Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
Analysis ID:1499605
MD5:4b94b989b0fe7bec6311153b309dfe81
SHA1:bb50a4bb8a66f0105c5b74f32cd114c672010b22
SHA256:7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
Tags:exe
Infos:

Detection

Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Yara detected Powershell download and execute
.NET source code contains potential unpacker
AI detected suspicious sample
Connects to a pastebin service (likely for C&C)
Machine Learning detection for sample
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if the current process is being debugged
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
One or more processes crash
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe (PID: 7484 cmdline: "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe" MD5: 4B94B989B0FE7BEC6311153B309DFE81)
    • conhost.exe (PID: 7492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WerFault.exe (PID: 7804 cmdline: C:\Windows\system32\WerFault.exe -u -p 7484 -s 2172 MD5: FD27D9F6D02763BDE32511B5DF7FF7A0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
\Device\ConDrvJoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    Process Memory Space: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe PID: 7484JoeSecurity_PowershellDownloadAndExecuteYara detected Powershell download and executeJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: https://getsolara.dev/asset/discord.jsonAvira URL Cloud: Label: phishing
      Source: http://getsolara.devAvira URL Cloud: Label: phishing
      Source: https://getsolara.devAvira URL Cloud: Label: phishing
      Source: https://getsolara.dev/api/endpoint.jsonAvira URL Cloud: Label: phishing
      Source: https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgKAvira URL Cloud: Label: phishing
      Source: https://4c206720.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exeAvira URL Cloud: Label: malware
      Multi AV Scanner detection for domain / URL
      Source: getsolara.devVirustotal: Detection: 11%Perma Link
      Source: https://getsolara.dev/asset/discord.jsonVirustotal: Detection: 9%Perma Link
      Source: http://getsolara.devVirustotal: Detection: 11%Perma Link
      Source: https://getsolara.dev/api/endpoint.jsonVirustotal: Detection: 9%Perma Link
      Source: https://getsolara.devVirustotal: Detection: 11%Perma Link
      Source: https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgKVirustotal: Detection: 10%Perma Link
      Multi AV Scanner detection for submitted file
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeReversingLabs: Detection: 65%
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeVirustotal: Detection: 77%Perma Link
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeJoe Sandbox ML: detected
      Source: unknownHTTPS traffic detected: 172.67.203.125:443 -> 192.168.2.4:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 128.116.123.3:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.20.23.46:443 -> 192.168.2.4:49734 version: TLS 1.2
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: .pdb| source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1991550564.0000027CC0BF8000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Runtime.Serialization.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Data.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Core.pdbP source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Xml.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.ni.pdbRSDS source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA867E000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: System.Configuration.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Numerics.pdbq source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Configuration.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Configuration.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Data.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Data.ni.pdbRSDSC source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: \??\C:\Windows\System.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1991550564.0000027CC0BF8000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Xml.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA867E000.00000004.00000800.00020000.00000000.sdmp, WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Core.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Data.pdbH source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Numerics.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: mscorlib.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: mscorlib.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Core.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Runtime.Serialization.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Runtime.Serialization.pdbMZ source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Numerics.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Core.ni.pdbRSDS source: WER2E60.tmp.dmp.5.dr

      Networking

      barindex
      Connects to a pastebin service (likely for C&C)
      Source: unknownDNS query: name: pastebin.com
      Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Host: getsolara.devConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /raw/ZESVzSgK HTTP/1.1Host: pastebin.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1Host: clientsettings.roblox.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1Host: www.nodejs.orgConnection: Keep-Alive
      Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
      Source: Joe Sandbox ViewIP Address: 104.20.3.235 104.20.3.235
      Source: Joe Sandbox ViewIP Address: 128.116.123.3 128.116.123.3
      Source: Joe Sandbox ViewIP Address: 104.20.23.46 104.20.23.46
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficHTTP traffic detected: GET /asset/discord.json HTTP/1.1Host: getsolara.devConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /raw/ZESVzSgK HTTP/1.1Host: pastebin.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1Host: clientsettings.roblox.comConnection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1Host: www.nodejs.orgConnection: Keep-Alive
      Source: global trafficDNS traffic detected: DNS query: getsolara.dev
      Source: global trafficDNS traffic detected: DNS query: pastebin.com
      Source: global trafficDNS traffic detected: DNS query: clientsettings.roblox.com
      Source: global trafficDNS traffic detected: DNS query: www.nodejs.org
      Source: global trafficDNS traffic detected: DNS query: nodejs.org
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8492000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:6463
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA83A1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8492000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:6463/rpc?v=1
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8492000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:64632y
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://clientsettings.roblox.com
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edge-term4-fra2.roblox.com
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://getsolara.dev
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: http://james.newtonking.com/projects/json
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nodejs.org
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pastebin.com
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA83A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
      Source: Amcache.hve.5.drString found in binary or memory: http://upx.sf.net
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.nodejs.org
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8465000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://4c206720.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: https://aka.ms/vs/17/release/vc_redist.x64.exe
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8465000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://c6ff8eb7.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientsettings.roblox.com
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8465000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA83A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discord.com
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: https://discord.com;http://127.0.0.1:6463/rpc?v=11
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA843E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA83A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getsolara.dev
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getsolara.dev/api/endpoint.json
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgK
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: https://getsolara.dev/asset/discord.json
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA850E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ncs.roblox.com/upload
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA850A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://pastebin.com/raw/ZESVzSgK
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: https://www.newtonsoft.com/jsonschema
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nodejs.org
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownHTTPS traffic detected: 172.67.203.125:443 -> 192.168.2.4:49730 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.20.3.235:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 128.116.123.3:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.20.23.46:443 -> 192.168.2.4:49734 version: TLS 1.2
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeCode function: 0_2_00007FFD9B8959700_2_00007FFD9B895970
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeCode function: 0_2_00007FFD9B8A210D0_2_00007FFD9B8A210D
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeCode function: 0_2_00007FFD9B8968500_2_00007FFD9B896850
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeCode function: 0_2_00007FFD9B8A6F300_2_00007FFD9B8A6F30
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeCode function: 0_2_00007FFD9B893DF80_2_00007FFD9B893DF8
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7484 -s 2172
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000000.1759560954.0000027CA665A000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameSolaraBootstrapper.exeF vs SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeBinary or memory string: OriginalFilenameSolaraBootstrapper.exeF vs SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
      Source: classification engineClassification label: mal88.troj.evad.winEXE@3/7@5/5
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeFile created: C:\Users\user\Desktop\DISCORDJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeMutant created: NULL
      Source: C:\Windows\System32\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7484
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7492:120:WilError_03
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeFile created: C:\Users\user\AppData\Local\Temp\node-v18.16.0-x64.msiJump to behavior
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeStatic file information: TRID: Win64 Executable Console Net Framework (206006/5) 46.24%
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeReversingLabs: Detection: 65%
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeVirustotal: Detection: 77%
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: chttps://go.microsoft.com/fwlink/p/?LinkId=2124703=MicrosoftEdgeWebview2Setup.exe!/silent /installQWebView2 runtime installed successfully.GError installing WebView2 runtime: iSOFTWARE\Microsoft\VisualStudio\14.0\VC\Runtimes\X64
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeString found in binary or memory: Installed#vc_redist.x64.exe5/install /quiet /norestart
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe "C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe"
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess created: C:\Windows\System32\WerFault.exe C:\Windows\system32\WerFault.exe -u -p 7484 -s 2172
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: mscoree.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: rasapi32.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: rasman.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: rtutils.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: dhcpcsvc6.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: dhcpcsvc.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: secur32.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
      Source: Binary string: .pdb| source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1991550564.0000027CC0BF8000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Runtime.Serialization.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Data.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Core.pdbP source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Xml.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Runtime.Serialization.ni.pdbRSDSg@h source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.ni.pdbRSDS source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.pdbN|2h|2 Z|2_CorDllMainmscoree.dll source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA867E000.00000004.00000800.00020000.00000000.sdmp
      Source: Binary string: System.Configuration.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Numerics.pdbq source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Configuration.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: mscorlib.ni.pdbRSDS7^3l source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Configuration.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Data.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Data.ni.pdbRSDSC source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: \??\C:\Windows\System.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1991550564.0000027CC0BF8000.00000004.00000020.00020000.00000000.sdmp
      Source: Binary string: System.Xml.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.pdb source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA867E000.00000004.00000800.00020000.00000000.sdmp, WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Xml.ni.pdbRSDS# source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Core.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Numerics.ni.pdbRSDSautg source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Data.pdbH source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Numerics.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: mscorlib.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: mscorlib.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Core.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Runtime.Serialization.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Runtime.Serialization.pdbMZ source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Configuration.ni.pdbRSDScUN source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Numerics.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.ni.pdb source: WER2E60.tmp.dmp.5.dr
      Source: Binary string: System.Core.ni.pdbRSDS source: WER2E60.tmp.dmp.5.dr

