DC36E7EC092C064291
              Function 00007FFD9B8B062D Relevance: .1, Instructions: 139COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 64e2ec4a9e19ed4e5dda6d699c1bfc98c8375c4c408eae3f675556b322803325
              • Instruction ID: 13ba5b6afc14d65688a3c28580420e283b56eebc63af3e5a67e3649f67490f6c
              • Opcode Fuzzy Hash: 64e2ec4a9e19ed4e5dda6d699c1bfc98c8375c4c408eae3f675556b322803325
              • Instruction Fuzzy Hash: 6741103172DA4D8FE768DB28C46167473E0FF99710F1101BAD48EC32A2DE25AA468BC1
              Function 00007FFD9B8B0FD2 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6a82fab7cdc140afa0c270c65f2dfd73b1d17df5df02588ab131500be0e13ef
              • Instruction ID: 66931cdc1bf77f06cbc3f854c21342d6d53fa9c3f1a5dc1a57fac16476644be0
              • Opcode Fuzzy Hash: b6a82fab7cdc140afa0c270c65f2dfd73b1d17df5df02588ab131500be0e13ef
              • Instruction Fuzzy Hash: F6416D31A0EA5D4FE778E76898665B537E0EF59310F0501BFD48DC71B2DD24AC4A8B81
              Function 00007FFD9B8A3E40 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6d93498f566dcc891d7a6fd067aaa7cd3c54d9afcf14943e1d7096831231664b
              • Instruction ID: a3e352e10900cfdb133aa81fbc47f6f0697b7c0aee2d6af28dfa0056f6d6235e
              • Opcode Fuzzy Hash: 6d93498f566dcc891d7a6fd067aaa7cd3c54d9afcf14943e1d7096831231664b
              • Instruction Fuzzy Hash: B741577060EA994FE71A9B3888245757BE0FF9A301B0906FED0CACB2F7DA19D645C351
              Function 00007FFD9B8B06CD Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5224f28cafe907b587a55d7231401d576d08810cd12dbff83f7fd71c58371f21
              • Instruction ID: e217a4ff894bd5837f31724ba36f9b4aa595ab878e28aeae2314be03658aec2f
              • Opcode Fuzzy Hash: 5224f28cafe907b587a55d7231401d576d08810cd12dbff83f7fd71c58371f21
              • Instruction Fuzzy Hash: 7B41053172DA5D8FE7789B28C45167473E0FF99710F1501BDD48AC31A2DE25AA468BC1
              Function 00007FFD9B8A8678 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b5afa1cdf169dc6ce558cc1e87e526e1ad4812722ef89b4b95df4c092b5e64b
              • Instruction ID: ddc20381ef26b0250c6316376f7452803015379eea34dff57a8ea056eb49c2af
              • Opcode Fuzzy Hash: 1b5afa1cdf169dc6ce558cc1e87e526e1ad4812722ef89b4b95df4c092b5e64b
              • Instruction Fuzzy Hash: 3041A33090AA5E9FDB58FF68C8696BA7BF0FF1A301B0105B9D45AD71B1DB359900CB80
              Function 00007FFD9B8A2A10 Relevance: .1, Instructions: 119COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4e50396a8273bd09ae1f490fbbcee0fcc012e8debdc84e129a5b287804f7b6b5
              • Instruction ID: 1b1da3b17c144a42e8ef83cfb2ec15481bccc694df4c67a2705c04f6d92f3a8d
              • Opcode Fuzzy Hash: 4e50396a8273bd09ae1f490fbbcee0fcc012e8debdc84e129a5b287804f7b6b5
              • Instruction Fuzzy Hash: 6E31F731B09A4D4FEB68EBA858656B9B7E2FF5D251B04017ED00ED3296DD2864018751
              Function 00007FFD9B8B493A Relevance: .1, Instructions: 118COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ecffd9bffb8cdcf1a97b9d16ec51038028bae3c55b39e5c2a3b524627edea26
              • Instruction ID: 4dd364ab0e2501bc3142ae509bcf471cd8c2a5526c57310c597ac2d240c74074
              • Opcode Fuzzy Hash: 5ecffd9bffb8cdcf1a97b9d16ec51038028bae3c55b39e5c2a3b524627edea26
              • Instruction Fuzzy Hash: 864178A254E3D14FD3078B7088726A13FB0AF17215B1F45EBC0C68B0F3E618691AD762
              Function 00007FFD9B8B3F2F Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5978ff123c2ed228d9b53f9c8560bff1c56a677e5c73697766da45042cc284fc
              • Instruction ID: ed9ed9f71efe013a1701391db50abb2ca4cd2ba01805db5784a577b527dd2cd1
              • Opcode Fuzzy Hash: 5978ff123c2ed228d9b53f9c8560bff1c56a677e5c73697766da45042cc284fc
              • Instruction Fuzzy Hash: 5231D331A4E7C64FC31B977888254A07FB1EF87320B1A45EBD095CB1F7D9286946C752
              Function 00007FFD9B8A0F31 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5c8eb5ced3ee92b8826ce9ca261b2fe93b098184b4fb55dec8d61d9e9009e870
              • Instruction ID: 2eb381dc9e5de611660a07a0f21999192ae20721a9a791282a1850236fc992f6
              • Opcode Fuzzy Hash: 5c8eb5ced3ee92b8826ce9ca261b2fe93b098184b4fb55dec8d61d9e9009e870
              • Instruction Fuzzy Hash: 6431D731B19A985FDB55EB78D8699EEBBB1FF49700B0400EAE04DD72D6DE249802C741
              Function 00007FFD9B8A3055 Relevance: .1, Instructions: 104COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fff4539a37cc890ba1e962af370fd0499d66be23521a5f7dd195c0794b918599
              • Instruction ID: b0bb993ea8ea4da44a0b5759a8623482cf669ca6f78b6f17d390c7b1165be6df
              • Opcode Fuzzy Hash: fff4539a37cc890ba1e962af370fd0499d66be23521a5f7dd195c0794b918599
              • Instruction Fuzzy Hash: 5B31E531A0FBDD5FD75697B81C661A97FA0EF4A241B0501FFE08AD71E3D91819058391
              Function 00007FFD9B8A0C29 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 30a23ad31d5733dd4cab8646652abbf40f334dbe7bd5778350706e234dc55016
              • Instruction ID: 793abb2d96f5c4af619f0fbdaee64768bfe24791098eec98862f4522ca31806b
              • Opcode Fuzzy Hash: 30a23ad31d5733dd4cab8646652abbf40f334dbe7bd5778350706e234dc55016
              • Instruction Fuzzy Hash: 7921A721F2EE8E0FE765D7AC98612B977E2EF89600F1602B7E04DC32E2DD285D414391
              Function 00007FFD9B8AAEEF Relevance: .1, Instructions: 102COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2fb72ad673a3923b31f2f287fafec5cdca7d93db06d9994c3119eb5988b84bc9
              • Instruction ID: c3b458d0b2539483b6a6b2493aa11aee8a93a8bd1759fa51eea77c038fbdef48
              • Opcode Fuzzy Hash: 2fb72ad673a3923b31f2f287fafec5cdca7d93db06d9994c3119eb5988b84bc9
              • Instruction Fuzzy Hash: B631E87060DB854BE318CB188491465BBE2FBCA301F148A7EE4DAC33A6DA34E542C791
              Function 00007FFD9B8B0FFC Relevance: .1, Instructions: 99COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 75ccd6d75d375fddbb7c97182a97147d87811e438180270f07aac1e5b34f604c
              • Instruction ID: a67fc3af5e0a2072bd4bc54bf814bbec7f3064b97f3459aa406a1ee7de1d60f5
              • Opcode Fuzzy Hash: 75ccd6d75d375fddbb7c97182a97147d87811e438180270f07aac1e5b34f604c
              • Instruction Fuzzy Hash: 89212831B1DA1D4FEB68E75C94666B577E1EF58310F0101BAD04EC72A1DD24AD464B81
              Function 00007FFD9B8A04D8 Relevance: .1, Instructions: 96COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cd22046c436d4c7beac146fa3a7798ed808e5f235775d91e04450d91a4c17ded
              • Instruction ID: 0bfed080e16095640ecae5a63617ef9868d79bdf52fb2dae7f4cea4d3b71c19e
              • Opcode Fuzzy Hash: cd22046c436d4c7beac146fa3a7798ed808e5f235775d91e04450d91a4c17ded
              • Instruction Fuzzy Hash: 1931C331F199585FDB54EB68C869AEDBBB2FF48700F0400ADE04ED3295DE34A802C751
              Function 00007FFD9B8A6C79 Relevance: .1, Instructions: 95COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 256666a219a051c2d75312f8f103797d2003dd09aad6caa249a6c98a914b0e49
              • Instruction ID: 929bbffe984db6f5da2c8c1b9e3bcea9771d42a4ec38540db117eb18672e7493
              • Opcode Fuzzy Hash: 256666a219a051c2d75312f8f103797d2003dd09aad6caa249a6c98a914b0e49
              • Instruction Fuzzy Hash: 8021683160E69A4FE756973498251F53BD1EF89315B0A01BAE48CCB1E2CA1DD782C3A2
              Function 00007FFD9B8A0DD5 Relevance: .1, Instructions: 94COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 39597206929f2264717ea9a9bb30768e62778ed67cbfed97eb08f79033dc97f8
              • Instruction ID: acb29fd44d173f009165b1574a40da4e7b40673e170c0045e8d68284442d200c
              • Opcode Fuzzy Hash: 39597206929f2264717ea9a9bb30768e62778ed67cbfed97eb08f79033dc97f8
              • Instruction Fuzzy Hash: EE21F422B1EE8D0FE7A4E77C54357686BD2EF5E651B0602FAE05DC72A3DC18AC018391
              Function 00007FFD9B8B102D Relevance: .1, Instructions: 92COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 12e2dd2bba2dbcb8e9f56a36b14272d4c167421a58f048911c691c28b95d3312
              • Instruction ID: 0ec82de9158d5e7e8717539580012fcde041e816933b28f1e22ebb65b75f256c
              • Opcode Fuzzy Hash: 12e2dd2bba2dbcb8e9f56a36b14272d4c167421a58f048911c691c28b95d3312
              • Instruction Fuzzy Hash: 4B212932A0DE494FE759E76CA4669FA77E1EF55300F0100BED49EC71A2ED34A8478B81
              Function 00007FFD9B8B100E Relevance: .1, Instructions: 90COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 825815819e2798a0d3db24b8dfb15fbcca974de1cfb56356917d0012949962e4
              • Instruction ID: 883408b83c96bb817480d6c95ea16e0903a5364066634c378cf46a119c4d48ed
              • Opcode Fuzzy Hash: 825815819e2798a0d3db24b8dfb15fbcca974de1cfb56356917d0012949962e4
              • Instruction Fuzzy Hash: 71214B31B1EA6E4FEB68E36C682627437D1EF49211F0202BAC44DCB1F1DD24A8460B81
              Function 00007FFD9B8B0FE2 Relevance: .1, Instructions: 83COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa792def788b741bfd55fafccfe1a4965f73f29f0b4e46902823918e38c9e5bc
              • Instruction ID: c3e6291d7bccbed5803f374fee02e233db6ca28be477e16f62ff52d9a1b2202f
              • Opcode Fuzzy Hash: fa792def788b741bfd55fafccfe1a4965f73f29f0b4e46902823918e38c9e5bc
              • Instruction Fuzzy Hash: C821F632A0DE594FDB58EB6C94626E577E1FF58300F1141BED09EC71A1EE34E8468B41
              Function 00007FFD9B8ABFF8 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5e96dc06e53c6cfd1f3d70a8f93a51b28c14e16daf962fd2952eefe17e9508f
              • Instruction ID: b3f5e37faa31ff6197f57b428c5e97bd467a9830aed0e6b3f2f0a893d8ebe480
              • Opcode Fuzzy Hash: a5e96dc06e53c6cfd1f3d70a8f93a51b28c14e16daf962fd2952eefe17e9508f
              • Instruction Fuzzy Hash: 6F212C30619B494FE355DB38C4A40B177E1FB983097144ABEE49DC32B6DE35E982C750
              Function 00007FFD9B8B2EC9 Relevance: .1, Instructions: 81COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: db2eec5920ea5d54eccbbe1efe57421476932c38b5c56ec7ba9de4ee2867e2f6
              • Instruction ID: 71162af9b2fba349f0670c6a577a2c33916323b36eff4c5e76ba6f989ac7ef8e
              • Opcode Fuzzy Hash: db2eec5920ea5d54eccbbe1efe57421476932c38b5c56ec7ba9de4ee2867e2f6
              • Instruction Fuzzy Hash: DF21F221A0DA5D4FE351EBB8D4242B57BD0EF5C305F0505BAD48CD72F2DE18AA828781
              Function 00007FFD9B8A404D Relevance: .1, Instructions: 79COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: faa5ab09123fc1b86902e5e61cc5a18556fea7f46a0e236519949df62c455f19
              • Instruction ID: c3490df42b0d6be9154df358e25eb7fc7e2474c02cc2a9f77ead6f87afc2b485
              • Opcode Fuzzy Hash: faa5ab09123fc1b86902e5e61cc5a18556fea7f46a0e236519949df62c455f19
              • Instruction Fuzzy Hash: C9117D21B0EA4E0FDBA9977894B46B6B7D1EF5921071906BFD04EC71E2DE28A903C350
              Function 00007FFD9B8A0620 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86ab8042c382f7a3b7fe951f6651a532280752d7bf6d9232b1f3ef16f5474045
              • Instruction ID: 889e0331f6f4bf8f611f874b4790c0b407cdd3eb159e6c37a23ce187a672f41f
              • Opcode Fuzzy Hash: 86ab8042c382f7a3b7fe951f6651a532280752d7bf6d9232b1f3ef16f5474045
              • Instruction Fuzzy Hash: D711D511A0F6CA0FE32663B844716A67BE1DF9B240B4D45F9D0C9871A3DC0C6906C351
              Function 00007FFD9B8A2BA2 Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff914fb419ef0ab57ce1105c20477bdaa2fdf3875928e3aa8128390cb6939448
              • Instruction ID: 316e56551ac424b92226f13d5a34ccd3842162ff953969b79df143d6708e4359
              • Opcode Fuzzy Hash: ff914fb419ef0ab57ce1105c20477bdaa2fdf3875928e3aa8128390cb6939448
              • Instruction Fuzzy Hash: BA21272180E7CA1FD7529BB85C695EA7FF0EF4B110B0400EBE4A8CB0A3E9691546C352
              Function 00007FFD9B8A0939 Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 208b1fba957202c13933088b2f7e056409d422776c59dad037157002f91fa289
              • Instruction ID: 869ca29c48f665accd77b631a37e709829961d90f4ed4e4e839ad8764dc469d1
              • Opcode Fuzzy Hash: 208b1fba957202c13933088b2f7e056409d422776c59dad037157002f91fa289
              • Instruction Fuzzy Hash: D011842155F2C94FE71697E848716EABFA4EF4B214F0901FAE1DDC70E3DA0C650683A2
              Function 00007FFD9B8B1005 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 47ccaa8e3bdea17e437797241c82d9964646ef9285468656a6096e1f7c5f517f
              • Instruction ID: 07a64bf5911d04b1c9ad8e283a85bd5279229413180da03217ca6b727acfa24a
              • Opcode Fuzzy Hash: 47ccaa8e3bdea17e437797241c82d9964646ef9285468656a6096e1f7c5f517f
              • Instruction Fuzzy Hash: F0114C3261DE594FE768E76CA0665B977E1EF89210B0000BFD08EC71B1ED25E8474B41
              Function 00007FFD9B8A103A Relevance: .1, Instructions: 65COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4ee23d11e63293ea50835c0008348a98c505d7beb5f85b8f150c816f35970fb0
              • Instruction ID: bfaef5d11eb17bfcd862533446e0d24597ebea9ba70ee32b45bb5ee56ed88ad2
              • Opcode Fuzzy Hash: 4ee23d11e63293ea50835c0008348a98c505d7beb5f85b8f150c816f35970fb0
              • Instruction Fuzzy Hash: 35113C31B0990D4FDF95EB9894A2AECB7A2EF5D310F41113AD00EE3296CE25A942C790
              Function 00007FFD9B8AF588 Relevance: .1, Instructions: 63COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8042a08128155d09de6e5c1c4a2c0ea340be8d23d94bb481355ee3a08ba1239
              • Instruction ID: 780bf646148552eede2a1119bc84ff7442a1a97d466a9caebed9a608ca3d0d96
              • Opcode Fuzzy Hash: d8042a08128155d09de6e5c1c4a2c0ea340be8d23d94bb481355ee3a08ba1239
              • Instruction Fuzzy Hash: 8B11CA31A0D98C5FDB65EFBCC865AE97FF1EF59300F0401A5D059D71B1D9249882C740
              Function 00007FFD9B8A8B30 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a815ca86214c3d640550bf05ef2acefa2698df2f7db6a4ec988cd3b908f9a03
              • Instruction ID: 7306cbfc57310919704b991c7eace210e274e03d2d91f39de80189444de2cfbb
              • Opcode Fuzzy Hash: 7a815ca86214c3d640550bf05ef2acefa2698df2f7db6a4ec988cd3b908f9a03
              • Instruction Fuzzy Hash: 9011A330A09A0A8BD768EB28D4A497A73E1EF98315B55053EE44EC32A1CE38E541C751
              Function 00007FFD9B8A4665 Relevance: .1, Instructions: 58COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ebc412f7d43db8ce85807d8d64c6b056e7a8a487f4197b950aba3006cb45f972
              • Instruction ID: 09309e109b1f90c788628ccf559d7e3cdf030501425ebc66f8acbe83d9c8544d
              • Opcode Fuzzy Hash: ebc412f7d43db8ce85807d8d64c6b056e7a8a487f4197b950aba3006cb45f972
              • Instruction Fuzzy Hash: 4E11593150DBC84FDB92DB2884645657FF1EFAE320B1D02ABE488C72A3DA24A945C352
              Function 00007FFD9B8ADEFC Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1b85997a529a808c983d1a02fd3348102add9e032f51f20677fb680fa36cb5cc
              • Instruction ID: a4ea1bc7d41f7206013b5ec05ad2c3b5559b50caa9e52d3183a216eb4ac6c66d
              • Opcode Fuzzy Hash: 1b85997a529a808c983d1a02fd3348102add9e032f51f20677fb680fa36cb5cc
              • Instruction Fuzzy Hash: B7F02853B0EA9A0AE3B582DC387617527C1DF9866070941F7D448C22F6EC4A5CC30381
              Function 00007FFD9B8B49D1 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 56d838d517be32ead60e564654629d630c5bff3caf5012d7b3f88e4f09cac95a
              • Instruction ID: ede7ab1a59c980dd981d2383641a7166b55e1e8fe7b5c972fefc2d3f18fa5ba1
              • Opcode Fuzzy Hash: 56d838d517be32ead60e564654629d630c5bff3caf5012d7b3f88e4f09cac95a
              • Instruction Fuzzy Hash: CC112A746187158FD31CDF08C4A6966B7E1FB98701B244A6DE48B476A6CA34F982CB82
              Function 00007FFD9B8AC891 Relevance: .1, Instructions: 52COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b511df16db12b9e43c5b2787ff03203af9a811ae5c0ef6b5effca1658a0e024
              • Instruction ID: 2c1cce15742a1dbc33586435505d609c32935a4fc4da614c22f56b9f146057d1
              • Opcode Fuzzy Hash: 3b511df16db12b9e43c5b2787ff03203af9a811ae5c0ef6b5effca1658a0e024
              • Instruction Fuzzy Hash: 95F04C3160EE8D0FC766DB3C8864461B7F0FFA821030A02EBC08AC76A6EE14E847C340
              Function 00007FFD9B8B23C8 Relevance: .0, Instructions: 50COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 496f5690da4f13092b0d2c0583ae41e3e8d4cd429cade979c6eb05b9eff739ab
              • Instruction ID: 2ce4ba12415775459b35421552ca44d5646799dad3848ff0a0cbde9a7a49a460
              • Opcode Fuzzy Hash: 496f5690da4f13092b0d2c0583ae41e3e8d4cd429cade979c6eb05b9eff739ab
              • Instruction Fuzzy Hash: 2C01DF21B1E91A4FE6A8DFADE46463577D0EF9C221B05013AE409C75B0DD14E8428BA1