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, DynamicUtils.cs.Net Code: CreateSharpArgumentInfoArray
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, LateBoundReflectionDelegateFactory.cs.Net Code: CreateDefaultConstructor
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeCode function: 0_2_00007FFD9B89619E push es; ret 0_2_00007FFD9B896227
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeCode function: 0_2_00007FFD9B898120 push ebx; ret 0_2_00007FFD9B89816A
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeCode function: 0_2_00007FFD9B8900BD pushad ; iretd 0_2_00007FFD9B8900C1
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeMemory allocated: 27CA6980000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeMemory allocated: 27CC03A0000 memory reserve | memory write watchJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599797Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599625Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599515Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599295Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599179Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599078Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598969Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598844Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598734Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598625Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598515Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598297Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598187Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598078Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597968Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597859Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597749Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597640Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597531Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597408Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597109Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596984Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596875Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596765Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596656Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596547Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596435Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596327Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596219Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596094Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595983Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595875Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595765Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595656Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595547Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595437Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595328Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595219Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595094Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594981Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594874Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594422Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594275Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594156Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 581479Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeWindow / User API: threadDelayed 2374Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeWindow / User API: threadDelayed 7038Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -26747778906878833s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -600000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -599797s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -599625s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -599515s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -599406s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -599295s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -599179s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -599078s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598969s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598844s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598734s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598625s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598515s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598406s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598297s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598187s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -598078s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -597968s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -597859s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -597749s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -597640s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -597531s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -597408s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -597109s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596984s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596875s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596765s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596656s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596547s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596435s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596327s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596219s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -596094s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595983s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595875s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595765s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595656s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595547s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595437s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595328s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595219s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -595094s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -594981s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -594874s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -594422s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -594275s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -594156s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe TID: 7640Thread sleep time: -581479s >= -30000sJump to behavior
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 600000Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599797Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599625Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599515Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599295Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599179Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 599078Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598969Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598844Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598734Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598625Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598515Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598406Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598297Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598187Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 598078Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597968Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597859Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597749Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597640Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597531Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597408Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 597109Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596984Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596875Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596765Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596656Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596547Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596435Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596327Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596219Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 596094Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595983Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595875Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595765Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595656Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595547Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595437Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595328Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595219Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 595094Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594981Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594874Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594422Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594275Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 594156Jump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeThread delayed: delay time: 581479Jump to behavior
      Source: Amcache.hve.5.drBinary or memory string: VMware
      Source: Amcache.hve.5.drBinary or memory string: VMware Virtual USB Mouse
      Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin
      Source: Amcache.hve.5.drBinary or memory string: VMware, Inc.
      Source: Amcache.hve.5.drBinary or memory string: VMware20,1hbin@
      Source: Amcache.hve.5.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
      Source: Amcache.hve.5.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: Amcache.hve.5.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.5.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.5.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
      Source: Amcache.hve.5.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
      Source: Amcache.hve.5.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
      Source: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990318126.0000027CA6839000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
      Source: Amcache.hve.5.drBinary or memory string: vmci.sys
      Source: Amcache.hve.5.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
      Source: Amcache.hve.5.drBinary or memory string: vmci.syshbin`
      Source: Amcache.hve.5.drBinary or memory string: \driver\vmci,\driver\pci
      Source: Amcache.hve.5.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
      Source: Amcache.hve.5.drBinary or memory string: VMware20,1
      Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Generation Counter
      Source: Amcache.hve.5.drBinary or memory string: NECVMWar VMware SATA CD00
      Source: Amcache.hve.5.drBinary or memory string: VMware Virtual disk SCSI Disk Device
      Source: Amcache.hve.5.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
      Source: Amcache.hve.5.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
      Source: Amcache.hve.5.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
      Source: Amcache.hve.5.drBinary or memory string: VMware PCI VMCI Bus Device
      Source: Amcache.hve.5.drBinary or memory string: VMware VMCI Bus Device
      Source: Amcache.hve.5.drBinary or memory string: VMware Virtual RAM
      Source: Amcache.hve.5.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
      Source: Amcache.hve.5.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      Yara detected Powershell download and execute
      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe PID: 7484, type: MEMORYSTR
      Source: Yara matchFile source: \Device\ConDrv, type: DROPPED
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: Amcache.hve.5.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
      Source: Amcache.hve.5.drBinary or memory string: msmpeng.exe
      Source: Amcache.hve.5.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
      Source: Amcache.hve.5.drBinary or memory string: MsMpEng.exe

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
      Command and Scripting Interpreter      		1
      DLL Side-Loading      		1
      Process Injection      		1
      Masquerading      		OS Credential Dumping1
      Query Registry      		Remote Services1
      Archive Collected Data      		1
      Web Service      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Disable or Modify Tools      		LSASS Memory21
      Security Software Discovery      		Remote Desktop ProtocolData from Removable Media11
      Encrypted Channel      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)41
      Virtualization/Sandbox Evasion      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Ingress Tool Transfer      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Process Injection      		NTDS41
      Virtualization/Sandbox Evasion      		Distributed Component Object ModelInput Capture2
      Non-Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
      Obfuscated Files or Information      		LSA Secrets1
      Application Window Discovery      		SSHKeylogging3
      Application Layer Protocol      		Scheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      Software Packing      		Cached Domain Credentials12
      System Information Discovery      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
      DLL Side-Loading      		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe66%ReversingLabsWin32.Trojan.Generic
      SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe77%VirustotalBrowse
      SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      SourceDetectionScannerLabelLink
      nodejs.org0%VirustotalBrowse
      getsolara.dev11%VirustotalBrowse
      edge-term4-fra2.roblox.com0%VirustotalBrowse
      www.nodejs.org0%VirustotalBrowse
      pastebin.com0%VirustotalBrowse
      clientsettings.roblox.com0%VirustotalBrowse

      URLs

      SourceDetectionScannerLabelLink
      http://upx.sf.net0%URL Reputationsafe
      http://james.newtonking.com/projects/json0%URL Reputationsafe
      https://www.newtonsoft.com/jsonschema0%URL Reputationsafe
      https://www.nuget.org/packages/Newtonsoft.Json.Bson0%URL Reputationsafe
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
      https://nodejs.org0%Avira URL Cloudsafe
      http://127.0.0.1:64630%Avira URL Cloudsafe
      http://127.0.0.1:64631%VirustotalBrowse
      http://127.0.0.1:64632y0%Avira URL Cloudsafe
      http://www.nodejs.org0%Avira URL Cloudsafe
      https://discord.com0%Avira URL Cloudsafe
      http://www.nodejs.org0%VirustotalBrowse
      https://discord.com0%VirustotalBrowse
      https://nodejs.org0%VirustotalBrowse
      https://ncs.roblox.com/upload0%Avira URL Cloudsafe
      https://www.nodejs.org0%Avira URL Cloudsafe
      https://getsolara.dev/asset/discord.json100%Avira URL Cloudphishing
      http://getsolara.dev100%Avira URL Cloudphishing
      https://discord.com;http://127.0.0.1:6463/rpc?v=110%Avira URL Cloudsafe
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live0%Avira URL Cloudsafe
      https://aka.ms/vs/17/release/vc_redist.x64.exe0%Avira URL Cloudsafe
      https://c6ff8eb7.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip0%Avira URL Cloudsafe
      https://www.nodejs.org0%VirustotalBrowse
      https://getsolara.dev/asset/discord.json9%VirustotalBrowse
      https://ncs.roblox.com/upload0%VirustotalBrowse
      https://getsolara.dev100%Avira URL Cloudphishing
      http://getsolara.dev11%VirustotalBrowse
      https://pastebin.com/raw/ZESVzSgK0%Avira URL Cloudsafe
      https://getsolara.dev/api/endpoint.json100%Avira URL Cloudphishing
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/live0%VirustotalBrowse
      https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi0%Avira URL Cloudsafe
      https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgK100%Avira URL Cloudphishing
      https://getsolara.dev/api/endpoint.json9%VirustotalBrowse
      https://4c206720.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe100%Avira URL Cloudmalware
      https://aka.ms/vs/17/release/vc_redist.x64.exe0%VirustotalBrowse
      https://getsolara.dev11%VirustotalBrowse
      https://pastebin.com/raw/ZESVzSgK1%VirustotalBrowse
      http://nodejs.org0%Avira URL Cloudsafe
      http://127.0.0.1:6463/rpc?v=10%Avira URL Cloudsafe
      http://clientsettings.roblox.com0%Avira URL Cloudsafe
      https://4c206720.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe3%VirustotalBrowse
      https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgK10%VirustotalBrowse
      http://pastebin.com0%Avira URL Cloudsafe
      https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi0%Avira URL Cloudsafe
      http://clientsettings.roblox.com0%VirustotalBrowse
      http://nodejs.org0%VirustotalBrowse
      https://pastebin.com0%Avira URL Cloudsafe
      http://127.0.0.1:6463/rpc?v=10%VirustotalBrowse
      https://clientsettings.roblox.com0%Avira URL Cloudsafe
      http://pastebin.com0%VirustotalBrowse
      https://c6ff8eb7.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zip4%VirustotalBrowse
      http://edge-term4-fra2.roblox.com0%Avira URL Cloudsafe
      https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi0%VirustotalBrowse
      https://pastebin.com0%VirustotalBrowse
      http://edge-term4-fra2.roblox.com0%VirustotalBrowse
      https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi0%VirustotalBrowse
      https://clientsettings.roblox.com0%VirustotalBrowse

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      nodejs.org
      		104.20.22.46
      		truefalseunknown
      getsolara.dev
      		172.67.203.125
      		truefalseunknown
      edge-term4-fra2.roblox.com
      		128.116.123.3
      		truefalseunknown
      www.nodejs.org
      		104.20.23.46
      		truefalseunknown
      pastebin.com
      		104.20.3.235
      		truetrueunknown
      clientsettings.roblox.com
      		unknown
      		unknowntrueunknown

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      https://getsolara.dev/asset/discord.jsontrue
      • 9%, Virustotal, Browse
      • Avira URL Cloud: phishing
      		unknown
      https://clientsettings.roblox.com/v2/client-version/WindowsPlayer/channel/livefalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://pastebin.com/raw/ZESVzSgKfalse
      • 1%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://www.nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msifalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      http://127.0.0.1:6463SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8492000.00000004.00000800.00020000.00000000.sdmpfalse
      • 1%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://www.nodejs.orgSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://nodejs.orgSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://discord.comSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA83A1000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://127.0.0.1:64632ySecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8492000.00000004.00000800.00020000.00000000.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      https://ncs.roblox.com/uploadSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA850E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://www.nodejs.orgSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://upx.sf.netAmcache.hve.5.drfalse
      • URL Reputation: safe
      		unknown
      http://james.newtonking.com/projects/jsonSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exefalse
      • URL Reputation: safe
      		unknown
      http://getsolara.devSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8449000.00000004.00000800.00020000.00000000.sdmptrue
      • 11%, Virustotal, Browse
      • Avira URL Cloud: phishing
      		unknown
      https://discord.com;http://127.0.0.1:6463/rpc?v=11SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exefalse
      • Avira URL Cloud: safe
      		unknown
      https://aka.ms/vs/17/release/vc_redist.x64.exeSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exefalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://c6ff8eb7.solaraweb-alj.pages.dev/download/static/files/Solara.Dir.zipSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8465000.00000004.00000800.00020000.00000000.sdmpfalse
      • 4%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://getsolara.devSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA843E000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA83A1000.00000004.00000800.00020000.00000000.sdmptrue
      • 11%, Virustotal, Browse
      • Avira URL Cloud: phishing
      		unknown
      https://getsolara.dev/api/endpoint.jsonSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmptrue
      • 9%, Virustotal, Browse
      • Avira URL Cloud: phishing
      		unknown
      https://www.newtonsoft.com/jsonschemaSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exefalse
      • URL Reputation: safe
      		unknown
      https://getsolara.dev/api/endpoint.jsonChttps://pastebin.com/raw/ZESVzSgKSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exetrue
      • 10%, Virustotal, Browse
      • Avira URL Cloud: phishing
      		unknown
      https://www.nuget.org/packages/Newtonsoft.Json.BsonSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exefalse
      • URL Reputation: safe
      		unknown
      https://4c206720.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exeSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8465000.00000004.00000800.00020000.00000000.sdmpfalse
      • 3%, Virustotal, Browse
      • Avira URL Cloud: malware
      		unknown
      http://nodejs.orgSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://127.0.0.1:6463/rpc?v=1SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA83A1000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8492000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA83A1000.00000004.00000800.00020000.00000000.sdmpfalse
      • URL Reputation: safe
      		unknown
      http://clientsettings.roblox.comSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://pastebin.comSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msiSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA850A000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmp, SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://pastebin.comSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA84AB000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      https://clientsettings.roblox.comSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown
      http://edge-term4-fra2.roblox.comSecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, 00000000.00000002.1990870019.0000027CA8533000.00000004.00000800.00020000.00000000.sdmpfalse
      • 0%, Virustotal, Browse
      • Avira URL Cloud: safe
      		unknown

      World Map of Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public IPs

      IPDomainCountryFlagASNASN NameMalicious
      172.67.203.125
      		getsolara.devUnited States
      		13335CLOUDFLARENETUSfalse
      104.20.3.235
      		pastebin.comUnited States
      		13335CLOUDFLARENETUStrue
      128.116.123.3
      		edge-term4-fra2.roblox.comUnited States
      		22697ROBLOX-PRODUCTIONUSfalse
      104.20.23.46
      		www.nodejs.orgUnited States
      		13335CLOUDFLARENETUSfalse

      Private

      IP
      127.0.0.1

      General Information

      Joe Sandbox version:40.0.0 Tourmaline
      Analysis ID:1499605
      Start date and time:2024-08-27 09:27:08 +02:00
      Joe Sandbox product:CloudBasic
      Overall analysis duration:0h 4m 59s
      Hypervisor based Inspection enabled:false
      Report type:full
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
      Number of analysed new started processes analysed:10
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Sample name:SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
      Detection:MAL
      Classification:mal88.troj.evad.winEXE@3/7@5/5
      EGA Information:Failed
      HCA Information:
      • Successful, ratio: 100%
      • Number of executed functions: 149
      • Number of non-executed functions: 4
      Cookbook Comments:
      • Found application associated with file extension: .exe

      Warnings

      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
      • Excluded IPs from analysis (whitelisted): 20.189.173.22
      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, login.live.com, slscr.update.microsoft.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus17.westus.cloudapp.azure.com, ctldl.windowsupdate.com, umwatson.events.data.microsoft.com, fe3cr.delivery.mp.microsoft.com
      • Execution Graph export aborted for target SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe, PID 7484 because it is empty
      • Not all processes where analyzed, report is missing behavior information
      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
      • Report size getting too big, too many NtOpenKeyEx calls found.
      • Report size getting too big, too many NtQueryValueKey calls found.
      • Report size getting too big, too many NtReadVirtualMemory calls found.
      • Report size getting too big, too many NtSetInformationFile calls found.

      Simulations

      Behavior and APIs

      TimeTypeDescription
      03:28:12API Interceptor48x Sleep call for process: SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe modified
      03:28:31API Interceptor1x Sleep call for process: WerFault.exe modified

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
      172.67.203.125SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
        104.20.3.235sostener.vbsGet hashmaliciousRemcosBrowse
        • pastebin.com/raw/V9y5Q5vv
        New Voicemail Invoice 64746w .jsGet hashmaliciousWSHRATBrowse
        • pastebin.com/raw/NsQ5qTHr
        Invoice-883973938.jsGet hashmaliciousWSHRATBrowse
        • pastebin.com/raw/NsQ5qTHr
        2024 12_59_31 a.m..jsGet hashmaliciousWSHRATBrowse
        • pastebin.com/raw/NsQ5qTHr
        PendingInvoiceBankDetails.JS.jsGet hashmaliciousWSHRATBrowse
        • pastebin.com/raw/NsQ5qTHr
        128.116.123.3Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
          Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
            SolaraBootstrapper.exeGet hashmaliciousDCRat, XWormBrowse
              https://www.roblox.com.zm/loginGet hashmaliciousUnknownBrowse
                RobloxPlayerLauncher.exeGet hashmaliciousUnknownBrowse
                  104.20.23.46SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                    solarabootstrapper.exeGet hashmaliciousXWormBrowse
                      TK7.vbsGet hashmaliciousPureLog Stealer, XWorm, zgRATBrowse
                        SmartConvertPDF_48187981.msiGet hashmaliciousUnknownBrowse
                          FreeTemplates_46070101.msiGet hashmaliciousUnknownBrowse
                            SecuriteInfo.com.PUA.Tool.Proxy.2579.7454.1991.exeGet hashmaliciousUnknownBrowse
                              SecuriteInfo.com.PUA.Tool.Proxy.2579.7454.1991.exeGet hashmaliciousUnknownBrowse
                                630DB15B4A855CA42E13666E2046C639A4C2847E0D1FC.exeGet hashmaliciousAsyncRATBrowse
                                  Pdf-Invoice.wsfGet hashmaliciousAsyncRAT, zgRATBrowse
                                    fb3c7a8f-e0ee-474d-918c-a9df0bbfe45c.jsGet hashmaliciousAsyncRATBrowse

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      www.nodejs.orgSecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                      • 104.20.22.46
                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 104.20.23.46
                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 104.20.22.46
                                      solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                      • 104.20.23.46
                                      3jF5V4T8LO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 104.20.22.46
                                      getsolara.devSecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                      • 104.21.93.27
                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 172.67.203.125
                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 104.21.93.27
                                      pastebin.comFrench Group.jsGet hashmaliciousRemcosBrowse
                                      • 104.20.3.235
                                      Mi_Documento.jsGet hashmaliciousAsyncRAT, DcRatBrowse
                                      • 104.20.3.235
                                      French Group.jsGet hashmaliciousUnknownBrowse
                                      • 172.67.19.24
                                      xnxx.exeGet hashmaliciousUnknownBrowse
                                      • 104.20.3.235
                                      sostener.vbsGet hashmaliciousRemcosBrowse
                                      • 104.20.3.235
                                      pxkGBmsm1Y.exeGet hashmaliciousDCRatBrowse
                                      • 104.20.3.235
                                      yyTqxbOXbF.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 104.20.3.235
                                      abc0f6a2936703cd32608e7a0c06cd7b1da2f012ad7eb.exeGet hashmaliciousCryptOne, Nymaim, PrivateLoader, RedLine, SmokeLoader, onlyLoggerBrowse
                                      • 172.67.19.24
                                      7aHn0kxDWZ.exeGet hashmaliciousXmrigBrowse
                                      • 172.67.19.24
                                      ExeFile (38).exeGet hashmaliciousNjratBrowse
                                      • 172.67.19.24
                                      edge-term4-fra2.roblox.comSecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 128.116.123.4
                                      Roblox Account Manager.exeGet hashmaliciousUnknownBrowse
                                      • 128.116.123.3
                                      SolaraBootstrapper.exeGet hashmaliciousDCRat, XWormBrowse
                                      • 128.116.123.3
                                      nodejs.orgSecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                      • 104.20.22.46
                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 104.20.23.46
                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 104.20.22.46
                                      https://nodejs.org/dist/v20.15.0/node-v20.15.0-x64.msiGet hashmaliciousUnknownBrowse
                                      • 104.20.22.46
                                      solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                      • 104.20.23.46
                                      3jF5V4T8LO.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                      • 104.20.22.46
                                      2lz.exeGet hashmaliciousPureLog Stealer, XWorm, zgRATBrowse
                                      • 104.20.22.46
                                      TK7.vbsGet hashmaliciousPureLog Stealer, XWorm, zgRATBrowse
                                      • 104.20.23.46
                                      SmartConvertPDF_48187981.msiGet hashmaliciousUnknownBrowse
                                      • 104.20.23.46
                                      FreeTemplates_46070101.msiGet hashmaliciousUnknownBrowse
                                      • 104.20.23.46