              Function 00007FFD9B8A8BD8 Relevance: .0, Instructions: 49COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 78d73e664bf212809e37262f3dd3a46783e732ac304cc4f451ea1c92dfdcdc11
              • Instruction ID: c114de14404166adf5d3e19e5d7158e4642029f07d956530e80d47fd739c7d8d
              • Opcode Fuzzy Hash: 78d73e664bf212809e37262f3dd3a46783e732ac304cc4f451ea1c92dfdcdc11
              • Instruction Fuzzy Hash: 5BF0B453F0ED5E06E3B4429C38651B612C2DB9C760B1541F7E80CC22E9EC465D8302D1
              Function 00007FFD9B8A3DA8 Relevance: .0, Instructions: 47COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5fd0c664e043138ec5c9307ac8c2ec582c26521144f107934cd1e13343477b5d
              • Instruction ID: f312f45bd2946354d813f9037dd4cf3e59a8dd8c541f99443f877f2485457624
              • Opcode Fuzzy Hash: 5fd0c664e043138ec5c9307ac8c2ec582c26521144f107934cd1e13343477b5d
              • Instruction Fuzzy Hash: 48F06D21B1A91E4AE6B8DBADE464A3A77D0EF9C321B05017AE40AC35B4CD24A8418B91
              Function 00007FFD9B8AA458 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9b0a5a3ae2331afc82cc39159acd1c8df2f163f19ee7de0a6e69ee5414c57546
              • Instruction ID: 02c20706b734e887c0b1aecb61a88b8fc64ff9e3a1fb04bf95a63ce4f3c72556
              • Opcode Fuzzy Hash: 9b0a5a3ae2331afc82cc39159acd1c8df2f163f19ee7de0a6e69ee5414c57546
              • Instruction Fuzzy Hash: 7AF0B82040F3DA0FE3139BB448B82917FF09F07110B5908EEE0D09B1A3E51D159AC352
              Function 00007FFD9B8B3E20 Relevance: .0, Instructions: 44COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b29af8e0485b8533f4988b4d0e377e6fb2342823e5ea56c4003b6731fcbd2eb
              • Instruction ID: 3de6d673346ebbd234393332bf901a6fc0dfe688496df79dedcd227fc164d758
              • Opcode Fuzzy Hash: 3b29af8e0485b8533f4988b4d0e377e6fb2342823e5ea56c4003b6731fcbd2eb
              • Instruction Fuzzy Hash: 1CF0F632B1D91E0BDB2CD9B8A8A10F573D3D798360F55823BC01BC76E8EC2969024781
              Function 00007FFD9B8A04C8 Relevance: .0, Instructions: 43COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ce0e42f2364e437c4003511414d79b50ad9235babb9e09806d24268d7cf703c7
              • Instruction ID: 8a457f61c3c563e9e1f15dd937d613725f5d3aa2563e1f70e8b7069c1c4f57bd
              • Opcode Fuzzy Hash: ce0e42f2364e437c4003511414d79b50ad9235babb9e09806d24268d7cf703c7
              • Instruction Fuzzy Hash: 8F016251A2F9C91FEB51E77C04756AA7FE5EF1B205B4904F9E09DCB1F3D80864068361
              Function 00007FFD9B8B35B2 Relevance: .0, Instructions: 42COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 419f732c9ad03183594150f619ddb43a0b546b5e6807d09bfda0d03bafdf49b3
              • Instruction ID: e29163146abce9aaa4d8f5a120bf5dac36b0316220b55667b2549c84edd20c87
              • Opcode Fuzzy Hash: 419f732c9ad03183594150f619ddb43a0b546b5e6807d09bfda0d03bafdf49b3
              • Instruction Fuzzy Hash: 41F0593174C40A0BD71CE93C88770797187D38A310722923EC857CB3E6DC18A81349C1
              Function 00007FFD9B8A2999 Relevance: .0, Instructions: 41COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e8f010f2702490d5975cffa12dafeda3e4e51121c9f665204b1b6286fcde6578
              • Instruction ID: 467f084855759d63a487870b1dd30e6814e781570c40f206756740aa12074742
              • Opcode Fuzzy Hash: e8f010f2702490d5975cffa12dafeda3e4e51121c9f665204b1b6286fcde6578
              • Instruction Fuzzy Hash: 83F0B421B0EB484FC799B77C58655547BE1EF5E31078A01F6E008CB2E3ED18DC428351
              Function 00007FFD9B8B434E Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27e09354c1b9404eece35b7bdd7e9c547e05f16e37d1775b9cf9b8795076a910
              • Instruction ID: 15653ae65ead51a01ad3c05f89ae1bd2b1ab0a7fea05c6ec191e4119fba87ad8
              • Opcode Fuzzy Hash: 27e09354c1b9404eece35b7bdd7e9c547e05f16e37d1775b9cf9b8795076a910
              • Instruction Fuzzy Hash: 81F09A32B0990A4BDB1CAA28857167C33A7E7C9355725833DD057C63EADD38EA068A84
              Function 00007FFD9B8A2CD8 Relevance: .0, Instructions: 38COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8dd795b69faade3306c76e9db15792100c2663d029e528acb57738afff545003
              • Instruction ID: bcfea864d0b633829852a252945c4759daff252528f8fe59ec910e1df5809c1a
              • Opcode Fuzzy Hash: 8dd795b69faade3306c76e9db15792100c2663d029e528acb57738afff545003
              • Instruction Fuzzy Hash: B3F0A735718D0D5FC7B8EB2CD854966B3E1FBA831031546BAD45EC3668DE20FC428780
              Function 00007FFD9B8B3B7A Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c10b952f27631e1010cb05093e8e08e1b8f2d0c7aa1a99278121d367786ba5d
              • Instruction ID: 89683620d9a5c8cd79096d4c728450598b5414f16d9a9dbc605d94afe21cb5ba
              • Opcode Fuzzy Hash: 0c10b952f27631e1010cb05093e8e08e1b8f2d0c7aa1a99278121d367786ba5d
              • Instruction Fuzzy Hash: 82F0E57130970D9BC71CAA68C8651787395EB89701B20913EC647C22A6DD25A5164AC9
              Function 00007FFD9B8A29B0 Relevance: .0, Instructions: 31COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fd9bfa20fa78b40194a25e5eb31fc40fc38f0f9fa2bc60593aae33ffaf5c3a4b
              • Instruction ID: ecbdfb42359807be6de1437eb52429252cea55365864282d36a7c7af4b9d1782
              • Opcode Fuzzy Hash: fd9bfa20fa78b40194a25e5eb31fc40fc38f0f9fa2bc60593aae33ffaf5c3a4b
              • Instruction Fuzzy Hash: EFE04F30B15D1C4FCB98B77CA81956872D5EF8E31178505F5F40DC72A6ED28DC418390
              Function 00007FFD9B8A0CFE Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 547c118e43a80aed61dd2a957ac42f1ecf6304075ab955852925949c6111252a
              • Instruction ID: c5fe0e6e1f1f65701cee7d2e14c051611bcf6f402f9926c2098ac7c50da004a3
              • Opcode Fuzzy Hash: 547c118e43a80aed61dd2a957ac42f1ecf6304075ab955852925949c6111252a
              • Instruction Fuzzy Hash: A0E07D3650D98C0BDB80EB58AC214D67BA0FBC9308F01069AF55CC7251D6115515C341
              Function 00007FFD9B8B49B2 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 77c9f31ddc455a69c77a6b61389eb55ff39d0c50b57377b8894453fea3171b76
              • Instruction ID: 19bee0404573b90924e88569068a273de3c4e1d2c2afafd2b2fb16e383811fce
              • Opcode Fuzzy Hash: 77c9f31ddc455a69c77a6b61389eb55ff39d0c50b57377b8894453fea3171b76
              • Instruction Fuzzy Hash: 3EE0E53162D22A8ED37CDB94C0768B97391FF4C301B55443ED08B431B6DE24B6028E41
              Function 00007FFD9B8A0906 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a40339a011705cc30947dc44bc915e0b766e672870ff79364a6bbc22947a670
              • Instruction ID: a3febaf738480ee468b1985d07daf9b2dca1d91ad9a3517312a1eeefcf0cda86
              • Opcode Fuzzy Hash: 8a40339a011705cc30947dc44bc915e0b766e672870ff79364a6bbc22947a670
              • Instruction Fuzzy Hash: 8CE02B3294EE4C4BCB44EB6D6C610C677A4FF5D348F05065AF55CC3192F7269A61C382
              Function 00007FFD9B8B4879 Relevance: .0, Instructions: 22COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c89edd07f4006d591e08445e1dc1bede4261ebe41574d80ae90770de0fc703d8
              • Instruction ID: 396ca33c5d1eb8977958340ac272bf1a90ff2d22879e5569f200ba33f061ffca
              • Opcode Fuzzy Hash: c89edd07f4006d591e08445e1dc1bede4261ebe41574d80ae90770de0fc703d8
              • Instruction Fuzzy Hash: 9DE0863070661A8FD7289668846393673D0AB4CB05B15103C95DBC37A1DE18FA018AC1
              Function 00007FFD9B8A46EF Relevance: .0, Instructions: 21COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf010af8b4258a77295bbc93523ea2aa9a463dabe5ec71be5a02ad79f26db052
              • Instruction ID: fb0319936369df96ffc023d38fd6979d20c807529b2548b4720cc58ca5a1a8a6
              • Opcode Fuzzy Hash: cf010af8b4258a77295bbc93523ea2aa9a463dabe5ec71be5a02ad79f26db052
              • Instruction Fuzzy Hash: B8D01213B9ED1C0B455465CC7C1217CB3C1D7CE536740037BD44DC2258D91A594282C3
              Function 00007FFD9B8B4745 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0b8c99d55fd9d8adaa81b49dca5c8c3e3b149031b529471c84c91258bf2c30dd
              • Instruction ID: 5174af6b398601cb97e1fc4a83f85bfc92295a8efbd19628a93dea2febfe3abc
              • Opcode Fuzzy Hash: 0b8c99d55fd9d8adaa81b49dca5c8c3e3b149031b529471c84c91258bf2c30dd
              • Instruction Fuzzy Hash: 1EE0C230B397088F965CCA6CC47313673F6EBCC700B05552DA4C7833A5DD30B8004A42
              Function 00007FFD9B8B46F6 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 24b66bb9467fa46b99ed43fdbb2cb099478075d081c04deddbcf2df677e7f506
              • Instruction ID: cdbeb74be5ef08662ecaf2ec19b8d3510df0bd044be4a19780f233961a8e15ef
              • Opcode Fuzzy Hash: 24b66bb9467fa46b99ed43fdbb2cb099478075d081c04deddbcf2df677e7f506
              • Instruction Fuzzy Hash: 16E08C22B3A30D8BE76CC6A8C4735A673E8AB8E700B46142CA487422A2D814B5008A41
              Function 00007FFD9B8A4010 Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 940600caab685a1c19ee148786475787fca3d8aba56690c8f67b3eda79f460f2
              • Instruction ID: 678fb1b46e797c3532c5611a403fbd2dd7b09efd9a4218aacc1acb6dce20c322
              • Opcode Fuzzy Hash: 940600caab685a1c19ee148786475787fca3d8aba56690c8f67b3eda79f460f2
              • Instruction Fuzzy Hash: 03D02E2040F6890FC7266BB004B50A63FE0AF0B214F9804E9E4C42A262D02E606A8302
              Function 00007FFD9B8B4695 Relevance: .0, Instructions: 15COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9d25fc4b669f174b29f0bac23e317fff1981fbfe968bc1cbfb9b1fd21a29fa4
              • Instruction ID: 835747156fda9605ce45a4c0e8e6852f228dc83109d245884e03eb1f94911b14
              • Opcode Fuzzy Hash: e9d25fc4b669f174b29f0bac23e317fff1981fbfe968bc1cbfb9b1fd21a29fa4
              • Instruction Fuzzy Hash: B7D0123470BB098BD22C529C942213532D29B8C710324143CA18FC33A2CD69FD924585
              Function 00007FFD9B8B484B Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1a70c6523d800ebd1b239a8e243e9ea2da5f238f81da2c00e11267ae91a3e930
              • Instruction ID: 9112f393136eec5b51685cb3d5d365710a24e70996aabb2ec2da77eb2421b26e
              • Opcode Fuzzy Hash: 1a70c6523d800ebd1b239a8e243e9ea2da5f238f81da2c00e11267ae91a3e930
              • Instruction Fuzzy Hash: 3AD0A7343056068FD3389718C452822B3D0EB48700B21053C98E7C77A1DE24FA02CBC0
              Function 00007FFD9B8B4476 Relevance: .0, Instructions: 14COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000000.00000002.1812083938.00007FFD9B8A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B8A0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_0_2_7ffd9b8a0000_Order Details.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f61501db34169ded7c2a22bbcddd8f3d2b12fef4fa49b6b14a8b97f5a09f4cb8
              • Instruction ID: e2371ec6249b321de9aa2db13f9df1f61b7a110046c07ce737f0f960178a3404
              • Opcode Fuzzy Hash: f61501db34169ded7c2a22bbcddd8f3d2b12fef4fa49b6b14a8b97f5a09f4cb8
              • Instruction Fuzzy Hash: E2D017355296169ED3A89B24C0A26A6B3E0BB58B00F25982DE0C782261EA30A500CF81

              Execution Graph

              Execution Coverage:12.1%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:22%
              Total number of Nodes:41
              Total number of Limit Nodes:4
              execution_graph 24618 13dced8 24619 13dcee4 24618->24619 24626 5bec638 24619->24626 24630 5bec648 24619->24630 24620 13dcfbb 24634 6ac8608 24620->24634 24640 6ac8603 24620->24640 24621 13dd0b7 24627 5bec648 24626->24627 24629 5bec734 24627->24629 24646 5be7d90 24627->24646 24629->24620 24631 5bec66a 24630->24631 24632 5be7d90 2 API calls 24631->24632 24633 5bec734 24631->24633 24632->24633 24633->24620 24635 6ac862a 24634->24635 24636 6ac873c 24635->24636 24638 5be7d90 2 API calls 24635->24638 24639 5be7b70 LdrInitializeThunk 24635->24639 24656 5be8174 24635->24656 24636->24621 24638->24636 24639->24636 24641 6ac862a 24640->24641 24642 6ac873c 24641->24642 24643 5be8174 2 API calls 24641->24643 24644 5be7d90 2 API calls 24641->24644 24645 5be7b70 LdrInitializeThunk 24641->24645 24642->24621 24643->24642 24644->24642 24645->24642 24647 5be7dc1 24646->24647 24648 5be7f21 24647->24648 24649 5be816c LdrInitializeThunk 24647->24649 24652 5be7b70 24647->24652 24648->24629 24649->24648 24653 5be7b82 24652->24653 24655 5be7b87 24652->24655 24653->24647 24654 5be82b1 LdrInitializeThunk 24654->24653 24655->24653 24655->24654 24659 5be802b 24656->24659 24657 5be816c LdrInitializeThunk 24660 5be82c9 24657->24660 24659->24657 24661 5be7b70 LdrInitializeThunk 24659->24661 24660->24636 24661->24659 24662 5be8460 24663 5be8467 24662->24663 24665 5be846d 24662->24665 24664 5be7b70 LdrInitializeThunk 24663->24664 24663->24665 24667 5be87ee 24663->24667 24664->24667 24666 5be7b70 LdrInitializeThunk 24666->24667 24667->24665 24667->24666

              Executed Functions

              Function 013D9540 Relevance: 6.1, Strings: 4, Instructions: 1127COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: (o^q$4'^q$4'^q$4'^q
              • API String ID: 0-183542557
              • Opcode ID: 27261529d159c0006a4807eee759c36369914ace68948f66544e965ef55aab1d
              • Instruction ID: 99539a5395770b8846bb2323d70a2306571d775eb8aaebd554b4bc765d5596dd
              • Opcode Fuzzy Hash: 27261529d159c0006a4807eee759c36369914ace68948f66544e965ef55aab1d
              • Instruction Fuzzy Hash: 4AA28172A00209DFCB15CF68D984AAEBBF6FF88318F158569E505DB2A1D734ED41CB90
              Function 013D6880 Relevance: 5.3, Strings: 4, Instructions: 335COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 480 13d6880-13d68a3 481 13d68ae-13d68ce 480->481 482 13d68a5-13d68ab 480->482 485 13d68d5-13d68dc 481->485 486 13d68d0 481->486 482->481 488 13d68de-13d68e9 485->488 487 13d6c64-13d6c6d 486->487 489 13d68ef-13d6902 488->489 490 13d6c75-13d6c9b 488->490 493 13d6918-13d6933 489->493 494 13d6904-13d6912 489->494 497 13d6935-13d693b 493->497 498 13d6957-13d695a 493->498 494->493 499 13d6bec-13d6bf3 494->499 500 13d693d 497->500 501 13d6944-13d6947 497->501 503 13d6ab4-13d6aba 498->503 504 13d6960-13d6963 498->504 499->487 502 13d6bf5-13d6bf7 499->502 500->501 500->503 505 13d697a-13d6980 500->505 506 13d6ba6-13d6ba9 500->506 501->505 507 13d6949-13d694c 501->507 508 13d6bf9-13d6bfe 502->508 509 13d6c06-13d6c0c 502->509 503->506 510 13d6ac0-13d6ac5 503->510 504->503 511 13d6969-13d696f 504->511 516 13d6986-13d6988 505->516 517 13d6982-13d6984 505->517 518 13d6baf-13d6bb5 506->518 519 13d6c70 506->519 512 13d69e6-13d69ec 507->512 513 13d6952 507->513 508->509 509->490 514 13d6c0e-13d6c13 509->514 510->506 511->503 515 13d6975 511->515 512->506 522 13d69f2-13d69f8 512->522 513->506 520 13d6c58-13d6c5b 514->520 521 13d6c15-13d6c1a 514->521 515->506 523 13d6992-13d699b 516->523 517->523 524 13d6bda-13d6bde 518->524 525 13d6bb7-13d6bbf 518->525 519->490 520->519 527 13d6c5d-13d6c62 520->527 521->519 528 13d6c1c 521->528 529 13d69fe-13d6a00 522->529 530 13d69fa-13d69fc 522->530 532 13d699d-13d69a8 523->532 533 13d69ae-13d69d6 523->533 524->499 526 13d6be0-13d6be6 524->526 525->490 531 13d6bc5-13d6bd4 525->531 526->488 526->499 527->487 527->502 534 13d6c23-13d6c28 528->534 535 13d6a0a-13d6a21 529->535 530->535 531->493 531->524 532->506 532->533 553 13d69dc-13d69e1 533->553 554 13d6aca-13d6b00 533->554 538 13d6c4a-13d6c4c 534->538 539 13d6c2a-13d6c2c 534->539 546 13d6a4c-13d6a73 535->546 547 13d6a23-13d6a3c 535->547 538->519 542 13d6c4e-13d6c51 538->542 543 13d6c2e-13d6c33 539->543 544 13d6c3b-13d6c41 539->544 542->520 543->544 544->490 545 13d6c43-13d6c48 544->545 545->538 549 13d6c1e-13d6c21 545->549 546->519 559 13d6a79-13d6a7c 546->559 547->554 557 13d6a42-13d6a47 547->557 549->519 549->534 553->554 560 13d6b0d-13d6b15 554->560 561 13d6b02-13d6b06 554->561 557->554 559->519 562 13d6a82-13d6aab 559->562 560->519 565 13d6b1b-13d6b20 560->565 563 13d6b08-13d6b0b 561->563 564 13d6b25-13d6b29 561->564 562->554 577 13d6aad-13d6ab2 562->577 563->560 563->564 566 13d6b48-13d6b4c 564->566 567 13d6b2b-13d6b31 564->567 565->506 570 13d6b4e-13d6b54 566->570 571 13d6b56-13d6b75 call 13d6e58 566->571 567->566 569 13d6b33-13d6b3b 567->569 569->519 572 13d6b41-13d6b46 569->572 570->571 574 13d6b7b-13d6b7f 570->574 571->574 572->506 574->506 575 13d6b81-13d6b9d 574->575 575->506 577->554
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: (o^q$(o^q$,bq$,bq
              • API String ID: 0-879173519
              • Opcode ID: 74f2bfaa2026694ff4863d242244d59f515d98c6e273578a8afdab07eff6b442
              • Instruction ID: 1f624ac6580fd835f5744bad2e555cb7632d2768ee664ab2409278f2fe6800f3