                                      ASNs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      ROBLOX-PRODUCTIONUShttps://roblox.tz/games/10449761463/BOSS-The-Strongest-Battlegrounds?privateServerLinkCode=11856892146830167735895077236647Get hashmaliciousUnknownBrowse
                                      • 128.116.44.4
                                      SecuriteInfo.com.Win32.MalwareX-gen.6231.15153.exeGet hashmaliciousUnknownBrowse
                                      • 128.116.44.3
                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 128.116.123.4
                                      SecuriteInfo.com.Win64.MalwareX-gen.22026.2513.exeGet hashmaliciousUnknownBrowse
                                      • 128.116.21.4
                                      https://roblox.com.zm/games/10449761463/The-Strongest-Battlegrounds?privateServerLinkCode=22919554639422626360922039380445Get hashmaliciousUnknownBrowse
                                      • 128.116.119.4
                                      https://shrturl.net/pmf-gx3nGet hashmaliciousUnknownBrowse
                                      • 128.116.123.4
                                      cheat_roblox.exeGet hashmaliciousXWormBrowse
                                      • 128.116.21.4
                                      roblox cheat.exeGet hashmaliciousXWormBrowse
                                      • 128.116.21.3
                                      solarabootstrapper.exeGet hashmaliciousXWormBrowse
                                      • 128.116.21.4
                                      cheat_roblox.exeGet hashmaliciousXWormBrowse
                                      • 128.116.21.4
                                      CLOUDFLARENETUSfile.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      Feature Status Update D583R.htmlGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                      • 172.67.220.161
                                      Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      INVG0088 LHV3495264 BL327291535V.exeGet hashmaliciousFormBookBrowse
                                      • 104.21.57.201
                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 172.64.41.3
                                      file.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      RFQ for RIyadh City Water Line Diversion.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      CLOUDFLARENETUSfile.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      Feature Status Update D583R.htmlGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                      • 172.67.220.161
                                      Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      INVG0088 LHV3495264 BL327291535V.exeGet hashmaliciousFormBookBrowse
                                      • 104.21.57.201
                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 172.64.41.3
                                      file.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      RFQ for RIyadh City Water Line Diversion.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3
                                      CLOUDFLARENETUSfile.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      Feature Status Update D583R.htmlGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      Quotation-27-08-24.exeGet hashmaliciousFormBookBrowse
                                      • 172.67.220.161
                                      Electronic_Receipt_ATT0001.htmGet hashmaliciousUnknownBrowse
                                      • 188.114.96.3
                                      GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                                      • 188.114.97.3
                                      INVG0088 LHV3495264 BL327291535V.exeGet hashmaliciousFormBookBrowse
                                      • 104.21.57.201
                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 172.64.41.3
                                      file.exeGet hashmaliciousUnknownBrowse
                                      • 172.64.41.3
                                      RFQ for RIyadh City Water Line Diversion.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 188.114.96.3

                                      JA3 Fingerprints

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      3b5074b1b5d032e5620f69f9f700ff0eGP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      GP Design INV20230103 $68,320.exeGet hashmaliciousUnknownBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      RFQ for RIyadh City Water Line Diversion.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      QUOTATION_JULQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      Products_List_QH082226.exeGet hashmaliciousUnknownBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      RcHHz7wGqB.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      Products_List_QH082226.exeGet hashmaliciousUnknownBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46
                                      PQGPWNdJIT.exeGet hashmaliciousAdes StealerBrowse
                                      • 172.67.203.125
                                      • 104.20.3.235
                                      • 128.116.123.3
                                      • 104.20.23.46

                                      Dropped Files

                                      No context

                                      Created / dropped Files

                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_QZGE30WEHPLQEWCX_56fe2140e541716c1b17be5daffbafc2966884e7_e3d7ec9b_e339f3ff-11b5-4e4c-ab43-a0bf42753d49\Report.wer

                                      Download File
                                      Process:C:\Windows\System32\WerFault.exe
                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):65536
                                      Entropy (8bit):1.2537451083385294
                                      Encrypted:false
                                      SSDEEP:192:cl1nw9r0bU9+dQlaWB9lVvAEZizuiFcZ24lO8J:a1nwibG+dQlamfFhZizuiFcY4lO8J
                                      MD5:14E0621B5BFC3C738E1044E4A490C27E
                                      SHA1:F990EC1C5852A65D40FC1AFD1EBD0E312704924C
                                      SHA-256:C71A17284D7C286EEC19349504A150600D0CEFB2340D0BDAB0425C5C88BEAB40
                                      SHA-512:C2A3AA6EFCF6043DA023A110FED8E389A7122AE1359E1803DE79FEB213AB8D62E1B3C00E16FD8E60503971D713EDD58A6EC1280978B469AC1FEB7FB619B88075
                                      Malicious:false
                                      Reputation:low
                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.C.L.R.2.0.r.3.....E.v.e.n.t.T.i.m.e.=.1.3.3.6.9.2.1.7.2.9.8.7.8.8.2.6.9.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.6.9.2.1.7.2.9.9.4.1.3.2.6.3.6.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.3.3.9.f.3.f.f.-.1.1.b.5.-.4.e.4.c.-.a.b.4.3.-.a.0.b.f.4.2.7.5.3.d.4.9.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.9.1.1.3.1.1.0.-.a.5.6.f.-.4.6.6.2.-.9.a.a.2.-.6.1.f.0.1.b.6.2.9.e.d.c.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....N.s.A.p.p.N.a.m.e.=.S.e.c.u.r.i.t.e.I.n.f.o...c.o.m...W.i.n.6.4...M.a.l.w.a.r.e.X.-.g.e.n...4.2.9.0...2.7.7.9.6...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.S.o.l.a.r.a.B.o.o.t.s.t.r.a.p.p.e.r...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.3.c.-.0.0.0.1.-.0.0.1.4.-.3.e.4.a.-.e.f.a.9.5.2.f.8.d.a.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.2.f.e.1.7.3.6.3.1.c.a.d.c.4.a.7.6.9.5.d.3.9.9.5.7.a.1.2.d.e.9.c.0.0.0.0.0.0.0.0.!.0.0.0.0.b.b.5.0.a.4.

                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2E60.tmp.dmp

                                      Download File
                                      Process:C:\Windows\System32\WerFault.exe
                                      File Type:Mini DuMP crash report, 16 streams, Tue Aug 27 07:28:19 2024, 0x1205a4 type
                                      Category:dropped
                                      Size (bytes):580223
                                      Entropy (8bit):3.209839158369559
                                      Encrypted:false
                                      SSDEEP:6144:GDwiAhuIrGnGHnSq31XQBAqtje3QCmPL3J:gtIMqnSq31XQ+q4QCmzZ
                                      MD5:36051869B9606E647CFFA538198AF743
                                      SHA1:A4C6E7C4263D8229D20D86E4D5BB5DC84154C905
                                      SHA-256:92F80AC0E02FCB6F5FDD167458CEE36C5B3494882B37848D849ED36D56EF5A1B
                                      SHA-512:8BCFA2A2027A3B68894452F2A3EECBAB9D619F6821E03A9084D041ABBAF312C12B079CDF46D8523A441ABCCBA3BAEC69850718FCA1FA1903E390F2A3FB301750
                                      Malicious:false
                                      Reputation:low
                                      Preview:MDMP..a..... ..........f............d...........d...........<....(......H...$)......dQ.............l.......8...........T...........`U..............lD..........XF..............................................................................eJ.......F......Lw......................T.......<......f.............................0..............,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...........................................................................................................................................................................................................................................................................................................................................................................................................................

                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER3017.tmp.WERInternalMetadata.xml

                                      Download File
                                      Process:C:\Windows\System32\WerFault.exe
                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):8932
                                      Entropy (8bit):3.7106274022886363
                                      Encrypted:false
                                      SSDEEP:192:R6l7wVeJdj5vFHc6Y9B1STPgmfZy8IprG89bu6dfqam:R6lXJh59Hc6YbsTPgmfIBuQfe
                                      MD5:4D2DFA9B6900D31595410492FCCA94E5
                                      SHA1:C441ECC54FCD5BA7FD0842190D0C4FAF353DA96F
                                      SHA-256:A0B1B106856804F374BCC0218C7071D9213C66E3A8EAD4139AE46055F8235A12
                                      SHA-512:76DD2491FE646CCA026F054ECA889C885D0035B607280972F5F4B28FF80565ED01F313480F987C894800607F754A0B97305D4094A4FE2A37DD52CBBADEB8918C
                                      Malicious:false
                                      Reputation:low
                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.4.8.4.<./.P.i.

                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER3037.tmp.xml

                                      Download File
                                      Process:C:\Windows\System32\WerFault.exe
                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                      Category:dropped
                                      Size (bytes):4943
                                      Entropy (8bit):4.555106958201648
                                      Encrypted:false
                                      SSDEEP:48:cvIwWl8zsmJg771I91OnWpW8VYYlYm8M4J5jq/FPpyq8vOqz3KMKHd:uIjf8I7iOW7V+JwpW367Hd
                                      MD5:B010ED91CE5DAA6DD280917894BF7214
                                      SHA1:7ED26ED1459978D3D26EDC6AE7451C9801DA1519
                                      SHA-256:73CBBA8325F3412FDE131A668515BFBB86BD9BDBA493604D18FEB97CD267105B
                                      SHA-512:EF54E2F18D1AA103A22C7D1791660DC22434037C65D9A189B572A12299D72589E28DC93173D976B056002A7534813F990A71C11E825DC5E744D5E50FE76E1F08
                                      Malicious:false
                                      Reputation:low
                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="473671" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                      C:\Users\user\Desktop\DISCORD

                                      Download File
                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
                                      File Type:JSON data
                                      Category:dropped
                                      Size (bytes):103
                                      Entropy (8bit):4.069339057131793
                                      Encrypted:false
                                      SSDEEP:3:XSWHlkHFWKBgS3vFKhN9GIxFf9oQg652UTF/HLMl1m:XSWHlW0agStKLkWFfx/52uyPm
                                      MD5:5AA26DE003AEEBAE624A08DE919C52B5
                                      SHA1:FF1A4DD7673A6B604324E1363738658CC4D565C0
                                      SHA-256:335052F362AC50A1D52E8268EBC4323F59644EF7988CB29EA485D57745667BD2
                                      SHA-512:43220140C68668FD309CE343C06E22910DBE6B74818A9A0F07DA052CD8D6020524311C6C00201FC3BCEB6F18743BA07AE65E2D4900DD79FAB7218BEF5CAF192C
                                      Malicious:false
                                      Reputation:low
                                      Preview:{. "args" : {. "code" : "Pbp5VswzmW". },. "cmd" : "INVITE_BROWSER",. "nonce" : ".". }

                                      C:\Windows\appcompat\Programs\Amcache.hve

                                      Download File
                                      Process:C:\Windows\System32\WerFault.exe
                                      File Type:MS Windows registry file, NT/2000 or above
                                      Category:dropped
                                      Size (bytes):1835008
                                      Entropy (8bit):4.465920785167111
                                      Encrypted:false
                                      SSDEEP:6144:xIXfpi67eLPU9skLmb0b4YWSPKaJG8nAgejZMMhA2gX4WABl0uNXdwBCswSba:SXD94YWlLZMM6YFH1+a
                                      MD5:737094E70C822CBCB59038C29ABF4933
                                      SHA1:C791DC99B7632C8E6445E5E2D2226413FDCE6AC9
                                      SHA-256:BE69E0B42CBFD8F4B497FEDDB9A15EA7FBCDB467E59931E323F2EBDFE2843D2B
                                      SHA-512:DE17D06CC4CF9B3DEEEEF96E8EE751212EECAB285C41B4D6BDA6FF75A413D822270E30CC081EDF6EB71D924FFE6A4E339A3B141462305563344E2DAEEF285D7B
                                      Malicious:false
                                      Reputation:low
                                      Preview:regf6...6....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm....R...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                      \Device\ConDrv

                                      Download File
                                      Process:C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
                                      File Type:ISO-8859 text, with CRLF, LF line terminators
                                      Category:dropped
                                      Size (bytes):571
                                      Entropy (8bit):4.9398118662542965
                                      Encrypted:false
                                      SSDEEP:12:t+3p+t/hQAOfVaOQsXCzLQ8X+UwkY1v3igBe:Yot/h+ltcQy+UwkY1vdBe
                                      MD5:5294778E41EE83E1F1E78B56466AD690
                                      SHA1:348B8B4687216D57B8DF59BBCEC481DC9D1E61A6
                                      SHA-256:3AC122288181813B83236E1A2BCB449C51B50A3CA4925677A38C08B2FC6DF69C
                                      SHA-512:381FB6F3AA34E41C17DB3DD8E68B85508F51A94B3E77C479E40AD074767D1CEAE89B6E04FB7DD3D02A74D1AC3431B30920860A198C73387A865051538AE140F1
                                      Malicious:true
                                      Yara Hits:
                                      • Rule: JoeSecurity_PowershellDownloadAndExecute, Description: Yara detected Powershell download and execute, Source: \Device\ConDrv, Author: Joe Security
                                      Reputation:low
                                      Preview:.............................................................------------------------.. ..[-] Fetching endpoint.....[-] Bootstrapper up to date...[-] Killing conflicting processes.....[-] Ensuring essential directories.....[-] Ensuring essential dependencies.....[-] Downloading node......Unhandled Exception: System.Net.WebException: The operation has timed out.. at System.Net.WebClient.DownloadFile(Uri address, String fileName).. at Program.DownloadAndInstallNode().. at Program.EnsureDependencies().. at Program.Main(String[] args).

                                      Static File Info

                                      General

                                      File type:PE32+ executable (console) x86-64 Mono/.Net assembly, for MS Windows
                                      Entropy (8bit):5.604569276886218
                                      TrID:
                                      • Win64 Executable Console Net Framework (206006/5) 46.24%
                                      • Win64 Executable Console (202006/5) 45.34%
                                      • Win64 Executable (generic) Net Framework (21505/4) 4.83%
                                      • Win64 Executable (generic) (12005/4) 2.69%
                                      • Generic Win/DOS Executable (2004/3) 0.45%
                                      File name:SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
                                      File size:815'104 bytes
                                      MD5:4b94b989b0fe7bec6311153b309dfe81
                                      SHA1:bb50a4bb8a66f0105c5b74f32cd114c672010b22
                                      SHA256:7c4283f5e620b2506bcb273f947def4435d95e143ae3067a783fd3adc873a659
                                      SHA512:fbbe60cf3e5d028d906e7d444b648f7dff8791c333834db8119e0a950532a75fda2e9bd5948f0b210904667923eb7b2c0176140babc497955d227e7d80fb109d
                                      SSDEEP:12288:jHeLH6iTPSE54sgweI9oaQaj3T+piq+77xOZ+eMm:jHeLHdTSEeyoaQaj3apiq+77xd
                                      TLSH:0D054A617BE4E613F0AE2772E8B14B141BB5F542AB66E78F094866EC1C433096D9037F
                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d....Z.f.........."......f..........F.... ....@...... ....................................`................................

                                      File Icon

                                      Icon Hash:90cececece8e8eb0

                                      Static PE Info

                                      General

                                      Entrypoint:0x4c8446
                                      Entrypoint Section:.text
                                      Digitally signed:false
                                      Imagebase:0x400000
                                      Subsystem:windows cui
                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                      Time Stamp:0x66C75AFE [Thu Aug 22 15:36:30 2024 UTC]
                                      TLS Callbacks:
                                      CLR (.Net) Version:
                                      OS Version Major:4
                                      OS Version Minor:0
                                      File Version Major:4
                                      File Version Minor:0
                                      Subsystem Version Major:4
                                      Subsystem Version Minor:0
                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                      Entrypoint Preview

                                      Instruction
                                      jmp dword ptr [004C8454h]
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      sub byte ptr [esp+ecx+00000000h], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al
                                      add byte ptr [eax], al

                                      Data Directories

                                      NameVirtual AddressVirtual Size Is in Section
                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc83f00x54.text
                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xca0000x575.rsrc
                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xcc0000xc.reloc
                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_IAT0xc84540x8.text
                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20000x48.text
                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                      Sections

                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                      .text0x20000xc64640xc660085e06bbd97a5f7a5745930511a7f50fdFalse0.3462557104599874data5.6102752609909645IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                      .rsrc0xca0000x5750x600706ed0398f1aa324656eb5102ff400cfFalse0.39453125data3.770686100904012IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                      .reloc0xcc0000xc0x200be5d798f694de0060b9e1c2130397ee5False0.044921875data0.09800417566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                      Resources

                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                      RT_VERSION0xca0900x36cdata0.3995433789954338
                                      RT_MANIFEST0xca40c0x169XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.6204986149584487