              • Opcode Fuzzy Hash: 74f2bfaa2026694ff4863d242244d59f515d98c6e273578a8afdab07eff6b442
              • Instruction Fuzzy Hash: 77D16EB2A00109DFDF15CFA9D985AADBBF6FF88308F158065E525AB261D730EC41CB51
              Function 013D6108 Relevance: 3.0, Strings: 2, Instructions: 515COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1905 13d6108-13d614e 1908 13d6719-13d6774 call 13d6880 1905->1908 1909 13d6154-13d6162 1905->1909 1920 13d67c4-13d67c8 1908->1920 1921 13d6776-13d677a 1908->1921 1912 13d6164-13d6175 1909->1912 1913 13d6190-13d61a1 1909->1913 1912->1913 1924 13d6177-13d6183 1912->1924 1914 13d61a3-13d61a7 1913->1914 1915 13d6212-13d6226 1913->1915 1918 13d61a9-13d61b5 1914->1918 1919 13d61c2-13d61cb 1914->1919 2049 13d6229 call 13d6108 1915->2049 2050 13d6229 call 13d6730 1915->2050 1926 13d61bb-13d61bd 1918->1926 1927 13d6543-13d658e 1918->1927 1928 13d64d4 1919->1928 1929 13d61d1-13d61d4 1919->1929 1922 13d67df-13d67f3 1920->1922 1923 13d67ca-13d67d9 1920->1923 1930 13d677c-13d6781 1921->1930 1931 13d6789-13d6790 1921->1931 1936 13d67fb-13d6802 1922->1936 2051 13d67f5 call 13d9848 1922->2051 2052 13d67f5 call 13d9530 1922->2052 2053 13d67f5 call 13d9540 1922->2053 1932 13d67db-13d67dd 1923->1932 1933 13d6805-13d680f 1923->1933 1934 13d64d9-13d653c 1924->1934 1935 13d6189-13d618b 1924->1935 1925 13d622f-13d6235 1937 13d623e-13d6245 1925->1937 1938 13d6237-13d6239 1925->1938 1939 13d64ca-13d64d1 1926->1939 2004 13d6595-13d6614 1927->2004 1928->1934 1929->1928 1940 13d61da-13d61f9 1929->1940 1930->1931 1941 13d6866-13d687b 1931->1941 1942 13d6796-13d679d 1931->1942 1932->1936 1943 13d6819-13d681d 1933->1943 1944 13d6811-13d6817 1933->1944 1934->1927 1935->1939 1946 13d624b-13d6262 1937->1946 1947 13d6333-13d6344 1937->1947 1938->1939 1940->1928 1966 13d61ff-13d6205 1940->1966 1942->1920 1948 13d679f-13d67a3 1942->1948 1951 13d6825-13d685f 1943->1951 1953 13d681f 1943->1953 1944->1951 1946->1947 1962 13d6268-13d6274 1946->1962 1960 13d636e-13d6374 1947->1960 1961 13d6346-13d6353 1947->1961 1949 13d67a5-13d67aa 1948->1949 1950 13d67b2-13d67b9 1948->1950 1949->1950 1950->1941 1956 13d67bf-13d67c2 1950->1956 1951->1941 1953->1951 1956->1936 1968 13d638f-13d6395 1960->1968 1969 13d6376-13d6382 1960->1969 1961->1968 1981 13d6355-13d6361 1961->1981 1970 13d632c-13d632e 1962->1970 1971 13d627a-13d62e6 1962->1971 1966->1908 1972 13d620b-13d620f 1966->1972 1976 13d639b-13d63b8 1968->1976 1977 13d64c7 1968->1977 1974 13d6388-13d638a 1969->1974 1975 13d662b-13d668e 1969->1975 1970->1939 2006 13d62e8-13d6312 1971->2006 2007 13d6314-13d6329 1971->2007 1972->1915 1974->1939 2029 13d6695-13d6714 1975->2029 1976->1928 1998 13d63be-13d63c1 1976->1998 1977->1939 1986 13d6619-13d6624 1981->1986 1987 13d6367-13d6369 1981->1987 1986->1975 1987->1939 1998->1908 2002 13d63c7-13d63ed 1998->2002 2002->1977 2010 13d63f3-13d63ff 2002->2010 2006->2007 2007->1970 2013 13d6405-13d647d 2010->2013 2014 13d64c3-13d64c5 2010->2014 2032 13d647f-13d64a9 2013->2032 2033 13d64ab-13d64c0 2013->2033 2014->1939 2032->2033 2033->2014 2049->1925 2050->1925 2051->1936 2052->1936 2053->1936
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: (o^q$Hbq
              • API String ID: 0-662517225
              • Opcode ID: d76594caed62c6d18f963c6b5680c3354c9627a9d53ede5767881118016eba54
              • Instruction ID: 9e5f2591233590d8cd25fce1a5f0d7d338ff467a365e0660197645c8533c408f
              • Opcode Fuzzy Hash: d76594caed62c6d18f963c6b5680c3354c9627a9d53ede5767881118016eba54
              • Instruction Fuzzy Hash: EF12B0B1A002198FCB15DF69D854AAEBBF6FF88304F148469E51AEB391DF349D41CB90
              Function 013D3572 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2055 13d3572-13d358d 2056 13d358f-13d3591 2055->2056 2057 13d3596-13d35a6 2055->2057 2058 13d3834-13d383b 2056->2058 2059 13d35ad-13d35bd 2057->2059 2060 13d35a8 2057->2060 2062 13d381b-13d3829 2059->2062 2063 13d35c3-13d35d1 2059->2063 2060->2058 2066 13d383c-13d3904 2062->2066 2068 13d382b-13d382f call 13d02c8 2062->2068 2063->2066 2067 13d35d7 2063->2067 2137 13d395a 2066->2137 2138 13d3906-13d3922 2066->2138 2067->2066 2069 13d35de-13d35f0 2067->2069 2070 13d361b-13d363d 2067->2070 2071 13d36da-13d3702 2067->2071 2072 13d35f5-13d3616 2067->2072 2073 13d36b4-13d36d5 2067->2073 2074 13d3734-13d3771 2067->2074 2075 13d3776-13d379c 2067->2075 2076 13d37ec-13d380d call 13d2060 2067->2076 2077 13d37cf-13d37ea call 13d02d8 2067->2077 2078 13d380f-13d3819 2067->2078 2079 13d368e-13d36af 2067->2079 2080 13d3668-13d3689 2067->2080 2081 13d3707-13d372f 2067->2081 2082 13d37a1-13d37cd 2067->2082 2083 13d3642-13d3663 2067->2083 2068->2058 2069->2058 2070->2058 2071->2058 2072->2058 2073->2058 2074->2058 2075->2058 2076->2058 2077->2058 2078->2058 2079->2058 2080->2058 2081->2058 2082->2058 2083->2058 2139 13d39cd-13d3a31 call 13d1e34 call 13d1e44 call 13d02e4 2137->2139 2140 13d395c-13d39ac call 13d1e14 call 13d1e24 2137->2140 2141 13d3929-13d3952 2138->2141 2142 13d3924 2138->2142 2158 13d3a37-13d3ac7 2139->2158 2157 13d39b5-13d39cb 2140->2157 2141->2137 2142->2141 2157->2139
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Xbq$$^q
              • API String ID: 0-1593437937
              • Opcode ID: 49a6a615f61213d457812825f81f71124af27386de25209face88636585ad852
              • Instruction ID: a62d73420ce7efeecc3f213aef2f4fc30b7a4008a23ee55819f840bdec4cc99c
              • Opcode Fuzzy Hash: 49a6a615f61213d457812825f81f71124af27386de25209face88636585ad852
              • Instruction Fuzzy Hash: 81F16DB5E002488FDB58DFB9E4945AEBBB6BF88314B148469E40AE7354DB349C42CB52
              Function 013DB328 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2167 13db328-13db33b 2168 13db47a-13db481 2167->2168 2169 13db341-13db34a 2167->2169 2170 13db484 2169->2170 2171 13db350-13db354 2169->2171 2176 13db489-13db491 2170->2176 2172 13db36e-13db375 2171->2172 2173 13db356 2171->2173 2172->2168 2175 13db37b-13db388 2172->2175 2174 13db359-13db364 2173->2174 2174->2170 2177 13db36a-13db36c 2174->2177 2175->2168 2182 13db38e-13db3a1 2175->2182 2180 13db4eb-13db520 2176->2180 2181 13db493-13db4b0 2176->2181 2177->2172 2177->2174 2183 13db527-13db604 call 13d3908 call 13d3428 2180->2183 2184 13db522 2180->2184 2185 13db4dc 2181->2185 2186 13db4b2-13db4ca 2181->2186 2187 13db3a6-13db3ae 2182->2187 2188 13db3a3 2182->2188 2230 13db60b-13db62c call 13d4dc8 2183->2230 2231 13db606 2183->2231 2184->2183 2189 13db4de-13db4e2 2185->2189 2203 13db4cc-13db4d1 2186->2203 2204 13db4d3-13db4d6 2186->2204 2190 13db41b-13db41d 2187->2190 2191 13db3b0-13db3b6 2187->2191 2188->2187 2190->2168 2194 13db41f-13db425 2190->2194 2191->2190 2195 13db3b8-13db3be 2191->2195 2194->2168 2196 13db427-13db431 2194->2196 2195->2176 2197 13db3c4-13db3dc 2195->2197 2196->2176 2200 13db433-13db44b 2196->2200 2212 13db3de-13db3e4 2197->2212 2213 13db409-13db40c 2197->2213 2216 13db44d-13db453 2200->2216 2217 13db470-13db473 2200->2217 2203->2189 2207 13db4d8-13db4da 2204->2207 2208 13db4e3-13db4e9 2204->2208 2207->2185 2207->2186 2208->2180 2212->2176 2218 13db3ea-13db3fe 2212->2218 2213->2170 2219 13db40e-13db411 2213->2219 2216->2176 2220 13db455-13db469 2216->2220 2217->2170 2221 13db475-13db478 2217->2221 2218->2176 2226 13db404 2218->2226 2219->2170 2222 13db413-13db419 2219->2222 2220->2176 2228 13db46b 2220->2228 2221->2168 2221->2196 2222->2190 2222->2191 2226->2213 2228->2217 2233 13db631-13db63c 2230->2233 2231->2230 2234 13db63e 2233->2234 2235 13db643-13db647 2233->2235 2234->2235 2236 13db64c-13db653 2235->2236 2237 13db649-13db64a 2235->2237 2239 13db65a-13db668 2236->2239 2240 13db655 2236->2240 2238 13db66b-13db6af 2237->2238 2244 13db715-13db72c 2238->2244 2239->2238 2240->2239 2246 13db72e-13db753 2244->2246 2247 13db6b1-13db6c7 2244->2247 2253 13db76b 2246->2253 2254 13db755-13db76a 2246->2254 2251 13db6c9-13db6d5 2247->2251 2252 13db6f1 2247->2252 2255 13db6df-13db6e5 2251->2255 2256 13db6d7-13db6dd 2251->2256 2257 13db6f7-13db714 2252->2257 2261 13db76c 2253->2261 2254->2253 2258 13db6ef 2255->2258 2256->2258 2257->2244 2258->2257 2261->2261
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 63bf0bfc225bcda452212be293e703cb523c6c98f6ec39584c8988c1b54ceb02
              • Instruction ID: 7a04aab64c9b9b2a5451406e98d0ca387771589736b2a5378160f93408f218ae
              • Opcode Fuzzy Hash: 63bf0bfc225bcda452212be293e703cb523c6c98f6ec39584c8988c1b54ceb02
              • Instruction Fuzzy Hash: 9DE1E575E00218CFDB14CFA9D994A9DBBB2FF49314F168069E819AB365DB30AC81CF50
              Function 06AC8BF2 Relevance: 2.7, Strings: 2, Instructions: 214COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2525 6ac8bf2-6ac8c88 2526 6ac8c8f-6ac8d33 2525->2526 2527 6ac8c8a 2525->2527 2531 6ac8d35-6ac8d3c 2526->2531 2532 6ac8d41-6ac8d92 2526->2532 2527->2526 2533 6ac8f9c-6ac8fba 2531->2533 2540 6ac8e64 2532->2540 2541 6ac8e6d-6ac8e7b 2540->2541 2542 6ac8d97-6ac8dc4 2541->2542 2543 6ac8e81-6ac8ea6 2541->2543 2550 6ac8de5 2542->2550 2551 6ac8dc6-6ac8dcf 2542->2551 2547 6ac8ebe 2543->2547 2548 6ac8ea8-6ac8ebd 2543->2548 2547->2533 2548->2547 2555 6ac8de8-6ac8e09 2550->2555 2553 6ac8dd6-6ac8dd9 2551->2553 2554 6ac8dd1-6ac8dd4 2551->2554 2556 6ac8de3 2553->2556 2554->2556 2559 6ac8e0b-6ac8e61 2555->2559 2560 6ac8e62-6ac8e63 2555->2560 2556->2555 2559->2560 2560->2540
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: a85f7e7f5f61731a68f99c4b247fb34d7e3c0935da4902a3b5e4facca760b39c
              • Instruction ID: 8f54b32a17de57e664f2eee22e503e229e605e5351128b04a92e36224642d24a
              • Opcode Fuzzy Hash: a85f7e7f5f61731a68f99c4b247fb34d7e3c0935da4902a3b5e4facca760b39c
              • Instruction Fuzzy Hash: 7E910270E00218CFDB68DFA9C844AEEBBF2BF89314F14806AD449AB255DB385941CF90
              Function 013DC752 Relevance: 2.7, Strings: 2, Instructions: 191COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2673 13dc752-13dc758 2674 13dc6dd-13dc6ec 2673->2674 2675 13dc75a-13dc780 2673->2675 2674->2673 2676 13dc787-13dc7cf 2675->2676 2677 13dc782 2675->2677 2681 13dc7d7-13dc7e6 call 13d3908 2676->2681 2677->2676 2684 13dc7eb-13dc864 call 13d3428 2681->2684 2691 13dc86b-13dc88c call 13d4dc8 2684->2691 2692 13dc866 2684->2692 2694 13dc891-13dc89c 2691->2694 2692->2691 2695 13dc89e 2694->2695 2696 13dc8a3-13dc8a7 2694->2696 2695->2696 2697 13dc8ac-13dc8b3 2696->2697 2698 13dc8a9-13dc8aa 2696->2698 2700 13dc8ba-13dc8c8 2697->2700 2701 13dc8b5 2697->2701 2699 13dc8cb-13dc90f 2698->2699 2705 13dc975-13dc98c 2699->2705 2700->2699 2701->2700 2707 13dc98e-13dc9b3 2705->2707 2708 13dc911-13dc927 2705->2708 2714 13dc9cb 2707->2714 2715 13dc9b5-13dc9ca 2707->2715 2712 13dc929-13dc935 2708->2712 2713 13dc951 2708->2713 2716 13dc93f-13dc945 2712->2716 2717 13dc937-13dc93d 2712->2717 2718 13dc957-13dc974 2713->2718 2715->2714 2719 13dc94f 2716->2719 2717->2719 2718->2705 2719->2718
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 4ea59f034784db875dee795b293d6aca107ef0b6351bb4f304b29c5028b5fd6c
              • Instruction ID: bb9a9cf715f1402101f19c40b485588a1ff4dc37d501eafe3ed04473439db5f5
              • Opcode Fuzzy Hash: 4ea59f034784db875dee795b293d6aca107ef0b6351bb4f304b29c5028b5fd6c
              • Instruction Fuzzy Hash: 7281D375E10218CFDB18DFAAD894A9DBBF2FF89314F149069E409AB365DB349981CF10
              Function 013DBEB0 Relevance: 2.7, Strings: 2, Instructions: 191COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2625 13dbeb0-13dbeb1 2626 13dbf0b-13dbf11 2625->2626 2627 13dbeb3-13dbeb9 2625->2627 2628 13dbf13-13dbfc4 call 13d3908 call 13d3428 2626->2628 2627->2628 2629 13dbebb-13dbee0 2627->2629 2641 13dbfcb-13dbfec call 13d4dc8 2628->2641 2642 13dbfc6 2628->2642 2630 13dbee7-13dbf0a 2629->2630 2631 13dbee2 2629->2631 2630->2626 2631->2630 2644 13dbff1-13dbffc 2641->2644 2642->2641 2645 13dbffe 2644->2645 2646 13dc003-13dc007 2644->2646 2645->2646 2647 13dc00c-13dc013 2646->2647 2648 13dc009-13dc00a 2646->2648 2650 13dc01a-13dc028 2647->2650 2651 13dc015 2647->2651 2649 13dc02b-13dc06f 2648->2649 2655 13dc0d5-13dc0ec 2649->2655 2650->2649 2651->2650 2657 13dc0ee-13dc113 2655->2657 2658 13dc071-13dc087 2655->2658 2665 13dc12b 2657->2665 2666 13dc115-13dc12a 2657->2666 2662 13dc089-13dc095 2658->2662 2663 13dc0b1 2658->2663 2667 13dc09f-13dc0a5 2662->2667 2668 13dc097-13dc09d 2662->2668 2664 13dc0b7-13dc0d4 2663->2664 2664->2655 2666->2665 2669 13dc0af 2667->2669 2668->2669 2669->2664
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 57caadfb1c2ace773516c8f739d9780f3295eb8ad75aca4eaf937e86d432102c
              • Instruction ID: d6fb5153b29c4a08816047aa00d4b0a40f3a22a7d19a1dabb652ebb7e1dbbb06
              • Opcode Fuzzy Hash: 57caadfb1c2ace773516c8f739d9780f3295eb8ad75aca4eaf937e86d432102c
              • Instruction Fuzzy Hash: 3381E5B5E00218CFDB14DFA9D984A9DBBF2BF89304F14D069E809AB355DB349985CF11
              Function 013DC470 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 96a7b385f9b8e569cd035c5038c08bbb36e7d70d4623b236efb400e4f654cfc7
              • Instruction ID: 085951d448ebf8598606ba35fa2b6a2f95ccfc9191484b04c1114e6f521f0eb0
              • Opcode Fuzzy Hash: 96a7b385f9b8e569cd035c5038c08bbb36e7d70d4623b236efb400e4f654cfc7
              • Instruction Fuzzy Hash: 5181C375E00218CFDB18DFAAD984A9DBBF2BF89314F14D069E409AB365DB349981CF11
              Function 013D4AD9 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2723 13d4ad9-13d4b08 2724 13d4b0f-13d4bec call 13d3908 call 13d3428 2723->2724 2725 13d4b0a 2723->2725 2735 13d4bee 2724->2735 2736 13d4bf3-13d4c11 2724->2736 2725->2724 2735->2736 2766 13d4c14 call 13d4db9 2736->2766 2767 13d4c14 call 13d4dc8 2736->2767 2737 13d4c1a-13d4c25 2738 13d4c2c-13d4c30 2737->2738 2739 13d4c27 2737->2739 2740 13d4c35-13d4c3c 2738->2740 2741 13d4c32-13d4c33 2738->2741 2739->2738 2743 13d4c3e 2740->2743 2744 13d4c43-13d4c51 2740->2744 2742 13d4c54-13d4c98 2741->2742 2748 13d4cfe-13d4d15 2742->2748 2743->2744 2744->2742 2750 13d4c9a-13d4cb0 2748->2750 2751 13d4d17-13d4d3c 2748->2751 2755 13d4cda 2750->2755 2756 13d4cb2-13d4cbe 2750->2756 2757 13d4d3e-13d4d53 2751->2757 2758 13d4d54 2751->2758 2761 13d4ce0-13d4cfd 2755->2761 2759 13d4cc8-13d4cce 2756->2759 2760 13d4cc0-13d4cc6 2756->2760 2757->2758 2762 13d4cd8 2759->2762 2760->2762 2761->2748 2762->2761 2766->2737 2767->2737
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 41f6080cc2838b0846d97a9f3c259304caea1984f6fb0002f2112611a6bb79ec
              • Instruction ID: f789758968b16b57b30784dfd774368fe27014b949fb6663e8a81809c378c448
              • Opcode Fuzzy Hash: 41f6080cc2838b0846d97a9f3c259304caea1984f6fb0002f2112611a6bb79ec
              • Instruction Fuzzy Hash: 8381C475E00218DFDB58CFA9D984A9DBBF2BF89304F14C069E819AB365DB345981CF11
              Function 013DC190 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 4dea325023e548f9bbc9ef1cfdf20c36a6f4f9c0616994227960a63e1013fd50
              • Instruction ID: 5f4472555b5d3cee6cae59a55c8df394bc32e628e4581bb30f35149b51ecbaa4
              • Opcode Fuzzy Hash: 4dea325023e548f9bbc9ef1cfdf20c36a6f4f9c0616994227960a63e1013fd50
              • Instruction Fuzzy Hash: 7981B275E102188FDB58DFAAD984A9DBBF2BF89304F149069E809AB365DB349941CF10
              Function 013DCA32 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 6450d81952d5e92dace40af8bd569ceffd831310a763aba50f6f866d06c17cca
              • Instruction ID: 3ae3bc5cbca85c3026af94394bd1e4e3b403b7262a1644627f77aba919452a88
              • Opcode Fuzzy Hash: 6450d81952d5e92dace40af8bd569ceffd831310a763aba50f6f866d06c17cca
              • Instruction Fuzzy Hash: FF81C375E10218CFDB18DFA9D994A9DBBF2BF89304F14D069E809AB365DB349941CF10
              Function 013DBBD2 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: da4d542b16877471b1e45083a302c9692d4571333bc4accc6611bffacda81ab8
              • Instruction ID: 5660ee23303fbe5b025d9f8fa6a3e67b8758a75f907150980bde6e5c0b9a82a9
              • Opcode Fuzzy Hash: da4d542b16877471b1e45083a302c9692d4571333bc4accc6611bffacda81ab8
              • Instruction Fuzzy Hash: 3981B375E00258CFDB18DFAAD984A9DFBF2BF89304F158069E409AB365DB349981CF11
              Function 013DB4F2 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: PH^q$PH^q
              • API String ID: 0-1598597984
              • Opcode ID: 597f698f6ff68dc8d2151ee63a7eae10a951662a33a5aca24c51685638dad4c1
              • Instruction ID: 448f890be23efc344168c60603758650c17c97c3a65d99e167473aed34ff04ea
              • Opcode Fuzzy Hash: 597f698f6ff68dc8d2151ee63a7eae10a951662a33a5aca24c51685638dad4c1
              • Instruction Fuzzy Hash: 1861D3B5E002488FDB18DFAAD984A9DFBF2BF89304F15C069E818AB365DB345941CF11
              Function 05BE7B70 Relevance: 2.0, APIs: 1, Instructions: 530COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bb676053b6235c8bbeb2f00cde029958040d69d107480d02dfcf37f3c85b5fce
              • Instruction ID: 21546721c89681347f6bcffc80429aba6da6e6a57e5b4fe98923dcc3c867ae12
              • Opcode Fuzzy Hash: bb676053b6235c8bbeb2f00cde029958040d69d107480d02dfcf37f3c85b5fce
              • Instruction Fuzzy Hash: 62224D74E012198FCB14DFA9C994BADBBB2FF88304F1485A9D409AB355DB35AD81CF90
              Function 06AC11A0 Relevance: .7, Instructions: 745COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fb56281e73bd604fd04a04069b6522a6a338996bd2e78e82831665f3b8021005
              • Instruction ID: e62d131e7f9d120e1ad6c411cb99ae33291dbdd0261d729aec76d563eafbb6f6
              • Opcode Fuzzy Hash: fb56281e73bd604fd04a04069b6522a6a338996bd2e78e82831665f3b8021005
              • Instruction Fuzzy Hash: BB827F74E012288FDBA5DF69C994BDDBBB2BB89304F1081E9D80DA7265DB345E81CF41
              Function 013DF007 Relevance: .7, Instructions: 717COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3c9a0e016cbb422b322223f01b5cf4095f5bf74a33be8058259b53339fb87bd3
              • Instruction ID: ead206b3e5f5a9259820270a9ebdd12536b0dc33d0922656bce08333e989d211
              • Opcode Fuzzy Hash: 3c9a0e016cbb422b322223f01b5cf4095f5bf74a33be8058259b53339fb87bd3
              • Instruction Fuzzy Hash: 6972EE75E012288FDB64DF69D894BE9BBB6BB49304F1481EAD409A7351DB349EC2CF40
              Function 06AC8608 Relevance: .3, Instructions: 296COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f8c2f4493fed6e03331e13b65105a53594f508f1667bfa191be3c10b7a9e79b1
              • Instruction ID: fbabd0c800aa448bc9f4ec932c9eb3c3a1493d7a36b37253a2c913ebbe8f5521
              • Opcode Fuzzy Hash: f8c2f4493fed6e03331e13b65105a53594f508f1667bfa191be3c10b7a9e79b1
              • Instruction Fuzzy Hash: 15E1C274E01218CFEB64DFA9C954B9DBBB2BF89304F2081A9D409A7394DB395E85CF50
              Function 05BEC648 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b09995a97c1e9ceb86fafe94994aff961eba7a4297930cfd23d7fcdfa600f54
              • Instruction ID: eaa2320480566941d75b76c3ef63c26d5fdb04e2d1436f6ce28229e373a05a2f
              • Opcode Fuzzy Hash: 4b09995a97c1e9ceb86fafe94994aff961eba7a4297930cfd23d7fcdfa600f54
              • Instruction Fuzzy Hash: F7C19F74E01218CFDB54DFA9C954BADBBB2BF89305F2480A9D809AB354DB356E81CF50
              Function 06ACB6E8 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 19ebf5d8b514824bb772ac3ba3bb3a2861470d52158b86677e9829b6779cf651
              • Instruction ID: a2216f8fb1184462dddc8c63707de8061297d5432a070e166fd5a8816782894b
              • Opcode Fuzzy Hash: 19ebf5d8b514824bb772ac3ba3bb3a2861470d52158b86677e9829b6779cf651
              • Instruction Fuzzy Hash: 01A1A270E012188FEB68DF6AC945B9DFAF2AF89310F14C0AAD409B7250DB355A85CF51
              Function 06ACD670 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5a8636c8661808cf3e085f1fea70872d5b7fe6e8e7306980900073f00e59994
              • Instruction ID: 1a1551d6140923d94448a45a76abd02d14e0858def4b9f4331b8cb7f14496add
              • Opcode Fuzzy Hash: f5a8636c8661808cf3e085f1fea70872d5b7fe6e8e7306980900073f00e59994
              • Instruction Fuzzy Hash: 46A1A274E012188FEB68DF6AC944B9DFBF2AF89310F14D0AAD409AB250DB345A85CF50
              Function 06ACC388 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e9b82966b8fe5a07dbab1d53b02411d9b6c37f6e2165bba72954dda393e89836
              • Instruction ID: 28f52ace42775c0a73f420c9f9a79761962766e34c837a099c91cebbcab92ee6
              • Opcode Fuzzy Hash: e9b82966b8fe5a07dbab1d53b02411d9b6c37f6e2165bba72954dda393e89836
              • Instruction Fuzzy Hash: 61A1A271E016288FEB68DF6AC944B9DFAF2AF89310F14D0AAD40DA7250DB345A85CF50
              Function 06ACA408 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7b08b947c8a34cf929fb0decaab9aa1b141800b0833c924d5812e92235b15a8c
              • Instruction ID: 02adfbad2389710afa04dc20b68479862125dab7dcb28d9741a7c71862049e3b
              • Opcode Fuzzy Hash: 7b08b947c8a34cf929fb0decaab9aa1b141800b0833c924d5812e92235b15a8c
              • Instruction Fuzzy Hash: 64A1C174E016288FEB68DF6AC944B9DBBF2BF89310F14C0AAD50DA7254DB345A85CF10
              Function 06ACC9D8 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 284d6b42cbbb0010589f82077ec5482576d8af85509470b2843d1f8e53fd5bc1
              • Instruction ID: e01448821f0bac9b5043de0795b83d25e8f9996284a6ab1711539c13a24de748
              • Opcode Fuzzy Hash: 284d6b42cbbb0010589f82077ec5482576d8af85509470b2843d1f8e53fd5bc1
              • Instruction Fuzzy Hash: 2AA1A175E012288FEB68DF6AC944B9DFAF2AF89310F14C0AAD40DA7250DB345A85CF51
              Function 06ACBD38 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b279ff33766b99207c1100f6d242120b71de8198f9952cf17b0cff20273d3331
              • Instruction ID: 0f0e5ba778a624962076dad757cac2c262e087e1256c891612696d34b61d051b
              • Opcode Fuzzy Hash: b279ff33766b99207c1100f6d242120b71de8198f9952cf17b0cff20273d3331
              • Instruction Fuzzy Hash: 66A1A075E012288FEB68DF6AC944B9DFAF2BF89310F14C0AAD40DA7254DB345A85CF51
              Function 06ACAA58 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d3a4a96796e8e41ce0a3de52ef3a6c86d382a1e9f2cabfd5d923de4d8d4f7207
              • Instruction ID: ccbec8fc30d95294d7c697b5c695e582abd069c81dd50111b48dc960323e0892
              • Opcode Fuzzy Hash: d3a4a96796e8e41ce0a3de52ef3a6c86d382a1e9f2cabfd5d923de4d8d4f7207
              • Instruction Fuzzy Hash: 15A1A175E012288FEB68DF6AC944B9DFBF2AF89310F14C0AAD509B7250DB345A85CF50
              Function 06ACB0A0 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 71a6f05ccd66de4b360b420509f76573da5529adf7580bc48442b4e8b3512cb8
              • Instruction ID: 3e1edc14f2b18ecc0d5f562cbb0ecee2241e1ccd2d399cb9b73d01980d461528
              • Opcode Fuzzy Hash: 71a6f05ccd66de4b360b420509f76573da5529adf7580bc48442b4e8b3512cb8
              • Instruction Fuzzy Hash: CDA1C270E016288FEB68DF6AC944B9DFBF2BF89310F14C0AAD409A7250DB355A85CF11
              Function 06ACD028 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76c6d3b96928ffc0be515482ba1757ed5e92b66647964da662f4347964ab12fa
              • Instruction ID: 9c6c320d36c4163142c2659bbad205aa0985fbc8e70c691f70f647e0cde7fbf2
              • Opcode Fuzzy Hash: 76c6d3b96928ffc0be515482ba1757ed5e92b66647964da662f4347964ab12fa
              • Instruction Fuzzy Hash: 18A1A271E016188FEB68DF6AC944B9DFAF2AF89310F14C0AAD40DBB250DB345A85CF51
              Function 06ACB08F Relevance: .2, Instructions: 205COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 33774a77caf82434febb78eebe152eed8f64b47201d982d3e31dd222f5ebd373
              • Instruction ID: fea553e87d55784e9c32cf17307a86e64543c47d8180e668a7c0daa4583e1020
              • Opcode Fuzzy Hash: 33774a77caf82434febb78eebe152eed8f64b47201d982d3e31dd222f5ebd373
              • Instruction Fuzzy Hash: 5F91B571D01618CFEB68DF6AC945B9EFBF2AF89310F10C0AAD409AB254DB354A85CF51
              Function 06AC1191 Relevance: .2, Instructions: 178COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: babd0bdd8e7770ffbee99b260df63c7aa4c417bbfe3adceb6f1682b0f6c58c04
              • Instruction ID: 05f92f3a5503e59f4c52c5ecc0ce20c603c6939219b5d7d3e64ba7bdd74be794
              • Opcode Fuzzy Hash: babd0bdd8e7770ffbee99b260df63c7aa4c417bbfe3adceb6f1682b0f6c58c04
              • Instruction Fuzzy Hash: 3F81B174E412299FDBA5DF69D990BDDBBB2BF89304F1080EAD809A7254DB345E81CF40
              Function 06ACD018 Relevance: .2, Instructions: 170COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 38803644b86261fcbe72ecfc1363c26ca98d6cc788561b3b87609b8b99ad76a9
              • Instruction ID: 6d47131180d8ad633aa4e2f021b93dd1fa64a5873c78fd7ac019535d2244ef30
              • Opcode Fuzzy Hash: 38803644b86261fcbe72ecfc1363c26ca98d6cc788561b3b87609b8b99ad76a9
              • Instruction Fuzzy Hash: 6A719571E016188FEB68DF6AC944B9EFAF2AF89300F14C0AAD40DA7254DB344A85CF51
              Function 06ACAA53 Relevance: .2, Instructions: 161COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 49bc9cad4eada113db1c76cad9a554d27e3e9bf847583642ac6f13a43d76f66f
              • Instruction ID: 0af789c191e9dde62c43c6f57cf5d324e89a0a1fd075fb74f8e3192e7afbe66b
              • Opcode Fuzzy Hash: 49bc9cad4eada113db1c76cad9a554d27e3e9bf847583642ac6f13a43d76f66f
              • Instruction Fuzzy Hash: 85718471E006288FEB68DF6AC944B9DFBF2AF89300F14C0AAD50DA7254DB745A85CF51
              Function 06ACC378 Relevance: .1, Instructions: 123COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9943df99eed88538c0f6fdcff8e0aa46bdaafb841bc8d094d828f7c4ac3e77ea
              • Instruction ID: 9503abd0eaaa36eb56ea8f262a9e1876bee3e89703fe169b1a70ff960ec21d4c
              • Opcode Fuzzy Hash: 9943df99eed88538c0f6fdcff8e0aa46bdaafb841bc8d094d828f7c4ac3e77ea
              • Instruction Fuzzy Hash: AB51A8B1D016189FEB58CF6BC9057CAFAF3AFC9314F04C0AAD50CA6265DB740A868F51
              Function 06ACC9C8 Relevance: .1, Instructions: 120COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9f951553319c7a1ecb4e6d1592965664b95d13d01bef620aee1c0add6e5f3d48
              • Instruction ID: 0bbf5db1942ddb8573832dbf0d4c7be380e6ea9a0d7ee109118f19ccd3fe595f
              • Opcode Fuzzy Hash: 9f951553319c7a1ecb4e6d1592965664b95d13d01bef620aee1c0add6e5f3d48
              • Instruction Fuzzy Hash: 0B519671E016189BEB58CF6BDC447DAFAF3AFC9310F04C0AAC50DA6264DB340A868F51
              Function 06ACBD28 Relevance: .1, Instructions: 114COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 81646f7ea120c99cedca683597c708e145025362a0e9a7d32665ded0e718d4bf
              • Instruction ID: f9f71216500aa6a2aa1c62e3dd227023ce1986af3db022da7c21c5b2e2084810
              • Opcode Fuzzy Hash: 81646f7ea120c99cedca683597c708e145025362a0e9a7d32665ded0e718d4bf
              • Instruction Fuzzy Hash: 1C4179B1D016189BEB58CF6BC9457DAFAF3AFC9310F14C1AAC50CA6264DB740A868F51
              Function 06AC8603 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de1b973ce380b4e2913a3ac3c0c3a0fa69b4f1a2904d7fbb1db28544434fb061
              • Instruction ID: 9ac0455b96b592cb7e54d7738d965a3d0c698810686e85f8a39b7c1314d462a2
              • Opcode Fuzzy Hash: de1b973ce380b4e2913a3ac3c0c3a0fa69b4f1a2904d7fbb1db28544434fb061
              • Instruction Fuzzy Hash: 9D41B1B0D012088BEB58DFAAD85479EBBB2BF88314F24D16AC418BB290DB755946CF54
              Function 06ACB6D9 Relevance: .1, Instructions: 110COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: de70e74e35a23ef808c48cb0112f3b7bcb561ea2f6e60da2528e9cb3a1303565
              • Instruction ID: 99537fb88f03ab6b3e4762ccc4ccd376b9b8481c75d4d3d5cba0a99e4981284e
              • Opcode Fuzzy Hash: de70e74e35a23ef808c48cb0112f3b7bcb561ea2f6e60da2528e9cb3a1303565
              • Instruction Fuzzy Hash: 574167B1D016189BEB58CF6BC9457DAFAF3AFC8310F14C1AAD50CA6264DB740A868F51
              Function 06ACA3F8 Relevance: .1, Instructions: 110COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 57bd7d1f2d65d3a1d907f04efb2295e5753ccbda66420c285375a262e3ced515
              • Instruction ID: 2999f87e068b08ebcacfce0862f011e6ce8327020713bff9a8ef36b65e5d864d
              • Opcode Fuzzy Hash: 57bd7d1f2d65d3a1d907f04efb2295e5753ccbda66420c285375a262e3ced515
              • Instruction Fuzzy Hash: D64169B1D016188FEB58CF6BC9457DAFAF3AFC9310F14C1AAC50CA6264DB740A868F51
              Function 06ACD661 Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3cbe566147fc566c754f711bbf2ddfc24cb488e492a7672e475ad8df6fd9e692
              • Instruction ID: fbe51ffa3791330b7eb853bde5d65e02ff18024f11a691b021a93054015d1a25
              • Opcode Fuzzy Hash: 3cbe566147fc566c754f711bbf2ddfc24cb488e492a7672e475ad8df6fd9e692
              • Instruction Fuzzy Hash: CA4169B1D016189BEB58DF6BCD457CAFAF3AFC8310F14C1AAD50CA6264DB740A858F51
              Function 013D6E58 Relevance: 10.5, Strings: 8, Instructions: 475COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 0 13d6e58-13d6e8d 1 13d72bc-13d72c0 0->1 2 13d6e93-13d6eb6 0->2 3 13d72d9-13d72e7 1->3 4 13d72c2-13d72d6 1->4 11 13d6ebc-13d6ec9 2->11 12 13d6f64-13d6f68 2->12 9 13d72e9-13d72fe 3->9 10 13d7358-13d736d 3->10 17 13d7305-13d7312 9->17 18 13d7300-13d7303 9->18 19 13d736f-13d7372 10->19 20 13d7374-13d7381 10->20 28 13d6ed8 11->28 29 13d6ecb-13d6ed6 11->29 15 13d6f6a-13d6f78 12->15 16 13d6fb0-13d6fb9 12->16 15->16 36 13d6f7a-13d6f95 15->36 21 13d73cf 16->21 22 13d6fbf-13d6fc9 16->22 24 13d7314-13d7355 17->24 18->24 25 13d7383-13d73be 19->25 20->25 30 13d73d4-13d7404 21->30 22->1 26 13d6fcf-13d6fd8 22->26 78 13d73c5-13d73cc 25->78 34 13d6fda-13d6fdf 26->34 35 13d6fe7-13d6ff3 26->35 31 13d6eda-13d6edc 28->31 29->31 63 13d741d-13d7424 30->63 64 13d7406-13d741c 30->64 31->12 38 13d6ee2-13d6f44 31->38 34->35 35->30 41 13d6ff9-13d6fff 35->41 59 13d6f97-13d6fa1 36->59 60 13d6fa3 36->60 87 13d6f4a-13d6f61 38->87 88 13d6f46 38->88 43 13d7005-13d7015 41->43 44 13d72a6-13d72aa 41->44 57 13d7029-13d702b 43->57 58 13d7017-13d7027 43->58 44->21 48 13d72b0-13d72b6 44->48 48->1 48->26 61 13d702e-13d7034 57->61 58->61 62 13d6fa5-13d6fa7 59->62 60->62 61->44 67 13d703a-13d7049 61->67 62->16 68 13d6fa9 62->68 72 13d704f 67->72 73 13d70f7-13d7122 call 13d6ca0 * 2 67->73 68->16 76 13d7052-13d7063 72->76 91 13d720c-13d7226 73->91 92 13d7128-13d712c 73->92 76->30 80 13d7069-13d707b 76->80 80->30 82 13d7081-13d7099 80->82 145 13d709b call 13d7438 82->145 146 13d709b call 13d7428 82->146 86 13d70a1-13d70b1 86->44 90 13d70b7-13d70ba 86->90 87->12 88->87 93 13d70bc-13d70c2 90->93 94 13d70c4-13d70c7 90->94 91->1 114 13d722c-13d7230 91->114 92->44 96 13d7132-13d7136 92->96 93->94 97 13d70cd-13d70d0 93->97 94->21 94->97 99 13d715e-13d7164 96->99 100 13d7138-13d7145 96->100 101 13d70d8-13d70db 97->101 102 13d70d2-13d70d6 97->102 104 13d719f-13d71a5 99->104 105 13d7166-13d716a 99->105 117 13d7154 100->117 118 13d7147-13d7152 100->118 101->21 103 13d70e1-13d70e5 101->103 102->101 102->103 103->21 106 13d70eb-13d70f1 103->106 108 13d71a7-13d71ab 104->108 109 13d71b1-13d71b7 104->109 105->104 107 13d716c-13d7175 105->107 106->73 106->76 112 13d7184-13d719a 107->112 113 13d7177-13d717c 107->113 108->78 108->109 115 13d71b9-13d71bd 109->115 116 13d71c3-13d71c5 109->116 112->44 113->112 122 13d726c-13d7270 114->122 123 13d7232-13d723c call 13d5b50 114->123 115->44 115->116 119 13d71fa-13d71fc 116->119 120 13d71c7-13d71d0 116->120 121 13d7156-13d7158 117->121 118->121 119->44 127 13d7202-13d7209 119->127 125 13d71df-13d71f5 120->125 126 13d71d2-13d71d7 120->126 121->44 121->99 122->78 129 13d7276-13d727a 122->129 123->122 133 13d723e-13d7253 123->133 125->44 126->125 129->78 132 13d7280-13d728d 129->132 136 13d729c 132->136 137 13d728f-13d729a 132->137 133->122 142 13d7255-13d726a 133->142 139 13d729e-13d72a0 136->139 137->139 139->44 139->78 142->1 142->122 145->86 146->86
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: (o^q$(o^q$(o^q$(o^q$(o^q$(o^q$,bq$,bq
              • API String ID: 0-1932283790
              • Opcode ID: 0f948071cde0db1b9e2314645d7feaeee3dd2c387041fbbbbc20e6efae65369b
              • Instruction ID: 37c091a07c5afe239f6b186f9ecdbcdecf0fe65643c4e2f3ac2e9f9b78bcd161
              • Opcode Fuzzy Hash: 0f948071cde0db1b9e2314645d7feaeee3dd2c387041fbbbbc20e6efae65369b
              • Instruction Fuzzy Hash: A3126D71A002598FCB15CF69E884A9EBBF2FF48319F148559E919DB3A1DB30ED41CB50