                                      Imports

                                      DLLImport
                                      mscoree.dll_CorExeMain

                                      Network Behavior

                                      Network Port Distribution

                                      TCP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Aug 27, 2024 09:28:09.678265095 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:09.678318024 CEST44349730172.67.203.125192.168.2.4
                                      Aug 27, 2024 09:28:09.678385019 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:09.704318047 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:09.704341888 CEST44349730172.67.203.125192.168.2.4
                                      Aug 27, 2024 09:28:10.585839033 CEST44349730172.67.203.125192.168.2.4
                                      Aug 27, 2024 09:28:10.586011887 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:10.689304113 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:10.689335108 CEST44349730172.67.203.125192.168.2.4
                                      Aug 27, 2024 09:28:10.689896107 CEST44349730172.67.203.125192.168.2.4
                                      Aug 27, 2024 09:28:10.733100891 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:11.093981981 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:11.140501976 CEST44349730172.67.203.125192.168.2.4
                                      Aug 27, 2024 09:28:11.230155945 CEST44349730172.67.203.125192.168.2.4
                                      Aug 27, 2024 09:28:11.230245113 CEST44349730172.67.203.125192.168.2.4
                                      Aug 27, 2024 09:28:11.230313063 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:11.250463009 CEST49730443192.168.2.4172.67.203.125
                                      Aug 27, 2024 09:28:13.307235003 CEST49732443192.168.2.4104.20.3.235
                                      Aug 27, 2024 09:28:13.307281971 CEST44349732104.20.3.235192.168.2.4
                                      Aug 27, 2024 09:28:13.307368040 CEST49732443192.168.2.4104.20.3.235
                                      Aug 27, 2024 09:28:13.308671951 CEST49732443192.168.2.4104.20.3.235
                                      Aug 27, 2024 09:28:13.308686972 CEST44349732104.20.3.235192.168.2.4
                                      Aug 27, 2024 09:28:13.769063950 CEST44349732104.20.3.235192.168.2.4
                                      Aug 27, 2024 09:28:13.769268990 CEST49732443192.168.2.4104.20.3.235
                                      Aug 27, 2024 09:28:13.778783083 CEST49732443192.168.2.4104.20.3.235
                                      Aug 27, 2024 09:28:13.778820038 CEST44349732104.20.3.235192.168.2.4
                                      Aug 27, 2024 09:28:13.779055119 CEST44349732104.20.3.235192.168.2.4
                                      Aug 27, 2024 09:28:13.782603979 CEST49732443192.168.2.4104.20.3.235
                                      Aug 27, 2024 09:28:13.828500032 CEST44349732104.20.3.235192.168.2.4
                                      Aug 27, 2024 09:28:13.905996084 CEST44349732104.20.3.235192.168.2.4
                                      Aug 27, 2024 09:28:13.906102896 CEST44349732104.20.3.235192.168.2.4
                                      Aug 27, 2024 09:28:13.906198978 CEST49732443192.168.2.4104.20.3.235
                                      Aug 27, 2024 09:28:13.906898022 CEST49732443192.168.2.4104.20.3.235
                                      Aug 27, 2024 09:28:14.263997078 CEST49733443192.168.2.4128.116.123.3
                                      Aug 27, 2024 09:28:14.264035940 CEST44349733128.116.123.3192.168.2.4
                                      Aug 27, 2024 09:28:14.264131069 CEST49733443192.168.2.4128.116.123.3
                                      Aug 27, 2024 09:28:14.264540911 CEST49733443192.168.2.4128.116.123.3
                                      Aug 27, 2024 09:28:14.264554024 CEST44349733128.116.123.3192.168.2.4
                                      Aug 27, 2024 09:28:14.991348982 CEST44349733128.116.123.3192.168.2.4
                                      Aug 27, 2024 09:28:14.991437912 CEST49733443192.168.2.4128.116.123.3
                                      Aug 27, 2024 09:28:14.993375063 CEST49733443192.168.2.4128.116.123.3
                                      Aug 27, 2024 09:28:14.993391991 CEST44349733128.116.123.3192.168.2.4
                                      Aug 27, 2024 09:28:14.993659019 CEST44349733128.116.123.3192.168.2.4
                                      Aug 27, 2024 09:28:14.994756937 CEST49733443192.168.2.4128.116.123.3
                                      Aug 27, 2024 09:28:15.040504932 CEST44349733128.116.123.3192.168.2.4
                                      Aug 27, 2024 09:28:15.638951063 CEST44349733128.116.123.3192.168.2.4
                                      Aug 27, 2024 09:28:15.639024973 CEST44349733128.116.123.3192.168.2.4
                                      Aug 27, 2024 09:28:15.639106035 CEST49733443192.168.2.4128.116.123.3
                                      Aug 27, 2024 09:28:15.639661074 CEST49733443192.168.2.4128.116.123.3
                                      Aug 27, 2024 09:28:17.500335932 CEST49734443192.168.2.4104.20.23.46
                                      Aug 27, 2024 09:28:17.500370979 CEST44349734104.20.23.46192.168.2.4
                                      Aug 27, 2024 09:28:17.500452995 CEST49734443192.168.2.4104.20.23.46
                                      Aug 27, 2024 09:28:17.500782967 CEST49734443192.168.2.4104.20.23.46
                                      Aug 27, 2024 09:28:17.500797987 CEST44349734104.20.23.46192.168.2.4
                                      Aug 27, 2024 09:28:17.997778893 CEST44349734104.20.23.46192.168.2.4
                                      Aug 27, 2024 09:28:17.997874975 CEST49734443192.168.2.4104.20.23.46
                                      Aug 27, 2024 09:28:18.000498056 CEST49734443192.168.2.4104.20.23.46
                                      Aug 27, 2024 09:28:18.000509977 CEST44349734104.20.23.46192.168.2.4
                                      Aug 27, 2024 09:28:18.000786066 CEST44349734104.20.23.46192.168.2.4
                                      Aug 27, 2024 09:28:18.001662970 CEST49734443192.168.2.4104.20.23.46
                                      Aug 27, 2024 09:28:18.048499107 CEST44349734104.20.23.46192.168.2.4
                                      Aug 27, 2024 09:28:18.371000051 CEST44349734104.20.23.46192.168.2.4
                                      Aug 27, 2024 09:28:18.371124029 CEST44349734104.20.23.46192.168.2.4
                                      Aug 27, 2024 09:28:18.371166945 CEST49734443192.168.2.4104.20.23.46
                                      Aug 27, 2024 09:28:18.371743917 CEST49734443192.168.2.4104.20.23.46

                                      UDP Packets

                                      TimestampSource PortDest PortSource IPDest IP
                                      Aug 27, 2024 09:28:09.586587906 CEST5969753192.168.2.41.1.1.1
                                      Aug 27, 2024 09:28:09.644995928 CEST53596971.1.1.1192.168.2.4
                                      Aug 27, 2024 09:28:13.299395084 CEST5841453192.168.2.41.1.1.1
                                      Aug 27, 2024 09:28:13.306457043 CEST53584141.1.1.1192.168.2.4
                                      Aug 27, 2024 09:28:14.255922079 CEST5515253192.168.2.41.1.1.1
                                      Aug 27, 2024 09:28:14.262789011 CEST53551521.1.1.1192.168.2.4
                                      Aug 27, 2024 09:28:17.271554947 CEST5653153192.168.2.41.1.1.1
                                      Aug 27, 2024 09:28:17.499455929 CEST53565311.1.1.1192.168.2.4
                                      Aug 27, 2024 09:28:18.373100042 CEST6490953192.168.2.41.1.1.1
                                      Aug 27, 2024 09:28:18.379633904 CEST53649091.1.1.1192.168.2.4

                                      DNS Queries

                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                      Aug 27, 2024 09:28:09.586587906 CEST192.168.2.41.1.1.10x1a31Standard query (0)getsolara.devA (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:13.299395084 CEST192.168.2.41.1.1.10xf21eStandard query (0)pastebin.comA (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:14.255922079 CEST192.168.2.41.1.1.10x1c8fStandard query (0)clientsettings.roblox.comA (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:17.271554947 CEST192.168.2.41.1.1.10x7120Standard query (0)www.nodejs.orgA (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:18.373100042 CEST192.168.2.41.1.1.10x4178Standard query (0)nodejs.orgA (IP address)IN (0x0001)false

                                      DNS Answers

                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                      Aug 27, 2024 09:28:09.644995928 CEST1.1.1.1192.168.2.40x1a31No error (0)getsolara.dev172.67.203.125A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:09.644995928 CEST1.1.1.1192.168.2.40x1a31No error (0)getsolara.dev104.21.93.27A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:13.306457043 CEST1.1.1.1192.168.2.40xf21eNo error (0)pastebin.com104.20.3.235A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:13.306457043 CEST1.1.1.1192.168.2.40xf21eNo error (0)pastebin.com104.20.4.235A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:13.306457043 CEST1.1.1.1192.168.2.40xf21eNo error (0)pastebin.com172.67.19.24A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:14.262789011 CEST1.1.1.1192.168.2.40x1c8fNo error (0)clientsettings.roblox.comtitanium.roblox.comCNAME (Canonical name)IN (0x0001)false
                                      Aug 27, 2024 09:28:14.262789011 CEST1.1.1.1192.168.2.40x1c8fNo error (0)titanium.roblox.comedge-term4.roblox.comCNAME (Canonical name)IN (0x0001)false
                                      Aug 27, 2024 09:28:14.262789011 CEST1.1.1.1192.168.2.40x1c8fNo error (0)edge-term4.roblox.comedge-term4-fra2.roblox.comCNAME (Canonical name)IN (0x0001)false
                                      Aug 27, 2024 09:28:14.262789011 CEST1.1.1.1192.168.2.40x1c8fNo error (0)edge-term4-fra2.roblox.com128.116.123.3A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:17.499455929 CEST1.1.1.1192.168.2.40x7120No error (0)www.nodejs.org104.20.23.46A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:17.499455929 CEST1.1.1.1192.168.2.40x7120No error (0)www.nodejs.org104.20.22.46A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:18.379633904 CEST1.1.1.1192.168.2.40x4178No error (0)nodejs.org104.20.22.46A (IP address)IN (0x0001)false
                                      Aug 27, 2024 09:28:18.379633904 CEST1.1.1.1192.168.2.40x4178No error (0)nodejs.org104.20.23.46A (IP address)IN (0x0001)false

                                      HTTP Request Dependency Graph

                                      • getsolara.dev
                                      • pastebin.com
                                      • clientsettings.roblox.com
                                      • www.nodejs.org