              Function 013D87E9 Relevance: 4.1, Strings: 3, Instructions: 351COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1126 13d87e9-13d8805 1127 13d8807-13d880c 1126->1127 1128 13d8811-13d881d 1126->1128 1129 13d8ba6-13d8bab 1127->1129 1131 13d882d-13d8832 1128->1131 1132 13d881f-13d8821 1128->1132 1131->1129 1133 13d8829-13d882b 1132->1133 1133->1131 1134 13d8837-13d8843 1133->1134 1136 13d8845-13d8851 1134->1136 1137 13d8853-13d8858 1134->1137 1136->1137 1139 13d885d-13d8868 1136->1139 1137->1129 1141 13d886e-13d8879 1139->1141 1142 13d8912-13d891d 1139->1142 1147 13d888f 1141->1147 1148 13d887b-13d888d 1141->1148 1145 13d89c0-13d89cc 1142->1145 1146 13d8923-13d8932 1142->1146 1155 13d89dc-13d89ee 1145->1155 1156 13d89ce-13d89da 1145->1156 1157 13d8934-13d893e 1146->1157 1158 13d8943-13d8952 1146->1158 1149 13d8894-13d8896 1147->1149 1148->1149 1150 13d8898-13d88a7 1149->1150 1151 13d88b6-13d88bb 1149->1151 1150->1151 1161 13d88a9-13d88b4 1150->1161 1151->1129 1174 13d89f0-13d89fc 1155->1174 1175 13d8a12-13d8a17 1155->1175 1156->1155 1167 13d8a1c-13d8a27 1156->1167 1157->1129 1165 13d8954-13d8960 1158->1165 1166 13d8976-13d897f 1158->1166 1161->1151 1172 13d88c0-13d88c9 1161->1172 1176 13d896c-13d8971 1165->1176 1177 13d8962-13d8967 1165->1177 1180 13d8995 1166->1180 1181 13d8981-13d8993 1166->1181 1178 13d8a2d-13d8a36 1167->1178 1179 13d8b09-13d8b14 1167->1179 1189 13d88cb-13d88d0 1172->1189 1190 13d88d5-13d88e4 1172->1190 1186 13d89fe-13d8a03 1174->1186 1187 13d8a08-13d8a0d 1174->1187 1175->1129 1176->1129 1177->1129 1195 13d8a4c 1178->1195 1196 13d8a38-13d8a4a 1178->1196 1193 13d8b3e-13d8b4d 1179->1193 1194 13d8b16-13d8b20 1179->1194 1184 13d899a-13d899c 1180->1184 1181->1184 1184->1145 1192 13d899e-13d89aa 1184->1192 1186->1129 1187->1129 1189->1129 1207 13d8908-13d890d 1190->1207 1208 13d88e6-13d88f2 1190->1208 1200 13d89ac-13d89b1 1192->1200 1201 13d89b6-13d89bb 1192->1201 1212 13d8b4f-13d8b5e 1193->1212 1213 13d8ba1 1193->1213 1210 13d8b37-13d8b3c 1194->1210 1211 13d8b22-13d8b2e 1194->1211 1198 13d8a51-13d8a53 1195->1198 1196->1198 1205 13d8a55-13d8a61 1198->1205 1206 13d8a63 1198->1206 1200->1129 1201->1129 1209 13d8a68-13d8a6a 1205->1209 1206->1209 1207->1129 1218 13d88fe-13d8903 1208->1218 1219 13d88f4-13d88f9 1208->1219 1216 13d8a6c-13d8a71 1209->1216 1217 13d8a76-13d8a89 1209->1217 1210->1129 1211->1210 1223 13d8b30-13d8b35 1211->1223 1212->1213 1224 13d8b60-13d8b78 1212->1224 1213->1129 1216->1129 1225 13d8a8b 1217->1225 1226 13d8ac1-13d8acb 1217->1226 1218->1129 1219->1129 1223->1129 1235 13d8b9a-13d8b9f 1224->1235 1236 13d8b7a-13d8b98 1224->1236 1228 13d8a8e-13d8a9f call 13d8258 1225->1228 1232 13d8acd-13d8ad9 call 13d8258 1226->1232 1233 13d8aea-13d8af6 1226->1233 1238 13d8aa6-13d8aab 1228->1238 1239 13d8aa1-13d8aa4 1228->1239 1244 13d8adb-13d8ade 1232->1244 1245 13d8ae0-13d8ae5 1232->1245 1246 13d8aff 1233->1246 1247 13d8af8-13d8afd 1233->1247 1235->1129 1236->1129 1238->1129 1239->1238 1242 13d8ab0-13d8ab3 1239->1242 1248 13d8bac-13d8bc0 1242->1248 1249 13d8ab9-13d8abf 1242->1249 1244->1233 1244->1245 1245->1129 1250 13d8b04 1246->1250 1247->1250 1253 13d8c12-13d8c19 1248->1253 1254 13d8bc2-13d8bc3 1248->1254 1249->1226 1249->1228 1250->1129 1257 13d8c4e-13d8c60 1253->1257 1258 13d8c1b-13d8c2a 1253->1258 1254->1253 1261 13d8d5f 1257->1261 1262 13d8c66-13d8c74 1257->1262 1258->1257 1263 13d8c2c-13d8c42 1258->1263 1264 13d8d61-13d8d65 1261->1264 1267 13d8c76-13d8c7b 1262->1267 1268 13d8c80-13d8c83 1262->1268 1263->1257 1273 13d8c44-13d8c49 1263->1273 1267->1264 1269 13d8c89-13d8c8c 1268->1269 1270 13d8d66-13d8d96 call 13d8378 1268->1270 1269->1262 1272 13d8c8e 1269->1272 1278 13d8dad-13d8db1 1270->1278 1279 13d8d98-13d8dac 1270->1279 1272->1261 1273->1264
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: 4'^q$4'^q$;^q
              • API String ID: 0-799016360
              • Opcode ID: 614cbda0481f076189d6b11db469388f63f74a45424e6572dccb5a26bef81e73
              • Instruction ID: a6536e2f40940cfc652deeb328ab56aea5e856bdd3b2961d8c681c4ea29bc3ad
              • Opcode Fuzzy Hash: 614cbda0481f076189d6b11db469388f63f74a45424e6572dccb5a26bef81e73
              • Instruction Fuzzy Hash: 59B195B23101058FEB159B2DE959B793B99FF85608F1444EAE206CF3B1EA65EC42C742
              Function 013D77F0 Relevance: 3.2, Strings: 2, Instructions: 690COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1717 13d77f0-13d7cde 1792 13d7ce4-13d7cf4 1717->1792 1793 13d8230-13d8265 1717->1793 1792->1793 1794 13d7cfa-13d7d0a 1792->1794 1797 13d8267-13d826c 1793->1797 1798 13d8271-13d828f 1793->1798 1794->1793 1796 13d7d10-13d7d20 1794->1796 1796->1793 1799 13d7d26-13d7d36 1796->1799 1800 13d8356-13d835b 1797->1800 1810 13d8306-13d8312 1798->1810 1811 13d8291-13d829b 1798->1811 1799->1793 1801 13d7d3c-13d7d4c 1799->1801 1801->1793 1803 13d7d52-13d7d62 1801->1803 1803->1793 1804 13d7d68-13d7d78 1803->1804 1804->1793 1806 13d7d7e-13d7d8e 1804->1806 1806->1793 1807 13d7d94-13d7da4 1806->1807 1807->1793 1809 13d7daa-13d7dba 1807->1809 1809->1793 1812 13d7dc0-13d822f 1809->1812 1816 13d8329-13d8335 1810->1816 1817 13d8314-13d8320 1810->1817 1811->1810 1818 13d829d-13d82a9 1811->1818 1827 13d834c-13d834e 1816->1827 1828 13d8337-13d8343 1816->1828 1817->1816 1826 13d8322-13d8327 1817->1826 1823 13d82ce-13d82d1 1818->1823 1824 13d82ab-13d82b6 1818->1824 1829 13d82e8-13d82f4 1823->1829 1830 13d82d3-13d82df 1823->1830 1824->1823 1836 13d82b8-13d82c2 1824->1836 1826->1800 1827->1800 1904 13d8350 call 13d87e9 1827->1904 1828->1827 1838 13d8345-13d834a 1828->1838 1834 13d835c-13d8373 1829->1834 1835 13d82f6-13d82fd 1829->1835 1830->1829 1842 13d82e1-13d82e6 1830->1842 1835->1834 1839 13d82ff-13d8304 1835->1839 1836->1823 1844 13d82c4-13d82c9 1836->1844 1838->1800 1839->1800 1842->1800 1844->1800 1904->1800
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: $^q$$^q
              • API String ID: 0-355816377
              • Opcode ID: 13a17f6661ed682a46c00f2fe4eb42b93fef810398ee158e37e6e070e086c26d
              • Instruction ID: 45b49752ecea5c4f5219ae8206ef9a2cef656415a10e5b80e4f39bac14d99395
              • Opcode Fuzzy Hash: 13a17f6661ed682a46c00f2fe4eb42b93fef810398ee158e37e6e070e086c26d
              • Instruction Fuzzy Hash: 2F525674A00219CFEB55DBA8C860BAEBBB2FF84345F1081A9C50A6B3A4DF345D85DF51
              Function 013D56A8 Relevance: 2.8, Strings: 2, Instructions: 325COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2263 13d56a8-13d56ca 2264 13d56cc-13d56d0 2263->2264 2265 13d56e0-13d56eb 2263->2265 2266 13d56f8-13d56ff 2264->2266 2267 13d56d2-13d56de 2264->2267 2268 13d56f1-13d56f3 2265->2268 2269 13d5793-13d57bf 2265->2269 2271 13d571f-13d5728 2266->2271 2272 13d5701-13d5708 2266->2272 2267->2265 2267->2266 2270 13d578b-13d5790 2268->2270 2276 13d57c6-13d581e 2269->2276 2367 13d572a call 13d56a8 2271->2367 2368 13d572a call 13d5698 2271->2368 2272->2271 2273 13d570a-13d5715 2272->2273 2275 13d571b-13d571d 2273->2275 2273->2276 2275->2270 2295 13d582d-13d583f 2276->2295 2296 13d5820-13d5826 2276->2296 2277 13d5730-13d5732 2278 13d573a-13d5742 2277->2278 2279 13d5734-13d5738 2277->2279 2283 13d5744-13d5749 2278->2283 2284 13d5751-13d5753 2278->2284 2279->2278 2282 13d5755-13d5774 call 13d6108 2279->2282 2289 13d5789 2282->2289 2290 13d5776-13d577f 2282->2290 2283->2284 2284->2270 2289->2270 2365 13d5781 call 13da70d 2290->2365 2366 13d5781 call 13da650 2290->2366 2292 13d5787 2292->2270 2298 13d5845-13d5849 2295->2298 2299 13d58d3-13d58d7 call 13d5a70 2295->2299 2296->2295 2300 13d5859-13d5866 2298->2300 2301 13d584b-13d5857 2298->2301 2302 13d58dd-13d58e3 2299->2302 2307 13d5868-13d5872 2300->2307 2301->2307 2305 13d58ef-13d58f6 2302->2305 2306 13d58e5-13d58eb 2302->2306 2308 13d58ed 2306->2308 2309 13d5951-13d599f 2306->2309 2312 13d589f-13d58a3 2307->2312 2313 13d5874-13d5883 2307->2313 2308->2305 2369 13d59a1 call 6ac25e8 2309->2369 2370 13d59a1 call 6ac23e0 2309->2370 2371 13d59a1 call 6ac23d1 2309->2371 2314 13d58af-13d58b3 2312->2314 2315 13d58a5-13d58ab 2312->2315 2324 13d5885-13d588c 2313->2324 2325 13d5893-13d589d 2313->2325 2314->2305 2319 13d58b5-13d58b9 2314->2319 2317 13d58ad 2315->2317 2318 13d58f9-13d594a 2315->2318 2317->2305 2318->2309 2321 13d58bf-13d58d1 2319->2321 2322 13d59b7-13d59db 2319->2322 2321->2305 2332 13d59dd-13d59df 2322->2332 2333 13d59e1-13d59e3 2322->2333 2324->2325 2325->2312 2334 13d5a59-13d5a5c 2332->2334 2335 13d59e5-13d59e9 2333->2335 2336 13d59f4-13d59f6 2333->2336 2340 13d59ef-13d59f2 2335->2340 2341 13d59eb-13d59ed 2335->2341 2342 13d5a09-13d5a0f 2336->2342 2343 13d59f8-13d59fc 2336->2343 2340->2334 2341->2334 2347 13d5a3a-13d5a3c 2342->2347 2348 13d5a11-13d5a38 2342->2348 2344 13d59fe-13d5a00 2343->2344 2345 13d5a02-13d5a07 2343->2345 2344->2334 2345->2334 2351 13d5a43-13d5a45 2347->2351 2348->2351 2354 13d5a4b-13d5a4d 2351->2354 2355 13d5a47-13d5a49 2351->2355 2352 13d59a7-13d59b0 2352->2322 2358 13d5a4f-13d5a54 2354->2358 2359 13d5a56 2354->2359 2355->2334 2358->2334 2359->2334 2365->2292 2366->2292 2367->2277 2368->2277 2369->2352 2370->2352 2371->2352
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Hbq$Hbq
              • API String ID: 0-4258043069
              • Opcode ID: 63c570278fec4ad084cead2f239d4512770e43128110b38b48215fd2d62e0ed2
              • Instruction ID: a0d6eaac3110a07ffb91206f5c80ac95909dde787fafce936e767c667799ee83
              • Opcode Fuzzy Hash: 63c570278fec4ad084cead2f239d4512770e43128110b38b48215fd2d62e0ed2
              • Instruction Fuzzy Hash: C8B1BD327042548FDB269F7DE894B2A7BB6BF88318F158529E906CB391DB74C841CB91
              Function 06AC23E0 Relevance: 2.7, Strings: 2, Instructions: 239COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2373 6ac23e0-6ac23f3 2375 6ac23fc-6ac2410 2373->2375 2376 6ac23f5-6ac23f7 2373->2376 2379 6ac2416 2375->2379 2380 6ac2412-6ac2414 2375->2380 2377 6ac2480-6ac2483 2376->2377 2381 6ac2419-6ac241e 2379->2381 2380->2381 2382 6ac2425-6ac243f 2381->2382 2385 6ac2484-6ac24b7 2382->2385 2386 6ac2441-6ac2477 2382->2386 2391 6ac24b9-6ac24bb 2385->2391 2392 6ac24c0-6ac24e7 2385->2392 2386->2382 2400 6ac2479 2386->2400 2393 6ac25c4-6ac25cb 2391->2393 2401 6ac251e-6ac2520 2392->2401 2402 6ac24e9-6ac24ff 2392->2402 2400->2377 2403 6ac2529-6ac253d 2401->2403 2404 6ac2522-6ac2524 2401->2404 2402->2401 2411 6ac2501-6ac2518 2402->2411 2407 6ac253f-6ac2541 2403->2407 2408 6ac2543 2403->2408 2404->2393 2410 6ac2546-6ac2563 2407->2410 2408->2410 2416 6ac25cc 2410->2416 2417 6ac2565-6ac2568 2410->2417 2411->2401 2411->2416 2421 6ac25d1-6ac25e0 2416->2421 2417->2416 2418 6ac256a-6ac256e 2417->2418 2419 6ac25b0-6ac25bd 2418->2419 2420 6ac2570-6ac2576 2418->2420 2419->2393 2422 6ac2579-6ac2581 2420->2422 2427 6ac2640 2421->2427 2428 6ac25e2-6ac2604 2421->2428 2422->2421 2424 6ac2583-6ac2599 call 6ac2190 2422->2424 2435 6ac259b-6ac259d 2424->2435 2436 6ac25a7-6ac25aa 2424->2436 2429 6ac2648-6ac265a 2427->2429 2432 6ac260d-6ac262c 2428->2432 2444 6ac2607 call 6ac2670 2428->2444 2437 6ac265c-6ac265f 2429->2437 2438 6ac2661 2429->2438 2432->2429 2435->2436 2436->2416 2440 6ac25ac-6ac25ae 2436->2440 2441 6ac2664-6ac2669 2437->2441 2438->2441 2440->2419 2440->2422 2444->2432
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: LR^q$LR^q
              • API String ID: 0-4089051495
              • Opcode ID: c49cac92a635df3bd35aaffad87cc669722b73bb6d07b75774a30de1fb83b6b9
              • Instruction ID: e8f08665bb3b45ae9e857b93c26d29d1625edc78e8ce5720fdad1e17b2aed954
              • Opcode Fuzzy Hash: c49cac92a635df3bd35aaffad87cc669722b73bb6d07b75774a30de1fb83b6b9
              • Instruction Fuzzy Hash: C381A034B101068FCB48EF78C854A6E77F6EF88654B1581ADE506DB3A5DB34DD02CBA1
              Function 013D5C08 Relevance: 2.7, Strings: 2, Instructions: 230COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2445 13d5c08-13d5c15 2446 13d5c1d-13d5c1f 2445->2446 2447 13d5c17-13d5c1b 2445->2447 2449 13d5e30-13d5e37 2446->2449 2447->2446 2448 13d5c24-13d5c2f 2447->2448 2450 13d5e38 2448->2450 2451 13d5c35-13d5c3c 2448->2451 2454 13d5e3d-13d5e75 2450->2454 2452 13d5dd1-13d5dd7 2451->2452 2453 13d5c42-13d5c51 2451->2453 2456 13d5ddd-13d5de1 2452->2456 2457 13d5dd9-13d5ddb 2452->2457 2453->2454 2455 13d5c57-13d5c66 2453->2455 2475 13d5e7e-13d5e82 2454->2475 2476 13d5e77-13d5e7c 2454->2476 2463 13d5c68-13d5c6b 2455->2463 2464 13d5c7b-13d5c7e 2455->2464 2458 13d5e2e 2456->2458 2459 13d5de3-13d5de9 2456->2459 2457->2449 2458->2449 2459->2450 2460 13d5deb-13d5dee 2459->2460 2460->2450 2465 13d5df0-13d5e05 2460->2465 2466 13d5c6d-13d5c70 2463->2466 2467 13d5c8a-13d5c90 2463->2467 2464->2467 2468 13d5c80-13d5c83 2464->2468 2482 13d5e29-13d5e2c 2465->2482 2483 13d5e07-13d5e0d 2465->2483 2470 13d5c76 2466->2470 2471 13d5d71-13d5d77 2466->2471 2477 13d5ca8-13d5cc5 2467->2477 2478 13d5c92-13d5c98 2467->2478 2472 13d5c85 2468->2472 2473 13d5cd6-13d5cdc 2468->2473 2479 13d5d9c-13d5d9e 2470->2479 2487 13d5d8f-13d5d99 2471->2487 2488 13d5d79-13d5d7f 2471->2488 2472->2479 2480 13d5cde-13d5ce4 2473->2480 2481 13d5cf4-13d5d06 2473->2481 2484 13d5e88-13d5e8a 2475->2484 2476->2484 2515 13d5cce-13d5cd1 2477->2515 2485 13d5c9c-13d5ca6 2478->2485 2486 13d5c9a 2478->2486 2499 13d5da7-13d5da9 2479->2499 2489 13d5ce8-13d5cf2 2480->2489 2490 13d5ce6 2480->2490 2509 13d5d08-13d5d14 2481->2509 2510 13d5d16-13d5d39 2481->2510 2482->2449 2491 13d5e1f-13d5e22 2483->2491 2492 13d5e0f-13d5e1d 2483->2492 2493 13d5e8c-13d5e9e 2484->2493 2494 13d5e9f-13d5ea6 2484->2494 2485->2477 2486->2477 2487->2479 2495 13d5d81 2488->2495 2496 13d5d83-13d5d8d 2488->2496 2489->2481 2490->2481 2491->2450 2501 13d5e24-13d5e27 2491->2501 2492->2450 2492->2491 2495->2487 2496->2487 2506 13d5dbd-13d5dbf 2499->2506 2507 13d5dab-13d5daf 2499->2507 2501->2482 2501->2483 2513 13d5dc3-13d5dc6 2506->2513 2507->2506 2512 13d5db1-13d5db5 2507->2512 2519 13d5d61-13d5d6f 2509->2519 2510->2450 2521 13d5d3f-13d5d42 2510->2521 2512->2450 2516 13d5dbb 2512->2516 2513->2450 2517 13d5dc8-13d5dcb 2513->2517 2515->2479 2516->2513 2517->2452 2517->2453 2519->2479 2521->2450 2523 13d5d48-13d5d5a 2521->2523 2523->2519
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: ,bq$,bq
              • API String ID: 0-2699258169
              • Opcode ID: c7ad8ade19901fce5076f2813c31d94a9bdb93122e685d530e88b51a5db48fd2
              • Instruction ID: 7d8262703dd36c1d1f76b74cb37ed891b89f2316701ffdc02442e74dabb45c44
              • Opcode Fuzzy Hash: c7ad8ade19901fce5076f2813c31d94a9bdb93122e685d530e88b51a5db48fd2
              • Instruction Fuzzy Hash: 9A81A232A001058FDB14DF6DD888AAABBF6FF89219B148569D509DB361DB31EC41CB60
              Function 06AC9510 Relevance: 2.7, Strings: 2, Instructions: 209COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2565 6ac9510-6ac952f 2566 6ac96ea-6ac970f 2565->2566 2567 6ac9535-6ac953e 2565->2567 2572 6ac9716-6ac97b0 call 6ac9350 2566->2572 2571 6ac9544-6ac9599 2567->2571 2567->2572 2580 6ac959b-6ac95c0 2571->2580 2581 6ac95c3-6ac95cc 2571->2581 2613 6ac97b5-6ac97ba 2572->2613 2580->2581 2583 6ac95ce 2581->2583 2584 6ac95d1-6ac95e1 2581->2584 2583->2584 2622 6ac95e3 call 6ac96f0 2584->2622 2623 6ac95e3 call 6ac9500 2584->2623 2624 6ac95e3 call 6ac9510 2584->2624 2587 6ac95e9-6ac95eb 2588 6ac95ed-6ac95f2 2587->2588 2589 6ac9645-6ac9692 2587->2589 2592 6ac962b-6ac963e 2588->2592 2593 6ac95f4-6ac9629 2588->2593 2603 6ac9699-6ac969e 2589->2603 2592->2589 2593->2603 2605 6ac96a8-6ac96ad 2603->2605 2606 6ac96a0 2603->2606 2609 6ac96af 2605->2609 2610 6ac96b7-6ac96bc 2605->2610 2606->2605 2609->2610 2611 6ac96be-6ac96cc call 6ac91c4 call 6ac91dc 2610->2611 2612 6ac96d1-6ac96d2 2610->2612 2611->2612 2612->2566 2622->2587 2623->2587 2624->2587
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: (&^q$(bq
              • API String ID: 0-1294341849
              • Opcode ID: 83912fbb63f4e10ec3352e66a3ed65bdd839a29ca84cca6a996062764d309b12
              • Instruction ID: 84c6e672bbec60d2715f56d839e22a4e2431b7652e536f946dd8acf56c07b1f1
              • Opcode Fuzzy Hash: 83912fbb63f4e10ec3352e66a3ed65bdd839a29ca84cca6a996062764d309b12
              • Instruction Fuzzy Hash: 6E718231F006195BDB55EFB9C850AAEBBB2BFC8750F148429D406AB380DF349D46CB91
              Function 013D3428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: Xbq$Xbq
              • API String ID: 0-1243427068
              • Opcode ID: 499992d476215068d167270bd483c2f87ddb3fb1a4089a2597fe102d7aa9048b
              • Instruction ID: 2dadd358aa718159b3dfbc7f6b3b9b66c7d6166635006c8db7676d76b8380979
              • Opcode Fuzzy Hash: 499992d476215068d167270bd483c2f87ddb3fb1a4089a2597fe102d7aa9048b
              • Instruction Fuzzy Hash: D731E8F7B003198BDF1D5A7E699427E65EABBC4259F144439E906D3380DFB8CC408792
              Function 013D0C8F Relevance: 1.7, Strings: 1, Instructions: 403COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: LR^q
              • API String ID: 0-2625958711
              • Opcode ID: 70698151ee6620c8464f05be007e0fc15c1c3b0fb112dad9f1548bf19dc3e6ff
              • Instruction ID: c1091a0ccba6ea0d8bc6ad37e251d66eed06be12226c571859b378f4a5f43f16
              • Opcode Fuzzy Hash: 70698151ee6620c8464f05be007e0fc15c1c3b0fb112dad9f1548bf19dc3e6ff
              • Instruction Fuzzy Hash: BD22A974A0021ACFCB65DF65E998A9DBBB1FF48301F1085B9D809A7368DB386D85CF41