                                      HTTPS Proxied Packets

                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      0192.168.2.449730172.67.203.1254437484C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
                                      TimestampBytes transferredDirectionData
                                      2024-08-27 07:28:11 UTC81OUTGET /asset/discord.json HTTP/1.1
                                      Host: getsolara.dev
                                      Connection: Keep-Alive
                                      2024-08-27 07:28:11 UTC833INHTTP/1.1 200 OK
                                      Date: Tue, 27 Aug 2024 07:28:11 GMT
                                      Content-Type: application/json
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Access-Control-Allow-Origin: *
                                      Cache-Control: public, max-age=0, must-revalidate
                                      ETag: W/"8be3c6707c8ef32b379b1028057eeca2"
                                      referrer-policy: strict-origin-when-cross-origin
                                      x-content-type-options: nosniff
                                      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ans%2FR9DVEBEjqZtMq%2BE8IOw5OvaggUhJhU8bjl5BX%2Fcl42rgj4io2kirNh3dM9QTq1x83SjZsQGSMUR7Qx836tL7NDZqyy0h83D7aLaBKMiBI4r8S%2BEkYMa4RlI9e1TK"}],"group":"cf-nel","max_age":604800}
                                      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                      Vary: Accept-Encoding
                                      CF-Cache-Status: DYNAMIC
                                      Strict-Transport-Security: max-age=0
                                      Server: cloudflare
                                      CF-RAY: 8b9a57e5a9f832e8-EWR
                                      alt-svc: h3=":443"; ma=86400
                                      2024-08-27 07:28:11 UTC109INData Raw: 36 37 0d 0a 7b 0a 20 20 20 20 22 61 72 67 73 22 20 3a 20 7b 0a 20 20 20 20 20 20 20 22 63 6f 64 65 22 20 3a 20 22 50 62 70 35 56 73 77 7a 6d 57 22 0a 20 20 20 20 7d 2c 0a 20 20 20 20 22 63 6d 64 22 20 3a 20 22 49 4e 56 49 54 45 5f 42 52 4f 57 53 45 52 22 2c 0a 20 20 20 20 22 6e 6f 6e 63 65 22 20 3a 20 22 2e 22 0a 20 7d 0d 0a
                                      Data Ascii: 67{ "args" : { "code" : "Pbp5VswzmW" }, "cmd" : "INVITE_BROWSER", "nonce" : "." }
                                      2024-08-27 07:28:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      1192.168.2.449732104.20.3.2354437484C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
                                      TimestampBytes transferredDirectionData
                                      2024-08-27 07:28:13 UTC74OUTGET /raw/ZESVzSgK HTTP/1.1
                                      Host: pastebin.com
                                      Connection: Keep-Alive
                                      2024-08-27 07:28:13 UTC397INHTTP/1.1 200 OK
                                      Date: Tue, 27 Aug 2024 07:28:13 GMT
                                      Content-Type: text/plain; charset=utf-8
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      x-frame-options: DENY
                                      x-content-type-options: nosniff
                                      x-xss-protection: 1;mode=block
                                      cache-control: public, max-age=1801
                                      CF-Cache-Status: HIT
                                      Age: 815
                                      Last-Modified: Tue, 27 Aug 2024 07:14:38 GMT
                                      Server: cloudflare
                                      CF-RAY: 8b9a57f6884e5e74-EWR
                                      2024-08-27 07:28:13 UTC524INData Raw: 32 30 35 0d 0a 7b 0d 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 20 22 31 2e 31 37 22 2c 0d 0a 20 20 20 20 22 53 75 70 70 6f 72 74 65 64 43 6c 69 65 6e 74 22 3a 20 22 76 65 72 73 69 6f 6e 2d 38 36 63 33 35 39 37 61 38 37 66 34 34 39 35 65 22 2c 0d 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 56 65 72 73 69 6f 6e 22 3a 20 22 33 2e 31 30 34 22 2c 0d 0a 20 20 20 20 22 42 6f 6f 74 73 74 72 61 70 70 65 72 55 72 6c 22 3a 20 22 68 74 74 70 73 3a 2f 2f 34 63 32 30 36 37 32 30 2e 73 6f 6c 61 72 61 77 65 62 2d 61 6c 6a 2e 70 61 67 65 73 2e 64 65 76 2f 64 6f 77 6e 6c 6f 61 64 2f 73 74 61 74 69 63 2f 66 69 6c 65 73 2f 42 6f 6f 74 73 74 72 61 70 70 65 72 2e 65 78 65 22 2c 0d 0a 20 20 20 20 22 53 6f 66 74 77 61 72 65 55 72 6c 22 3a 22
                                      Data Ascii: 205{ "BootstrapperVersion": "1.17", "SupportedClient": "version-86c3597a87f4495e", "SoftwareVersion": "3.104", "BootstrapperUrl": "https://4c206720.solaraweb-alj.pages.dev/download/static/files/Bootstrapper.exe", "SoftwareUrl":"
                                      2024-08-27 07:28:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      2192.168.2.449733128.116.123.34437484C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
                                      TimestampBytes transferredDirectionData
                                      2024-08-27 07:28:14 UTC119OUTGET /v2/client-version/WindowsPlayer/channel/live HTTP/1.1
                                      Host: clientsettings.roblox.com
                                      Connection: Keep-Alive
                                      2024-08-27 07:28:15 UTC576INHTTP/1.1 200 OK
                                      content-length: 119
                                      content-type: application/json; charset=utf-8
                                      date: Tue, 27 Aug 2024 07:28:14 GMT
                                      server: Kestrel
                                      cache-control: no-cache
                                      strict-transport-security: max-age=3600
                                      x-frame-options: SAMEORIGIN
                                      roblox-machine-id: 90acd476-984a-a3df-2d47-c508d7890d89
                                      x-roblox-region: us-central_rbx
                                      x-roblox-edge: fra2
                                      report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
                                      nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
                                      connection: close
                                      2024-08-27 07:28:15 UTC119INData Raw: 7b 22 76 65 72 73 69 6f 6e 22 3a 22 30 2e 36 33 39 2e 30 2e 36 33 39 30 36 39 32 22 2c 22 63 6c 69 65 6e 74 56 65 72 73 69 6f 6e 55 70 6c 6f 61 64 22 3a 22 76 65 72 73 69 6f 6e 2d 38 36 63 33 35 39 37 61 38 37 66 34 34 39 35 65 22 2c 22 62 6f 6f 74 73 74 72 61 70 70 65 72 56 65 72 73 69 6f 6e 22 3a 22 31 2c 20 36 2c 20 30 2c 20 36 33 39 30 36 39 32 22 7d
                                      Data Ascii: {"version":"0.639.0.6390692","clientVersionUpload":"version-86c3597a87f4495e","bootstrapperVersion":"1, 6, 0, 6390692"}


                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                      3192.168.2.449734104.20.23.464437484C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
                                      TimestampBytes transferredDirectionData
                                      2024-08-27 07:28:17 UTC99OUTGET /dist/v18.16.0/node-v18.16.0-x64.msi HTTP/1.1
                                      Host: www.nodejs.org
                                      Connection: Keep-Alive
                                      2024-08-27 07:28:18 UTC497INHTTP/1.1 307 Temporary Redirect
                                      Date: Tue, 27 Aug 2024 07:28:18 GMT
                                      Content-Type: text/plain
                                      Transfer-Encoding: chunked
                                      Connection: close
                                      Cache-Control: public, max-age=0, must-revalidate
                                      location: https://nodejs.org/dist/v18.16.0/node-v18.16.0-x64.msi
                                      strict-transport-security: max-age=31536000; includeSubDomains; preload
                                      x-vercel-id: iad1::pdhtl-1724743698308-a4ba0c634d3d
                                      CF-Cache-Status: DYNAMIC
                                      X-Content-Type-Options: nosniff
                                      Server: cloudflare
                                      CF-RAY: 8b9a5810ed8dc33c-EWR
                                      2024-08-27 07:28:18 UTC20INData Raw: 66 0d 0a 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 0a 0d 0a
                                      Data Ascii: fRedirecting...
                                      2024-08-27 07:28:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                      Data Ascii: 0


                                      Statistics

                                      CPU Usage

                                      Click to jump to process

                                      Memory Usage

                                      Click to jump to process

                                      High Level Behavior Distribution

                                      Click to dive into process behavior distribution

                                      Behavior

                                      Click to jump to process

                                      System Behavior

                                      General

                                      Target ID:0
                                      Start time:03:28:08
                                      Start date:27/08/2024
                                      Path:C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe
                                      Wow64 process (32bit):false
                                      Commandline:"C:\Users\user\Desktop\SecuriteInfo.com.Win64.MalwareX-gen.4290.27796.exe"
                                      Imagebase:0x27ca6590000
                                      File size:815'104 bytes
                                      MD5 hash:4B94B989B0FE7BEC6311153B309DFE81
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:low
                                      Has exited:true

                                      General

                                      Target ID:1
                                      Start time:03:28:08
                                      Start date:27/08/2024
                                      Path:C:\Windows\System32\conhost.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                      Imagebase:0x7ff7699e0000
                                      File size:862'208 bytes
                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      General

                                      Target ID:5
                                      Start time:03:28:18
                                      Start date:27/08/2024
                                      Path:C:\Windows\System32\WerFault.exe
                                      Wow64 process (32bit):false
                                      Commandline:C:\Windows\system32\WerFault.exe -u -p 7484 -s 2172
                                      Imagebase:0x7ff638990000
                                      File size:570'736 bytes
                                      MD5 hash:FD27D9F6D02763BDE32511B5DF7FF7A0
                                      Has elevated privileges:true
                                      Has administrator privileges:true
                                      Programmed in:C, C++ or other language
                                      Reputation:high
                                      Has exited:true