              Function 013D0CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: LR^q
              • API String ID: 0-2625958711
              • Opcode ID: e17929134a68c4ed991631d7ad6c226bc1a7e723444bf3b1d1e106eef29b1982
              • Instruction ID: 25af4494041850d0d7c4531b1c2826b1fd7703ea29d24567348146bdcfd5a39f
              • Opcode Fuzzy Hash: e17929134a68c4ed991631d7ad6c226bc1a7e723444bf3b1d1e106eef29b1982
              • Instruction Fuzzy Hash: 48229974A0021ACFCB65DF65E998A9DBBB1FF48301F1085B9D809A7368DB386D85CF41
              Function 05BE8174 Relevance: 1.6, APIs: 1, Instructions: 62libraryCOMMON
              Download Yara Rule
              APIs
              • LdrInitializeThunk.NTDLL(00000000), ref: 05BE82B6
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: 00826e14772586d46c8462a47fa3471691cda8776180c44dfbec3002775dcd6b
              • Instruction ID: 46d41a3585621c507769f0a93d3f327247fb018a862b49f6db30e257d16ee923
              • Opcode Fuzzy Hash: 00826e14772586d46c8462a47fa3471691cda8776180c44dfbec3002775dcd6b
              • Instruction Fuzzy Hash: CE112674E029099FDB04DBA8D594ABDBBF5FB88304F1882A5F804AB256D735AD41CB60
              Function 013DA650 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: (o^q
              • API String ID: 0-74704288
              • Opcode ID: d3e5911cc249145d58f71af25a0180326ded6cf4e0a294410dc1c486d510b232
              • Instruction ID: 20d29c34a2599d5046f1d6a3ae6952acffa74ff444f62bb689b448012891f536
              • Opcode Fuzzy Hash: d3e5911cc249145d58f71af25a0180326ded6cf4e0a294410dc1c486d510b232
              • Instruction Fuzzy Hash: 2141E536B002088FCB159F79D954AAE7BF6BFC8711F248469D916D73A1CE348C02CB90
              Function 013DA818 Relevance: .4, Instructions: 412COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 59b139d4dc3c8696eb30574fc6d2e414c57d64a2a587c8aba14ce791abb80104
              • Instruction ID: e7dd9eaabfb1d5df2b8c7a42eeeaebd8c1e29c74efb4dd996de44f5402096a70
              • Opcode Fuzzy Hash: 59b139d4dc3c8696eb30574fc6d2e414c57d64a2a587c8aba14ce791abb80104
              • Instruction Fuzzy Hash: 4EF13F76A002158FCB05CFADDA84A9DBBF6FF88314B1A8459E515EB361CB35EC42CB50
              Function 013D7438 Relevance: .2, Instructions: 201COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6efe4af75a6e00182c1436056232ee7558a422e277a5198c19c4200d3aeb7f1
              • Instruction ID: 1971f463aa8d188d0a652bb99ae5da1b054caf76060add3364c84a8f5176007a
              • Opcode Fuzzy Hash: b6efe4af75a6e00182c1436056232ee7558a422e277a5198c19c4200d3aeb7f1
              • Instruction Fuzzy Hash: 57714936700245CFDB26DF2DD888A697BE6AF49218F5900A9E906CB3B1DB30DC41CB91
              Function 013DCEC7 Relevance: .2, Instructions: 172COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 96e2d7633402b0fc9152a29e16d7fe70b475eda8913fd400de141325df08b7a3
              • Instruction ID: 6f753975e96bb652d8547ba85faf549f83a1ee34e3c34b40315a97954151fe76
              • Opcode Fuzzy Hash: 96e2d7633402b0fc9152a29e16d7fe70b475eda8913fd400de141325df08b7a3
              • Instruction Fuzzy Hash: 5251BF309213428FC3263FE6A6AC16ABFA8FB4F367B45AD64E00E85479CB705049CB11
              Function 013DCED8 Relevance: .2, Instructions: 167COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5a6a1ebfcd2ea447d73d34ba5f4f9e8076d18d2afc0262207620146c6af99c31
              • Instruction ID: a77553667689bcf9fca2afd30ec0f33aec488164b3776f83af4e84bd77b06867
              • Opcode Fuzzy Hash: 5a6a1ebfcd2ea447d73d34ba5f4f9e8076d18d2afc0262207620146c6af99c31
              • Instruction Fuzzy Hash: CE518E349613078FC3663FE6A6AC16ABFA8FB4F367B41AD24E10E8146D8B705449DB11
              Function 013DE2D9 Relevance: .2, Instructions: 154COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c16ecfbdeddb7c56defea3da4ab9a4e35c3464290bbe71d4d32bccd1910b118c
              • Instruction ID: 366899e9ad8d3b301b18c674a42ae9f91e362af491218ca5ec5ec1d45d54f69c
              • Opcode Fuzzy Hash: c16ecfbdeddb7c56defea3da4ab9a4e35c3464290bbe71d4d32bccd1910b118c
              • Instruction Fuzzy Hash: 26510374D01218DFDB15DFA5D854AAEBBB2FF48305F608529D809BB394DB389985CF40
              Function 013DCD10 Relevance: .1, Instructions: 138COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f2b861a0c833155897b2d22c645ad06f8464d00881a029399584084f4724a744
              • Instruction ID: f94b26c882b3ad2b9e39a173b9cb645c3507b8164a01e9e2e5cc3f39943cb4ed
              • Opcode Fuzzy Hash: f2b861a0c833155897b2d22c645ad06f8464d00881a029399584084f4724a744
              • Instruction Fuzzy Hash: F6519374E01218DFDB58DFA9D58499DBBF2FF89300F248169E809AB364DB30A945CF50
              Function 06ACDCC0 Relevance: .1, Instructions: 136COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 693c28e16253ab9b02d5befa0f84711295fb5dcded676c8c630842013e0552d9
              • Instruction ID: 162a3994b539c84526d8501a50d239b4a4aec6759dbbe8c0a4219b8587c199dd
              • Opcode Fuzzy Hash: 693c28e16253ab9b02d5befa0f84711295fb5dcded676c8c630842013e0552d9
              • Instruction Fuzzy Hash: 3B412C31902319CFDB14AFB4D45C7EE7BB5EB8A356F108839D106662A4CB781A44CFA5
              Function 013D3908 Relevance: .1, Instructions: 134COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c54470344f30b1deddd41356c5f4042fad64ded6ece22273fbd596cc5a4e0e6f
              • Instruction ID: 84002bd7d879e68b60d36c24950e7e1b71725d08b49e9baee39d1d6b76e0af81
              • Opcode Fuzzy Hash: c54470344f30b1deddd41356c5f4042fad64ded6ece22273fbd596cc5a4e0e6f
              • Instruction Fuzzy Hash: F2519375E01208CFCB48DFA9E49499DBBB2FF89304F209069E809AB364DB35AD45CF51
              Function 06AC9A49 Relevance: .1, Instructions: 132COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: baf85e9a7361dea3381410eb5114a8e3274c3d7ea5937a37d4d4687fe5576f2a
              • Instruction ID: 7994bcac2b90ffcc96fb5a2f537a7ce9ad0a4268413f801529e82048987b6934
              • Opcode Fuzzy Hash: baf85e9a7361dea3381410eb5114a8e3274c3d7ea5937a37d4d4687fe5576f2a
              • Instruction Fuzzy Hash: E751E275D01209DFDB54EFA9D5846EEBBF2FB88314F20802AD819B7294D7385A46CF50
              Function 013D9A63 Relevance: .1, Instructions: 124COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a474a00e36fddb85e711ed1b9e6830b4496c0e71286fb9ba9c6943f9d8152162
              • Instruction ID: 6eb8383d74c1f7f241a0de6507966ed49c88c5279bccb4ba3da1f10b08007b16
              • Opcode Fuzzy Hash: a474a00e36fddb85e711ed1b9e6830b4496c0e71286fb9ba9c6943f9d8152162
              • Instruction Fuzzy Hash: A741CF32A00249DFDF12CFA9E844B9DBFB6EF4931CF048555E915AB2A1D334E950CBA1
              Function 06AC9500 Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d8f0fc59c665b590866e5d3bb0c3d6966b680b43c6d10d7c04ff83613fcbe3d3
              • Instruction ID: cdc2306b9bd913730fbd5451ba2c582444dc676e0202cbc43f297d9095d19036
              • Opcode Fuzzy Hash: d8f0fc59c665b590866e5d3bb0c3d6966b680b43c6d10d7c04ff83613fcbe3d3
              • Instruction Fuzzy Hash: B6417E32E006099BDF54DFA5C880ADFBBF5BF88710F148129E415BB280EB70A946CB91
              Function 013D6730 Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b277524763df4b4da02c42ba4d37fdf644e60231644000d8ad2653108e2c199f
              • Instruction ID: 9f7da0fddb1886929592d912626a7a32a28a4d084c3c4b6ddd6207d4bd78ad4a
              • Opcode Fuzzy Hash: b277524763df4b4da02c42ba4d37fdf644e60231644000d8ad2653108e2c199f
              • Instruction Fuzzy Hash: 34410572A00208DFCF11CF69D905BAA7BF6FB44318F05846AE825DB251DB78DD45CB91
              Function 013DD7CE Relevance: .1, Instructions: 113COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 042f26f27a7c6ba130ed6c53bde0d23baf253499ac9c99618e0e7ec3c839384d
              • Instruction ID: 7f605ef77158000122eced25d5f2b4453ccbfbac0755f8dc65d690c71e8850c9
              • Opcode Fuzzy Hash: 042f26f27a7c6ba130ed6c53bde0d23baf253499ac9c99618e0e7ec3c839384d
              • Instruction Fuzzy Hash: 6E418572D01208CFCB15CFE8E4846ECBBB6FF49309F619169D41AAB295D7389842CF50
              Function 06AC9A58 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4bd6eb160655f8a0c0db7a2089c21df21bf8d0b128999ac63d278380740276c2
              • Instruction ID: 5ff03287624a6c64cb3fcf441b5701fcc9ad8e69be8164104ed480206f6be81d
              • Opcode Fuzzy Hash: 4bd6eb160655f8a0c0db7a2089c21df21bf8d0b128999ac63d278380740276c2
              • Instruction Fuzzy Hash: 2141D174E01208DFDB54EFA9D5846EEBBF2EF88304F10802AD809B7294DB385A46CF50
              Function 013DD76E Relevance: .1, Instructions: 107COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa014c6079eecf7852452f0a42ba8f1734b9915eea9d0e0984517086feb7a481
              • Instruction ID: eae5a4b5ac7ed6c6d8546a24e78f9d1c5d25ac5769b0130ee5aeaafbb25af837
              • Opcode Fuzzy Hash: fa014c6079eecf7852452f0a42ba8f1734b9915eea9d0e0984517086feb7a481
              • Instruction Fuzzy Hash: 37413072D01208CFCB11DFE8E4846EDBBB6FB49319F219169E409AB294D7389882CF50
              Function 013DD620 Relevance: .1, Instructions: 103COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 30e54931048c3ff8899aa4f198501778b71440af496c6ab29af2570e74587d52
              • Instruction ID: 35d88deacebe641b3474acb2b97a0e52bc6a4a3bc627f9396d4b1064f0a34010
              • Opcode Fuzzy Hash: 30e54931048c3ff8899aa4f198501778b71440af496c6ab29af2570e74587d52
              • Instruction Fuzzy Hash: 6E412471D01208CBDB04DFAAE444AEEFBB6BB89309F55D129D408BB294DB359845CF94
              Function 013D4DC8 Relevance: .1, Instructions: 101COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3764106861759f08a6275b40da12385f6455a7402313977b5b035de8c8fdc307
              • Instruction ID: ac3730f41c8104f0bd4df46622c80de2e15d37031c2b2adaafaa37d991c8aa99
              • Opcode Fuzzy Hash: 3764106861759f08a6275b40da12385f6455a7402313977b5b035de8c8fdc307
              • Instruction Fuzzy Hash: 8E31C57130420AAFCF169F69E454AAF3BA6FF48358F104425F909876A1CB38DC61CBD0
              Function 06ACDCB1 Relevance: .1, Instructions: 89COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3b20806d00f865046eb10ce7d5cddb94a3b46ac58b4f3c7420b7dd2833581b6c
              • Instruction ID: c9d4a2a9c82def94b89d7074cd286e316e92dd6a3a791d81ed7404c13485edb3
              • Opcode Fuzzy Hash: 3b20806d00f865046eb10ce7d5cddb94a3b46ac58b4f3c7420b7dd2833581b6c
              • Instruction Fuzzy Hash: 67314931C01209DFDB14AFB4D45C7EE7BB5EB8A31AF008839D5166A2A0CB781A45CF91
              Function 013D76E0 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d52bac356ec4b1dc8cf88b1bbea2eec83b1948ae5c64314d7964020fbcb60ae4
              • Instruction ID: e740d11eb42c26a8b736e6125340caa945f4af8ef1d8e464133069316ff72d90
              • Opcode Fuzzy Hash: d52bac356ec4b1dc8cf88b1bbea2eec83b1948ae5c64314d7964020fbcb60ae4
              • Instruction Fuzzy Hash: 4921F53A30020447EB26163AE854A3E369BAFC4B1CF154879D90ACB795EE35CC42D3C1
              Function 013DA809 Relevance: .1, Instructions: 87COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8a70ef7cbe6b594ea83ae3964644e84e75f53127e069d08b7bd02f9763495be7
              • Instruction ID: e6236337ba8193370abf6c00f0099130ea346494bbf9ec8b1ad9ef9c886d32bc
              • Opcode Fuzzy Hash: 8a70ef7cbe6b594ea83ae3964644e84e75f53127e069d08b7bd02f9763495be7
              • Instruction Fuzzy Hash: B731E572A002098FCB04DF6DD984AAEBBF6FF84764B258519E515D73A1CB34DC42CB90
              Function 013DDF79 Relevance: .1, Instructions: 85COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f12700f2cf4ae56b1489f94ad5939c734c320f65711d35115dec3f8a2c494f90
              • Instruction ID: e7e74d3eccaff927fcd8fd3983b7c6b4e9292f29ebeedf8defc5117d8ce8cc2c
              • Opcode Fuzzy Hash: f12700f2cf4ae56b1489f94ad5939c734c320f65711d35115dec3f8a2c494f90
              • Instruction Fuzzy Hash: 6821AC72E002088BDB08DFAAE8046EEBBFAEBC9314F54D435C504BB2A4DB7485498A50
              Function 013D2060 Relevance: .1, Instructions: 77COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6d9db6f794461e74fb519d3f92f89ef6eb0e12281bdc5a3fa63f3a83b6d7347
              • Instruction ID: e28d9ee925fc29a907cb8fd80562c68aa75af102a66049a905aac13f4c73305f
              • Opcode Fuzzy Hash: b6d9db6f794461e74fb519d3f92f89ef6eb0e12281bdc5a3fa63f3a83b6d7347
              • Instruction Fuzzy Hash: 0821B076A001059FCB14DF38D4409AF77AAEB99258F10C06DE84A9B240DA39EE42CBD2
              Function 013D5A70 Relevance: .1, Instructions: 74COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: abacc8a798dac072106d80923fdb07e99de224e9122eb24fd7cfed94fb3dfdf4
              • Instruction ID: e004a1748d4250f889fe5607ef63908b37e407a5115330df603ea4b866fd8ca2
              • Opcode Fuzzy Hash: abacc8a798dac072106d80923fdb07e99de224e9122eb24fd7cfed94fb3dfdf4
              • Instruction Fuzzy Hash: DC21F6367016218FE3269B29E49492EB7A6FB84759B154179E906DB354CF34DC02CBC1
              Function 0136D044 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4087981056.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_136d000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b6432941771e95748bca271df20955bfc37504bf39447bb50bfd28fc9dd2dcc8
              • Instruction ID: 95c6e97e59b75fb61778e27d244cff1ecccdcaccac29576aed76fc1ee07bd288
              • Opcode Fuzzy Hash: b6432941771e95748bca271df20955bfc37504bf39447bb50bfd28fc9dd2dcc8
              • Instruction Fuzzy Hash: 322125B1604204EFCB11CF58C9C4B26BBA9FB84318F20C96DE88A4B34AC736D446CA61
              Function 013D215C Relevance: .1, Instructions: 70COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fa07e3a9d053cda880fe736d0f5e2d81d8df6ef0fb273fae79d3cbe9a8477bd2
              • Instruction ID: 7a5bcb01ac957b3629e217ed9f0ad8e8a4ae91105b950a0066b4c13f2f88930a
              • Opcode Fuzzy Hash: fa07e3a9d053cda880fe736d0f5e2d81d8df6ef0fb273fae79d3cbe9a8477bd2
              • Instruction Fuzzy Hash: EA119532E043495FCB0197B8AC104DFBF34FF89214B15C797D556B7091E5351806C391
              Function 013D4DB9 Relevance: .1, Instructions: 68COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 580fb89e4670eb0f2d7fe264cfd6c9bb2f7eb55995615823764374122b7ff653
              • Instruction ID: d86fa990f6a176af5eed413f296a3a562bde4bac4f54fbd9300345a6ad619ed3
              • Opcode Fuzzy Hash: 580fb89e4670eb0f2d7fe264cfd6c9bb2f7eb55995615823764374122b7ff653
              • Instruction Fuzzy Hash: 9D21D572208209AFCB169F69E454B6B3BA6FB44718F104435F9098B691CB38DC51CBE0
              Function 06AC96F0 Relevance: .1, Instructions: 66COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb38af36f56a5823b7932d7b15fc427372c54ae8ccfb76001f85f9f992e5854d
              • Instruction ID: 6c3b37f6a114294ed942ff680d4c080a7402fdc3b4f15eb81aa774278e6885f0
              • Opcode Fuzzy Hash: cb38af36f56a5823b7932d7b15fc427372c54ae8ccfb76001f85f9f992e5854d
              • Instruction Fuzzy Hash: E11101367042A45FCB469FBC586456E3FA3EFC93507444469D906DB381CF384D02C792
              Function 013DD60F Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 056c3e1ddd84cf8e2475988f33bd0ced2e1f54b9bca2db2dee6ac73524e2d02d
              • Instruction ID: 7212028f96497c8f93082327f582065ee62c635a147c4bc6554c7be819dca7d2
              • Opcode Fuzzy Hash: 056c3e1ddd84cf8e2475988f33bd0ced2e1f54b9bca2db2dee6ac73524e2d02d
              • Instruction Fuzzy Hash: D2115B72D006088BDB09CFEBE8056EDBBF6EBC9314F58D025D418B72A5DB7485468FA4
              Function 06ACE0C0 Relevance: .1, Instructions: 62COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cfc9fe9061bb0dc4486b5c73b09bcca6e9a28da8d4956a10406f4efd1cccc8a8
              • Instruction ID: a29d315c4d0af08dbf94f61d6317734231e51ad3ac275406fa373110a44398a2
              • Opcode Fuzzy Hash: cfc9fe9061bb0dc4486b5c73b09bcca6e9a28da8d4956a10406f4efd1cccc8a8
              • Instruction Fuzzy Hash: 1C1104307042548FD7051B7E58546BBBAEBBFDA321B14847BE546C3296CE388C068370
              Function 013DE201 Relevance: .1, Instructions: 57COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 114fc34af5b3c1070062366f47bbf025e06198006bcfdb0f663965a0d88bea54
              • Instruction ID: 098d503b6e09f81d08cd8fd7ef6c38343119fd69bcb0b8a5f680e9ce071fee0e
              • Opcode Fuzzy Hash: 114fc34af5b3c1070062366f47bbf025e06198006bcfdb0f663965a0d88bea54
              • Instruction Fuzzy Hash: 1F213D70D002099FDB45EFB9D54069EBFF2FB44305F10C9BAD018AB354EB785A858B81
              Function 013D1F61 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52b208b01277e02a20108dd1217fdc235a7bfbcd868797d5f1ae5302ec96ef82
              • Instruction ID: f9bf59f9a32e15a9540f0312b39d12877be8847141b88a6fbb3645c46ae1fdd7
              • Opcode Fuzzy Hash: 52b208b01277e02a20108dd1217fdc235a7bfbcd868797d5f1ae5302ec96ef82
              • Instruction Fuzzy Hash: 8E2114B5C0060A8FCB01EFA9DA456EEBBF5FF49300F10916AD805B2214EB305A45CBA1
              Function 06AC2670 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4220a4b04b98719d3438b9b2da1245fee3c6459920e560b3b0f1314f97112cf5
              • Instruction ID: 55173e777c22fbaa10316aaf2e8835efb9279c692e7b586d902d2fd016147bcf
              • Opcode Fuzzy Hash: 4220a4b04b98719d3438b9b2da1245fee3c6459920e560b3b0f1314f97112cf5
              • Instruction Fuzzy Hash: 1111A175A102118FC790EF7CE508A9E7BF4EF886257100069E80ADB322DB35CD058FA0
              Function 06AC9350 Relevance: .1, Instructions: 55COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a0b077835f0374054c70bd410ef2246a5e9d7f55107b1c6a2e77df532270107
              • Instruction ID: 70ca847384ebb58de3a705e46f6ca01b2dd00b6114eeb6e18f9c57fa049761c6
              • Opcode Fuzzy Hash: 9a0b077835f0374054c70bd410ef2246a5e9d7f55107b1c6a2e77df532270107
              • Instruction Fuzzy Hash: 961153B2800349DFCB10DF99C844BEEBFF4EB48320F108419EA18A7211C339A954DFA5
              Function 013DE208 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fdf83bfd2e051d667f9e15a1b5a219b672aa2f1450e71dfcd6ed27dae7f73d69
              • Instruction ID: f9f36085b7013cb3d76daedc2dde41d746e72250455a86b52920833309a8a9d6
              • Opcode Fuzzy Hash: fdf83bfd2e051d667f9e15a1b5a219b672aa2f1450e71dfcd6ed27dae7f73d69
              • Instruction Fuzzy Hash: 8E113A70D002099FDB45EFB9D580A9EBFF2FB44305F00C5BAD018AB254EB345A858B81
              Function 06AC8EC1 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1dcc4cecc0bd5cfe151fd798afe35746cfd079bf0573e15f5237142c170e8325
              • Instruction ID: efa7f17d11b2a0bb86f1dfb7a2e2ffc7f810553c36f199f42d26df7dff42b2ef
              • Opcode Fuzzy Hash: 1dcc4cecc0bd5cfe151fd798afe35746cfd079bf0573e15f5237142c170e8325
              • Instruction Fuzzy Hash: F3112E34E011498FEB00DFE8D860BAEBFF2BF49325F019065E808AB348E635D9418B91
              Function 06AC9999 Relevance: .1, Instructions: 54COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aff8d0a5680688d5912e245cf90063ecdb5a0778b039ac4f0ba2b145ce5d5e46
              • Instruction ID: 0cdf974848231ba2b8aa9a2441e59bcf47e022194b17615e24a8171d94a58e29
              • Opcode Fuzzy Hash: aff8d0a5680688d5912e245cf90063ecdb5a0778b039ac4f0ba2b145ce5d5e46
              • Instruction Fuzzy Hash: 6A1164B6800249DFCB10DF99C945BDEBFF4EB48320F14841AE628A7250C339A554DFA0
              Function 013D5607 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d483b0540e75c2df144f975c9a8c7729fb1c9cddac033d9881e0cc5f92c0d6fa
              • Instruction ID: 224febba4f57b4b7f41ad9cbf9f4b05a4c0da8fed6a26be55545a4f79c2f08fb
              • Opcode Fuzzy Hash: d483b0540e75c2df144f975c9a8c7729fb1c9cddac033d9881e0cc5f92c0d6fa
              • Instruction Fuzzy Hash: 6B01FE327042056FCB038E69A810ADE7BB7DFD9760B298066F505D7290CA758C0287A1
              Function 013D1F08 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: eeef9d43a17bee71e70efb0400681feb7feea5bf03343bf58211fcec3a345fd0
              • Instruction ID: 7100768a5abbbfa2d18360d7d739ddcd2aa88436836076f9a881445caa7b8e0a
              • Opcode Fuzzy Hash: eeef9d43a17bee71e70efb0400681feb7feea5bf03343bf58211fcec3a345fd0
              • Instruction Fuzzy Hash: C02147B5C0460A8FCB12EFA8D5485EEBFF0BF4A314F1442AAD545B7264EB301A85CB91
              Function 0136D03F Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4087981056.000000000136D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0136D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_136d000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
              • Instruction ID: b219de3c22684e17e4f71bd39700bb33b1bf5da659f8d6845a95bf98fd982f0a
              • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
              • Instruction Fuzzy Hash: 9811BB75604284CFDB12CF54C9C4B15BFA2FB84328F24C6A9D8894B296C33AD44ACB62
              Function 06AC25E8 Relevance: .0, Instructions: 37COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d06517085260ce7fe0493d3044e21f1861e57d0b2c410f37220e85a5acf4f14b
              • Instruction ID: 15e6c5629d97760c41ab344c62730f5d044258e07372b3be2f20c425c9c4059d
              • Opcode Fuzzy Hash: d06517085260ce7fe0493d3044e21f1861e57d0b2c410f37220e85a5acf4f14b
              • Instruction Fuzzy Hash: 5301F670E002198FCF44EFB9C8006AEBBF5EF88210F10816AD419E7250E7385A018BA1
              Function 013DD449 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9a26604e241d9d96008efe2d633c0459fbf728016020ad3426aab35f1c4b31aa
              • Instruction ID: dcd4d1636783174bc60797c01102dc23192d198a95ac4e1e36e5cee19d4118d7
              • Opcode Fuzzy Hash: 9a26604e241d9d96008efe2d633c0459fbf728016020ad3426aab35f1c4b31aa
              • Instruction Fuzzy Hash: 90E06832D88209ABD7009A99FC1A3FAB7FCE78A324F40A434D100F3294DF79A0158B90
              Function 013DDEB0 Relevance: .0, Instructions: 32COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 032d08c8cb56f4d44c8b5723bee3a03f55b517c7b7e04bbad30f938427c26e18
              • Instruction ID: 688c365914cd2e4e011014bbdc54c64a27b443e638419efad6ae7aa334ebd997
              • Opcode Fuzzy Hash: 032d08c8cb56f4d44c8b5723bee3a03f55b517c7b7e04bbad30f938427c26e18
              • Instruction Fuzzy Hash: DAF03A71E11225CFCB84EFBCD44456E77F4AF0821472144A9D40DDB361EB30D9018BD1
              Function 013DDF08 Relevance: .0, Instructions: 29COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cf1520e6a3e9e7e44759705eeef8984ac5514499359f8678d2c2f6bf8a6dfee6
              • Instruction ID: b6a2d0c536cfaf771bfb993ddaff4f881457f9cdeca08a68ee6c15ff29a325bb
              • Opcode Fuzzy Hash: cf1520e6a3e9e7e44759705eeef8984ac5514499359f8678d2c2f6bf8a6dfee6
              • Instruction Fuzzy Hash: 33E06831C003048BCB50CEACF4182FEB7F8EBC6310F009879C104B2160CBB440098B40
              Function 013DD4B4 Relevance: .0, Instructions: 27COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9be1f7f79bad42942f3640677c27acbb8cf27f4a7ea20515742a8d9ec8e84513
              • Instruction ID: f97f9841356765eb808b2f4692ed3a6ee1956167689bb2c38befeba370903ae0
              • Opcode Fuzzy Hash: 9be1f7f79bad42942f3640677c27acbb8cf27f4a7ea20515742a8d9ec8e84513
              • Instruction Fuzzy Hash: 85E0D893C09140DBD3114BEA74160B4BF74DEE73157846097D089A75A5D6249116D701
              Function 013D2010 Relevance: .0, Instructions: 25COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48537b51ba2591a02624479c3c1c50ea3e3a71b757b84f8edca90b28bf2dd787
              • Instruction ID: a88e8d934ae9aa702c3a7182746c3e4c8fcb80ad76b716f7d62c7319c3457886
              • Opcode Fuzzy Hash: 48537b51ba2591a02624479c3c1c50ea3e3a71b757b84f8edca90b28bf2dd787
              • Instruction Fuzzy Hash: 00E08636D1122B63CB00EAB5DD55ADFB73CEF92654F444522E46432141FF70665A82E2
              Function 013D2020 Relevance: .0, Instructions: 19COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 00afce953213093c65a595b1605859e4a3af8f43571f214f4b26b216e442512a
              • Instruction ID: 38500f3bade9f6392afe9a83f925e0f025d31839c3fe1b8d4446b912d8b1d3f2
              • Opcode Fuzzy Hash: 00afce953213093c65a595b1605859e4a3af8f43571f214f4b26b216e442512a
              • Instruction Fuzzy Hash: 72D01231D2022A578B00AAA5DC044EEB738EE95665B504626D55437140EB70665986A2
              Function 013D8258 Relevance: .0, Instructions: 18COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
              • Instruction ID: 50a526704099d5eb7b7192dc2cf45fdae629a86e0146b3a391aea53ba68e20a2
              • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
              • Instruction Fuzzy Hash: E0C08C3720D1282AE736108F7C41EB3BB8CC3C13F8A2501B7F91CE3200A842AC8001F8
              Function 013DA70D Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e85868c2613386ae278639cb1e75f79e83d853bdcf04275e63e1890f7bb1fc4a
              • Instruction ID: 6ae07b4bb8360dc98066de947872e8f3786d30a1cb9076d47c9515e9eb4b92f5
              • Opcode Fuzzy Hash: e85868c2613386ae278639cb1e75f79e83d853bdcf04275e63e1890f7bb1fc4a
              • Instruction Fuzzy Hash: 82D0173BB000089FCB008F98E8408DDB7B6FB9C221B008016E911A3260C6319821CB50
              Function 013D5EA8 Relevance: .0, Instructions: 16COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15ff380434056cfa5c358c089c0f6ff682b0b26ac9a93a6d55ff87ef9f9b421f
              • Instruction ID: d7455d92c5b3be3859875b5238e4c31edab54a0d88725fe72d50c8845a5168db
              • Opcode Fuzzy Hash: 15ff380434056cfa5c358c089c0f6ff682b0b26ac9a93a6d55ff87ef9f9b421f
              • Instruction Fuzzy Hash: 76D02B705083424FC726F734E9654593B75FBD1306F2045A5EC054701AD97C1CCA8B10
              Function 013D5EB8 Relevance: .0, Instructions: 12COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3a694880e975d8c3a8ba4752fc78f559bc1b955d50aee7db5946e9b929a3ce8f
              • Instruction ID: 41089d763e0d9d1bf27c49c83f373df34d57eb5ac78aa72efc87c5598c489f94
              • Opcode Fuzzy Hash: 3a694880e975d8c3a8ba4752fc78f559bc1b955d50aee7db5946e9b929a3ce8f
              • Instruction Fuzzy Hash: DDC0127010431A4BC655FB75EA55955376AF7D0306F504920B50D07119DE7C2DC44790

              Non-executed Functions

              Function 06AC2809 Relevance: 12.9, Strings: 10, Instructions: 420COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: "$Hbq$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q
              • API String ID: 0-2450740202
              • Opcode ID: 22e7575f0f37d4187123ef4dcfb1283a7c420b4c38de4cd934493bc36f88bd32
              • Instruction ID: 5871210906493cdc6ff4d5dc756ed276a2c928a45fedf816883c030b1c887fb7
              • Opcode Fuzzy Hash: 22e7575f0f37d4187123ef4dcfb1283a7c420b4c38de4cd934493bc36f88bd32
              • Instruction Fuzzy Hash: 3F12C2B4E012188FDB68DF69C954B9DBBF2BF89304F2080A9D909AB351DB355E85CF50
              Function 06AC2807 Relevance: 12.9, Strings: 10, Instructions: 387COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: "$Hbq$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q
              • API String ID: 0-2450740202
              • Opcode ID: 22a8f61972dc0892a9072243fe9edefbcb323d475b188129a047104d84d7decd
              • Instruction ID: 5b8c678a421a3730c1cf16447172d5cc246ff98e08c4852a1fcccbd7ca99d62b
              • Opcode Fuzzy Hash: 22a8f61972dc0892a9072243fe9edefbcb323d475b188129a047104d84d7decd
              • Instruction Fuzzy Hash: 5812B1B4E012188FDB68DF69C954B9DBBF2BF89300F2080A9D909AB351DB355E85CF50
              Function 06AC28B0 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: "$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q$PH^q
              • API String ID: 0-4051960142
              • Opcode ID: 54b052c48521285cc560a47df48bc32eca3e856d4062d68bb126e6c3720255d0
              • Instruction ID: fcd3311c9b23e9b4b1c729d745e804fcac0e936d915dc004e832f065537fbfe2
              • Opcode Fuzzy Hash: 54b052c48521285cc560a47df48bc32eca3e856d4062d68bb126e6c3720255d0
              • Instruction Fuzzy Hash: D3329D74E01218CFDB68DF69C984B9DBBB2BF89310F1080A9D809AB361DB755E85CF10
              Function 013DE528 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: .5vq
              • API String ID: 0-493797296
              • Opcode ID: 1e6c249a8e3336543b0d363ebbb7ec873390e34c8321009bfd30c683aeeb358f
              • Instruction ID: f0c632315533eb0f419b6a83b11959dbc99e69b426801ed12f9d18440627d74f
              • Opcode Fuzzy Hash: 1e6c249a8e3336543b0d363ebbb7ec873390e34c8321009bfd30c683aeeb358f
              • Instruction Fuzzy Hash: FE52BB75E01229CFDB64DF69D884B9DBBB2BB88304F1085EAD409AB354DB359E81CF50
              Function 05BEF1B8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 055a711c61650f52d216d55f245ad312039ffc11d4177a6a9464c88871a81ea6
              • Instruction ID: 9d452d52c9e79b87f495564fff76dffc16e81e55a62f2a8486045b5b9224acfe
              • Opcode Fuzzy Hash: 055a711c61650f52d216d55f245ad312039ffc11d4177a6a9464c88871a81ea6
              • Instruction Fuzzy Hash: 3CC1A074E01218CFDB14DFA9C994BADBBB2BF89305F2480A9D409AB354DB356E81CF50
              Function 05BEBD98 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0df7ed02ddd2b8a5da19c9c25cf4a21268dd8c98aa96e8a37c646b06081c4c4d
              • Instruction ID: 43439f6b57a3b6db06035f27437d103a4df7b1b20dc374332cc627020fa6914d
              • Opcode Fuzzy Hash: 0df7ed02ddd2b8a5da19c9c25cf4a21268dd8c98aa96e8a37c646b06081c4c4d
              • Instruction Fuzzy Hash: A4C1A074E01218CFDB14DFA9C994B9DBBB2BB89304F2480A9D409AB354DB396E81CF50
              Function 05BEC1F0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: cb6f81b5b2e47d89ffe14e339f8d871498500bcac06d62e2889cd51e007ba470
              • Instruction ID: bff8a696275c3c22d780ff0b6cdae64c2db150ef403946015743b148ef495688
              • Opcode Fuzzy Hash: cb6f81b5b2e47d89ffe14e339f8d871498500bcac06d62e2889cd51e007ba470
              • Instruction Fuzzy Hash: 9DC1AF74E01218CFDB54DFA9C954BADBBB2BF89305F2480A9D409AB354DB35AE81CF50
              Function 05BE11C0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d9dd9bc41e472e217084588776de22501671d54c95602ca2d5a2b63a0bf3c5f
              • Instruction ID: 04d28cc1f4fc226413b755f33a1818979940b5694e6764a0213662f9e53c9b08
              • Opcode Fuzzy Hash: 5d9dd9bc41e472e217084588776de22501671d54c95602ca2d5a2b63a0bf3c5f
              • Instruction Fuzzy Hash: B2C19D74E01218CFDB14DFA9D954B9DBBB2FB89305F2481AAD809A7364DB349A85CF10
              Function 05BEE908 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1982af8a27effbaf9cd09715aabcea19244e0039d4e24e59a4e2e2f24532a87a
              • Instruction ID: 84a1e1860ef5554564a069904c242aa1a7f613d3e9fae8e759ee6b954383e2e0
              • Opcode Fuzzy Hash: 1982af8a27effbaf9cd09715aabcea19244e0039d4e24e59a4e2e2f24532a87a
              • Instruction Fuzzy Hash: 17C1A074E01218CFDB14DFA9C954B9DBBB2BF89304F2480A9D809AB354DB34AD85CF50
              Function 05BE0900 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f56a8ae0aa390a664f314e4bc13243ae4ec5f8993639cd6a0f3a522e049274b0
              • Instruction ID: c67243bc897400341d7fddfbc645f3d93d13bdf4a5b1a0f4c397cd98a09901fe
              • Opcode Fuzzy Hash: f56a8ae0aa390a664f314e4bc13243ae4ec5f8993639cd6a0f3a522e049274b0
              • Instruction Fuzzy Hash: CEC19D74E01218CFDB14DFA9D954B9DBBB2FB89305F2080A9D809A7364DB349E81CF10
              Function 05BEED60 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c0c225e736b410d0e1562a22af49fb53d2b57c0fa2d1b338b76897ad3f07b093
              • Instruction ID: f81a1f1d5372e6916d6d5c1d3971a1b7d376ca4178f17dcab61988ef975541c1
              • Opcode Fuzzy Hash: c0c225e736b410d0e1562a22af49fb53d2b57c0fa2d1b338b76897ad3f07b093
              • Instruction Fuzzy Hash: ADC1AF74E01218CFDB54DFA9C954BADBBB2BB88304F2480A9D409AB354DB35AE81CF50
              Function 05BE0D60 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 82a9a42ccbc36ed9bb75fae22e8c838afe47eddd1a727474a2a18565cb79db55
              • Instruction ID: 575ebd8042b2969c75367efbca1f60350a5685963a61e6a8831f73b17a40fb91
              • Opcode Fuzzy Hash: 82a9a42ccbc36ed9bb75fae22e8c838afe47eddd1a727474a2a18565cb79db55
              • Instruction Fuzzy Hash: AAC19E74E01218CFDB14DFA9D954B9DBBB2FB89301F2480A9D809A7364DB395E81CF51
              Function 05BEB940 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ae1230d6387a417fa6538ab707b645f4d5069e46f7f2f52bb17afc767887a98c
              • Instruction ID: aaf2eeae3aecc2262d431c4d5b0ee8478cc5f434cf73e56a21be90a5333d7fab
              • Opcode Fuzzy Hash: ae1230d6387a417fa6538ab707b645f4d5069e46f7f2f52bb17afc767887a98c
              • Instruction Fuzzy Hash: 13C1AF74E01218CFDB54DFA9D954B9DBBB2FB88305F2480A9D809AB354DB396E81CF50
              Function 05BEE4B0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7a5fa118d64831fbe2a8ad15f45d1bff6b9f939f76c3e580dbb433a922e0e35d
              • Instruction ID: 422b50cc132a6574b8a88cf8db41982d331130b83ed43da449e677f797e7ed07
              • Opcode Fuzzy Hash: 7a5fa118d64831fbe2a8ad15f45d1bff6b9f939f76c3e580dbb433a922e0e35d
              • Instruction Fuzzy Hash: 3AC1A074E01218CFDB54DFA9C954BADBBB2BF89304F2481A9D409AB354DB35AE81CF50
              Function 05BE04A0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68b47f9e573c400cfe9d1b83ad3819a48cea2a9142fa74b4f63e8b324a078714
              • Instruction ID: 3e9e2923a60b383191fa324a4bd52aa7a5452a3bbf16f7d1057df7d69ca9b9df
              • Opcode Fuzzy Hash: 68b47f9e573c400cfe9d1b83ad3819a48cea2a9142fa74b4f63e8b324a078714
              • Instruction Fuzzy Hash: 53C19E74E01218CFDB54DFA9D954BADBBB2FB89301F2081A9D809A7364DB359E81CF50
              Function 05BEB4E8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1270f0be609550206a33e520b94857d07f757b0fe7dea372fb865f099052d62c
              • Instruction ID: 7f1fd34519140e57daace4ce4b5eb4a41e00f73701f284f42f9b1bd1712cd86a
              • Opcode Fuzzy Hash: 1270f0be609550206a33e520b94857d07f757b0fe7dea372fb865f099052d62c
              • Instruction Fuzzy Hash: 3FC19F74E01218CFDB14DFA9C954BADBBB2BB89305F2480A9D409AB354DB356E85CF50
              Function 05BEDC00 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 440aca250af10a569324004036dcbd451b56e1b63cb79fac833de992ee2936c7
              • Instruction ID: 0c4884188bc9728964924ee1340d7240d615cade71bec6c7f3ec7c9f8d9b7e15
              • Opcode Fuzzy Hash: 440aca250af10a569324004036dcbd451b56e1b63cb79fac833de992ee2936c7
              • Instruction Fuzzy Hash: C4C19F74E01218CFDB54DFA9C994B9DBBB2FB89305F2480A9D409AB354DB35AE81CF50
              Function 05BEE058 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 76b032166a2159eb8c898f7d3b96175d39a9dcb4fceac09a226f26557be75c41
              • Instruction ID: 5f747cdb885d4e0458831c588175a27eadff05459dc4a183a29d9b9e977c027d
              • Opcode Fuzzy Hash: 76b032166a2159eb8c898f7d3b96175d39a9dcb4fceac09a226f26557be75c41
              • Instruction Fuzzy Hash: 23C1AF74E01218CFDB14DFA9C954B9DBBB2FB89305F2480A9D409AB354DB39AE85CF50
              Function 05BE0040 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f29d354b813ff93034ee255f09fa5cd30d0b7f910aab65346b874a3658e2138c
              • Instruction ID: 712a430477a303d05b37199f007f7e1f3d82827376ebf769a2d8e7227a9e43fa
              • Opcode Fuzzy Hash: f29d354b813ff93034ee255f09fa5cd30d0b7f910aab65346b874a3658e2138c
              • Instruction Fuzzy Hash: F2C19E74E01218CFDB14DFA9D954B9DBBB2FB89301F2480A9D809AB364DB385E85CF11
              Function 05BED7A8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0c406783db0c0dac80d4d9cd8fce0935e416fcadad94aeadfa506c911fde324b
              • Instruction ID: 718f9d27dc2068b0a19312a72e5d3f3fe8c2bb8b4344a95d049796a9cc21142e
              • Opcode Fuzzy Hash: 0c406783db0c0dac80d4d9cd8fce0935e416fcadad94aeadfa506c911fde324b
              • Instruction Fuzzy Hash: 51C1A074E01218CFDB14DFA9C954BADBBB2BF89304F2480A9D409AB354DB396E81CF50
              Function 05BED350 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b324649da7ab4a981e53a4b1c7b58eaa65d76375b007887441ad191d29c9c5c2
              • Instruction ID: 7771e7e0f5f71ceff0934c025abb472586a477a0db5e4ddccbc1f749f99de96c
              • Opcode Fuzzy Hash: b324649da7ab4a981e53a4b1c7b58eaa65d76375b007887441ad191d29c9c5c2
              • Instruction Fuzzy Hash: B8C19074E01218CFDB54DFA9C994B9DBBB2BF89305F2480A9D409AB354DB356E81CF50
              Function 05BECAA0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bd78280bc47891579ee087dc5515182b058f49923766e1ed888517140f671fdb
              • Instruction ID: 11677cc00431336d6eda3301ddea0786987d21815975749c88da681a8a604abb
              • Opcode Fuzzy Hash: bd78280bc47891579ee087dc5515182b058f49923766e1ed888517140f671fdb
              • Instruction Fuzzy Hash: 0FC1AF74E01218CFDB54DFA9C954BADBBB2BF89304F2480A9D409AB354DB396E81CF50
              Function 05BECEF8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 669fa21185ab97694bdada9e8d882fe221077f973c08aef88c77c75ed6796c73
              • Instruction ID: cebbd6cc3703f862d279447d5e26447167b7db71fb8868b9c0323f3cc9c1478b
              • Opcode Fuzzy Hash: 669fa21185ab97694bdada9e8d882fe221077f973c08aef88c77c75ed6796c73
              • Instruction Fuzzy Hash: 26C1A074E01218CFDB14DFA9C954B9DBBB2BF89305F2480A9D809AB354DB35AE85CF50
              Function 05BEF610 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 197fdcb504a78dbf073565e2ce7ffc206670b5c00d61b961e670f8a702d68fc2
              • Instruction ID: 4d3e0924df619b6f5712c196cd5c384b81558297d17202e26d83dbfcc697bcc3
              • Opcode Fuzzy Hash: 197fdcb504a78dbf073565e2ce7ffc206670b5c00d61b961e670f8a702d68fc2
              • Instruction Fuzzy Hash: 1FC1A074E01218CFDB14DFA9D954BADBBB2BF88305F2480A9D809AB354DB356E81CF50
              Function 05BEFA68 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e72b4e055e85ec32bede5d1f13f6ee7c07107a56eed3658a9a732bbe71e0e903
              • Instruction ID: 8b5d34db45f4e607f40f5b6a4eab6e85bde288641e8815a69487cf61b895de7b
              • Opcode Fuzzy Hash: e72b4e055e85ec32bede5d1f13f6ee7c07107a56eed3658a9a732bbe71e0e903
              • Instruction Fuzzy Hash: 88C1AF74E01218CFDB54DFA9C954BADBBB2FB89304F2480A9D809AB355DB356E81CF50
              Function 06AC5EC8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 084493c44a8c8467660a940834bfd297926ba40082ae2bb6e7221edb3782b07c
              • Instruction ID: 12b8093c67d0c8832724ef274ee40608b1812a5db29b59c64fa2b172fab3f9db
              • Opcode Fuzzy Hash: 084493c44a8c8467660a940834bfd297926ba40082ae2bb6e7221edb3782b07c
              • Instruction Fuzzy Hash: BCC1AF74E01218CFDB54DFA9C994B9DBBB2BF89305F2080A9D809AB354DB395E85CF50
              Function 06AC5618 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c1f86ebb01684035b9067f054cd87f812aa2294eda3c586a387075133f6d3a98
              • Instruction ID: 0e983e3969d29cf9842429c5da3e983b8a3e8ca9ee198d2b733d17254bc57e36
              • Opcode Fuzzy Hash: c1f86ebb01684035b9067f054cd87f812aa2294eda3c586a387075133f6d3a98
              • Instruction Fuzzy Hash: 42C1AF74E01218CFDB54DFA9C994B9DBBB2BF89305F2080A9D409AB354DB396E81CF50
              Function 06AC5A70 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 37cf7df5d4b063b0bfc9a0889baef8fea297a1c342bea3f751a96ed205f85321
              • Instruction ID: 5e9e4ee23bcdf54d5dd2e57144ba53cd9604d32a1f5f0a01287b3a6b7d4efcd5
              • Opcode Fuzzy Hash: 37cf7df5d4b063b0bfc9a0889baef8fea297a1c342bea3f751a96ed205f85321
              • Instruction Fuzzy Hash: 3DC1A074E01218CFDB54DFA9C994B9DBBB2BF89305F2080A9D409AB354DB356E85CF50
              Function 06AC6BD0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2e556e5dc76f3aaf84658604adea0affd949acf062559390cf4a91f7d509bde9
              • Instruction ID: 1391237075b8115528473bfc593a0d2b3395e6f59a5bc18fe2478074b6d5ae4a
              • Opcode Fuzzy Hash: 2e556e5dc76f3aaf84658604adea0affd949acf062559390cf4a91f7d509bde9
              • Instruction Fuzzy Hash: 55C1A074E01218CFDB54DFA9C954B9DBBB2BF89305F2080A9D809AB354DB395E85CF50
              Function 06AC6320 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3ce78e969ab85417988a4ba03889fa15c2a2d31e232097cad54f37e6105d4665
              • Instruction ID: 911921601caee5153f084f57667ebc1e164e2c9aa8c5893c913119ae19c2040a
              • Opcode Fuzzy Hash: 3ce78e969ab85417988a4ba03889fa15c2a2d31e232097cad54f37e6105d4665
              • Instruction Fuzzy Hash: 19C1B074E01218CFDB54DFA9C954B9DBBB2BF89304F2090A9D409AB354DB359E85CF50
              Function 06AC6778 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f5f8025301e8e3bd8923dcd645ab4e62d8af1175f7bf74aaa64f63f9740180a9
              • Instruction ID: 9481a80cca17444271aa08a9c554db6c52f54f082eaa533f8664ef43b07fcd2a
              • Opcode Fuzzy Hash: f5f8025301e8e3bd8923dcd645ab4e62d8af1175f7bf74aaa64f63f9740180a9
              • Instruction Fuzzy Hash: 31C1B074E01218CFDB54EFA9C954B9DBBB2BF89304F2080A9D409AB355DB399E85CF50
              Function 06AC74A8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1046f34865b0bdec4e388463df862bcc59ac7d4e472c7b5f673d5e1e6a817a72
              • Instruction ID: b0e107f6aec85fe5ccf21bb922454cffe21c4dfd5025aeb466e5dedf9fc59139
              • Opcode Fuzzy Hash: 1046f34865b0bdec4e388463df862bcc59ac7d4e472c7b5f673d5e1e6a817a72
              • Instruction Fuzzy Hash: 07C19F74E01218CFDB54DFA9C954B9DBBB2BF89305F2080A9D809AB354DB399E85CF50
              Function 06AC0498 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ff238cdd69f25e3204f937dd42ae880783257f17a195ed316a7c10c9c4ac4717
              • Instruction ID: e24e209e0d1b3c1b0bd192c78d849214917677acd96c3e37dd66a04a2f1e1b44
              • Opcode Fuzzy Hash: ff238cdd69f25e3204f937dd42ae880783257f17a195ed316a7c10c9c4ac4717
              • Instruction Fuzzy Hash: E9C19074E01218CFDB54DFA9C954B9DBBB2BF89305F2080A9D809AB354DB399E85CF50
              Function 06AC08F0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8b736e4daef2853a8a6a71004ce50cafcbfbc1854308ac2962f0e9cb780e4961
              • Instruction ID: f79a12d163111d9279a05f902ceacf088e47bc3ff8e8c517c9caf3eae25b07fa
              • Opcode Fuzzy Hash: 8b736e4daef2853a8a6a71004ce50cafcbfbc1854308ac2962f0e9cb780e4961
              • Instruction Fuzzy Hash: 47C1AE74E01218CFDB54DFA9C994B9DBBB2BB88304F2080A9D809AB354DB395E81CF50
              Function 06AC0040 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 430dc45efdbb669f1a01e726c60fdc730a2fe76f62cd7f9e2eb58b2d82888ca3
              • Instruction ID: 03853a9ec40f081c1c2b365028fa7d1f7455928bd15004dddac8d5be57c8ea17
              • Opcode Fuzzy Hash: 430dc45efdbb669f1a01e726c60fdc730a2fe76f62cd7f9e2eb58b2d82888ca3
              • Instruction Fuzzy Hash: 39C1B074E01218CFDB54DFA9C954B9DBBB2BF89305F2080A9D809AB354DB399E81CF50
              Function 06AC7050 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c9cabcca244aacf1955aac2416d5b09d5748909063283252afc1ca6ba15379f2
              • Instruction ID: 50b2252308aa721d6721813df398a76c2c0817c57848dc8120cce337a6cafc67
              • Opcode Fuzzy Hash: c9cabcca244aacf1955aac2416d5b09d5748909063283252afc1ca6ba15379f2
              • Instruction Fuzzy Hash: C6C1A174E01218CFDB54DFA9D994B9DBBB2BF89305F2080A9D409AB354DB359E81CF50
              Function 06AC81B0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 749f73810443c9a63230d9c9796dffa16e995fd98428e7d4f62fbca3a526f458
              • Instruction ID: 38a61eb283bffbf5d8a116fb5787711cf58c3990b3eb1ca3998435caed440e1e
              • Opcode Fuzzy Hash: 749f73810443c9a63230d9c9796dffa16e995fd98428e7d4f62fbca3a526f458
              • Instruction Fuzzy Hash: C3C1A074E01218CFDB54DFA9C954B9DBBB2BF89305F2080A9D809AB354DB395E85CF50
              Function 06AC5198 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 9ed460b95406b9db5b20ee8a2977904742a6ab474c4726d3049bd4a6e2bf377e
              • Instruction ID: bc8f84fb9392e564aed38f6abe206f675d56bf83fcdc588ee9f4687f6e19d0c0
              • Opcode Fuzzy Hash: 9ed460b95406b9db5b20ee8a2977904742a6ab474c4726d3049bd4a6e2bf377e
              • Instruction Fuzzy Hash: 16C1A074E01218CFDB54DFA9C994B9DBBB2BF89305F2080A9D409AB354DB35AE81CF50
              Function 06AC7900 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4b8ebbe70974fbbc44b0c1ba8c1810699c9e66138c909880bb3c2ac719d89174
              • Instruction ID: 120b0390676b549c820ddb363691dab77188014d90d509b9626a1d98b1ba05fb
              • Opcode Fuzzy Hash: 4b8ebbe70974fbbc44b0c1ba8c1810699c9e66138c909880bb3c2ac719d89174
              • Instruction Fuzzy Hash: 57C1AF74E01218CFDB54DFA9C954B9DBBB2BF88304F2080A9D809AB354DB399E81CF50
              Function 06AC0D48 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 682e20d046e05ee8137ac937bd491bfe79121e4253537ce7c43ccb792f28dde4
              • Instruction ID: 68a7147804030feb2b758b2c3b621fa3b59c0e2ec72d520dc5c5836390b59e58
              • Opcode Fuzzy Hash: 682e20d046e05ee8137ac937bd491bfe79121e4253537ce7c43ccb792f28dde4
              • Instruction Fuzzy Hash: 78C1BF74E01218CFDB54DFA9C994B9DBBB2BF89304F2080A9D809AB354DB395E81CF50
              Function 06AC7D58 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: aa700a25cdfc97d7117277aaa9365b2be6f80a1041579379aa2fbbaeffc45e24
              • Instruction ID: ccfc8ac2a2222cd972d3d23cb46dba36e2ea9b6464dbef347e41ff21a6f5f027
              • Opcode Fuzzy Hash: aa700a25cdfc97d7117277aaa9365b2be6f80a1041579379aa2fbbaeffc45e24
              • Instruction Fuzzy Hash: A5C19074E01218CFDB54DFA9C994B9DBBB2BF89305F2080A9D409AB354DB399E85CF50
              Function 05BE1610 Relevance: .2, Instructions: 224COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0117591187b207b8c55c319c3cb5c9c6863381cf9159515ba458ca63e9d14981
              • Instruction ID: d542ea62d8cc6211b5397fd14204d85cb959389ef5e805494d11dc4f61f426ab
              • Opcode Fuzzy Hash: 0117591187b207b8c55c319c3cb5c9c6863381cf9159515ba458ca63e9d14981
              • Instruction Fuzzy Hash: 6BA1F570D00218CFDB24DFA9C554BEDBBB1FF88314F249269E409AB2A1DB745985CF50
              Function 06AC33B8 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 458e84ff37c3c5495965f3923086f44f7e42406621afa6161c5ecf1018cbec94
              • Instruction ID: fd2757e1eeaa0778c04cee5da8ec7f4cf7be2bae47f6cbca9650666bb06da691
              • Opcode Fuzzy Hash: 458e84ff37c3c5495965f3923086f44f7e42406621afa6161c5ecf1018cbec94
              • Instruction Fuzzy Hash: 7BB19074E00218CFDB54DFA9D894A9DBBB2FF89314F2081A9D819AB365DB34AD41CF50
              Function 05BE1620 Relevance: .2, Instructions: 220COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2f12026d91f2b45899d14647d1b50f0f23185acb90b8e0c80dd0b9266179fb93
              • Instruction ID: d3b9bb0ed176eba3aa9406d097bfc74b38f35036236b7cd8616f57046e97c550
              • Opcode Fuzzy Hash: 2f12026d91f2b45899d14647d1b50f0f23185acb90b8e0c80dd0b9266179fb93
              • Instruction Fuzzy Hash: 83A10370E002088FDB24DFA9C554BEDBBB1FF88314F249269E409AB2A1DB709985CF51
              Function 05BE1966 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4093787065.0000000005BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05BE0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_5be0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bda8b560331ef8457cf10ff087e5671884969b00461cd1103671d9d17f6ca399
              • Instruction ID: 4fd44818c8c91c26c2222c9d29f39ae3d2dc6f27190d8d15fefc65c138896485
              • Opcode Fuzzy Hash: bda8b560331ef8457cf10ff087e5671884969b00461cd1103671d9d17f6ca399
              • Instruction Fuzzy Hash: 9991E274D00218CFDB24DFA8C584BECBBB1FF48314F2492A9E419AB291DB71A985CF54
              Function 06AC33A8 Relevance: .1, Instructions: 130COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ead038b39d3af051a784f0bf34850366bc7a1bd0fe39144d52046bcf94c7c24e
              • Instruction ID: 3ae6688adcacae3e39a5c27a45fa6a7027e97ba93cee9eaf0e8950bbd80b9b4c
              • Opcode Fuzzy Hash: ead038b39d3af051a784f0bf34850366bc7a1bd0fe39144d52046bcf94c7c24e
              • Instruction Fuzzy Hash: AB519075E01608CFDB48DFAAD884A9DBBF2BF89310F24C169D419AB364DB349942CF51
              Function 06AC36CE Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000001.00000002.4094250767.0000000006AC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AC0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_6ac0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c0afbd342490c3c40c0a772f9c10b1c62ebe09d3a98aeb07b22eef53ac78f5b
              • Instruction ID: 69a978d530fa5080734747b7247948128e7ac2edb67ee34392b659a128530306
              • Opcode Fuzzy Hash: 8c0afbd342490c3c40c0a772f9c10b1c62ebe09d3a98aeb07b22eef53ac78f5b
              • Instruction Fuzzy Hash: D1D06775D0425D8ACF20EF98A8403AEB771EF96314F0024969509B7240D7305E518A16
              Function 013D6088 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
              Download Yara Rule
              Strings
              Memory Dump Source
              • Source File: 00000001.00000002.4089542518.00000000013D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013D0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_1_2_13d0000_RegSvcs.jbxd
              Similarity
              • API ID:
              • String ID: \;^q$\;^q$\;^q$\;^q
              • API String ID: 0-3001612457
              • Opcode ID: ff58841eafd58d1a58deccab7fdb67d614b936f2295adb0e8c3e6fc72e96e9b4
              • Instruction ID: 96efcf5185b3f483ac9b6ddd93f69076aeefb1d9b74f272752f56b63fe829434
              • Opcode Fuzzy Hash: ff58841eafd58d1a58deccab7fdb67d614b936f2295adb0e8c3e6fc72e96e9b4
              • Instruction Fuzzy Hash: B601B1B27180189FCB248E2CD44592577FBBF88B69315417AE612CB3B1DA71DC418740