                                      Disassembly

                                      Reset < >

                                        Executed Functions

                                        Function 00007FFD9B8A6F30 Relevance: 2.1, Strings: 1, Instructions: 888COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: \
                                        • API String ID: 0-2967466578
                                        • Opcode ID: b5381f15d6695d2ad762df1684fc91e94e6792cc47c0a01d30b8798f50d279c7
                                        • Instruction ID: 45b5b1e4d0b4420ed43a202286445bc718af565820643c752083757fe598f19b
                                        • Opcode Fuzzy Hash: b5381f15d6695d2ad762df1684fc91e94e6792cc47c0a01d30b8798f50d279c7
                                        • Instruction Fuzzy Hash: 43425330B0DA094FE769DB6884A567977D2EF9D300F0541BED49FC32A7DD28B94283A1
                                        Function 00007FFD9B895970 Relevance: .5, Instructions: 486COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: aedeb3464b0832397a6485097413037c2a9b629ecd4744a77edc63b04c144883
                                        • Instruction ID: 5f7163582937210a6df2ecc00225e9d3f87f06e516b50ac26e5ed7c7f97c2ee3
                                        • Opcode Fuzzy Hash: aedeb3464b0832397a6485097413037c2a9b629ecd4744a77edc63b04c144883
                                        • Instruction Fuzzy Hash: E8F1B531A1DF498FEB68EB1884556B6B7D2FFA8340F00457EE48DC32A6DE34B8418742
                                        Function 00007FFD9B8A210D Relevance: .5, Instructions: 468COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 000e002827bd6e5d036b394155cd2adb523a0532cdcfcb5b013a9f1a53c95ed5
                                        • Instruction ID: 79f53519411c7437806029e143f2bff13173ce7dd6ec2d462acdfad9c71e4802
                                        • Opcode Fuzzy Hash: 000e002827bd6e5d036b394155cd2adb523a0532cdcfcb5b013a9f1a53c95ed5
                                        • Instruction Fuzzy Hash: D102F83061DB898FD369CF68C1546A2BBE1FF69300F0586AED49AC72A2DE30F545CB51
                                        Function 00007FFD9B896850 Relevance: .4, Instructions: 380COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e073b0dcc93ae442d89b2c2d8951fb15421ae0c1f713b30f3aa147f2e789393d
                                        • Instruction ID: a6e658eea1bf763525eae30212cd59ac338c251f459e27dfebfa68598da3ad00
                                        • Opcode Fuzzy Hash: e073b0dcc93ae442d89b2c2d8951fb15421ae0c1f713b30f3aa147f2e789393d
                                        • Instruction Fuzzy Hash: 22C17F35B19A4D4FDFD4EF6CC859AAA3BE1FF6D350B01017AE449D32A1DA24E9418780
                                        Function 00007FFD9B8AA500 Relevance: 2.1, Strings: 1, Instructions: 809COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: f96f16dd5fdba706c53126aaffbcd4c429f7db284c5dd4008988a107af7ed8e8
                                        • Instruction ID: d6c2dc3599e7fdd04fa0ce209aef1cd17c037e593bdbb0873f7b715cbc06a4d2
                                        • Opcode Fuzzy Hash: f96f16dd5fdba706c53126aaffbcd4c429f7db284c5dd4008988a107af7ed8e8
                                        • Instruction Fuzzy Hash: 4142F631B19A4D4FE769DBACD8657B9B7E1FF98300F0501BAD04DC32A2DE34A9428B50
                                        Function 00007FFD9B89C41F Relevance: 1.8, Strings: 1, Instructions: 570COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ^
                                        • API String ID: 0-1590793086
                                        • Opcode ID: a9d3a6e0ad07780673e80992ce686b1aff9859cd6528cd4855b625b164dc43c0
                                        • Instruction ID: c0a564646407717287df40b846126ed2249adcb0564a350840645bfd4ca4d3a1
                                        • Opcode Fuzzy Hash: a9d3a6e0ad07780673e80992ce686b1aff9859cd6528cd4855b625b164dc43c0
                                        • Instruction Fuzzy Hash: 20F10621B09E4D4FEFA8EB6C8468AB47BD1EF68340B0541BAD40DC72A7DD25ED458781
                                        Function 00007FFD9B896968 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: L_^
                                        • API String ID: 0-925995230
                                        • Opcode ID: 0328e3ba0193903f97fa20e591d1728db312fade46a01a5b0647a71e95cfa487
                                        • Instruction ID: f8765abdcabf1c731148bf6f15c6af23e9e3e2ee600ddd536e71916e2bba0e71
                                        • Opcode Fuzzy Hash: 0328e3ba0193903f97fa20e591d1728db312fade46a01a5b0647a71e95cfa487
                                        • Instruction Fuzzy Hash: 99C1692270EA894FE765976CA8292A57BD1EF49350F4501BBC08DC71F3ED24A947C3A1
                                        Function 00007FFD9B898960 Relevance: 1.6, Strings: 1, Instructions: 383COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: 051700634d1b9a038e9f3ea2cd79ee3bb88305b6aac012ed970eda2de9ff2d25
                                        • Instruction ID: 84aa4fc7e53d3c4f1ff76b15649aa8ad949876efe9faf6d7b387ad6f3fdbb366
                                        • Opcode Fuzzy Hash: 051700634d1b9a038e9f3ea2cd79ee3bb88305b6aac012ed970eda2de9ff2d25
                                        • Instruction Fuzzy Hash: 2AC1ED30A1DB0A8FDB29DB58D8A1535BBE1FF98300B15457DD08AC36A6DA35F8438B81
                                        Function 00007FFD9B8A8DE0 Relevance: 1.6, Strings: 1, Instructions: 380COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: 1946165139dc42b95d014f836bc19f1d361b7c4e442736e55c3a36fee319ce2a
                                        • Instruction ID: f5600d2bd635bef8510e22667296cdc0e59bef7bffcd7247bcd315442ef3f8e9
                                        • Opcode Fuzzy Hash: 1946165139dc42b95d014f836bc19f1d361b7c4e442736e55c3a36fee319ce2a
                                        • Instruction Fuzzy Hash: DFC1DD30A1DB4D8FE768DB58D491536B3E1FF98300F14467ED09A83AA6DA35F8438B81
                                        Function 00007FFD9B89A23A Relevance: 1.6, Strings: 1, Instructions: 378COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: c36f10a1b4231807f4f5e4953c045277be3d133f018416060d4e512bbdd7d5e8
                                        • Instruction ID: 082375edc5c554197f43b696c272dd086825d4e7d9e9fff1d54a713bc174a8c9
                                        • Opcode Fuzzy Hash: c36f10a1b4231807f4f5e4953c045277be3d133f018416060d4e512bbdd7d5e8
                                        • Instruction Fuzzy Hash: 5FC12230A1EB4E4FDB6ADB58C864535BBE1FF99300B1545BDD08AC72A2DA35F842C781
                                        Function 00007FFD9B8A8D50 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: e2d681e14836dec705f068248534cf9a52fcb0d4006a0dcbcd3f943605669243
                                        • Instruction ID: fd653b34978f4239d3416a8ce0479c8937ffbf389b6412eae6424c97f112af5e
                                        • Opcode Fuzzy Hash: e2d681e14836dec705f068248534cf9a52fcb0d4006a0dcbcd3f943605669243
                                        • Instruction Fuzzy Hash: 2DB12231B18B4D4FD728EB4CA4905B6B3E1EF98314F1546BED09AC36A2DA35B8438791
                                        Function 00007FFD9B8A8D60 Relevance: 1.6, Strings: 1, Instructions: 361COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: d
                                        • API String ID: 0-2564639436
                                        • Opcode ID: c8f476c2cb388d5a743e7c01204d2978fb3aab0756223e5b82eff895a22d880b
                                        • Instruction ID: 674c408a59e27423ebd54671d82810fd3a0511d19ce87b6408f7eec8338339bb
                                        • Opcode Fuzzy Hash: c8f476c2cb388d5a743e7c01204d2978fb3aab0756223e5b82eff895a22d880b
                                        • Instruction Fuzzy Hash: 88B11130B18B4D8FD728EB4CD4905B6B3E1EF98314F1546BED09AC36A6DA35B8438791
                                        Function 00007FFD9B890B01 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: #CN_^
                                        • API String ID: 0-2341464291
                                        • Opcode ID: cd247cb9fde773f81b4805b4951fcddbbd288161d147b2ba03e0df2f2e96b50a
                                        • Instruction ID: 54b931c19d842893475924da7c39c18e0bedc41f6e60b1b21c9c69ec827176e5
                                        • Opcode Fuzzy Hash: cd247cb9fde773f81b4805b4951fcddbbd288161d147b2ba03e0df2f2e96b50a
                                        • Instruction Fuzzy Hash: 83A16E30F1A50D8FEB68EBA8C4746BC7BA2EF89748F150079D01ED72E2CE296941C751
                                        Function 00007FFD9B894689 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: M
                                        • API String ID: 0-3664761504
                                        • Opcode ID: dd101adcf807fa1745fe8b24a4b4bbaea16acf4f4d2d3c4b470f222570ceb9da
                                        • Instruction ID: ba7dbeb3d436de20bbbf3488f124874642c09364f26042c07e308ea8e887130a
                                        • Opcode Fuzzy Hash: dd101adcf807fa1745fe8b24a4b4bbaea16acf4f4d2d3c4b470f222570ceb9da
                                        • Instruction Fuzzy Hash: B981D553B0FBD94FEB3A57A868651A97F61EF8635070E42FFD088861E7EC0599068381
                                        Function 00007FFD9B895F40 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: M_H
                                        • API String ID: 0-372873180
                                        • Opcode ID: 21084434d980b4feb9b22e7496e6e8d1171024f37c8030b1778e1e2b715fd846
                                        • Instruction ID: 3fd253f615c0dacc21d2fb777a3517f3da5ad58557aeacbf73333b54922a4a06
                                        • Opcode Fuzzy Hash: 21084434d980b4feb9b22e7496e6e8d1171024f37c8030b1778e1e2b715fd846
                                        • Instruction Fuzzy Hash: FB61E8A2F1965D4FEB59E7ACE875AFC7BA1EF58350F0402B6D00DD71E3EC1868418641
                                        Function 00007FFD9B8A0555 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: M_^
                                        • API String ID: 0-921959145
                                        • Opcode ID: d71cf7cd7be35bf3e8ad825703129e997254f20dfc1944e14f00df88a89c1e73
                                        • Instruction ID: f36bbe86dec5873a6db81adb89ecd8262caff51cca356e857fe80e7c939110fc
                                        • Opcode Fuzzy Hash: d71cf7cd7be35bf3e8ad825703129e997254f20dfc1944e14f00df88a89c1e73
                                        • Instruction Fuzzy Hash: 9F513953B1F7DA4FD716A77CA8B55E53F61DF53618B0A02FBC0D88B0A3EC14650A8251
                                        Function 00007FFD9B8A0570 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: M_^
                                        • API String ID: 0-921959145
                                        • Opcode ID: b6b244168196c2a3ca4c15f0f04c0d5e932f429633bb5311d50c1edc73012ae7
                                        • Instruction ID: 0c8d267d6498bca8b759e09ea62a8148814a95655f1b404e7f2e7ab8c720d72b
                                        • Opcode Fuzzy Hash: b6b244168196c2a3ca4c15f0f04c0d5e932f429633bb5311d50c1edc73012ae7
                                        • Instruction Fuzzy Hash: 80513752B1F6CA0FE756A77CA8795E53F51DF56618B0A02FBC0DCCB0E3EC18650A8251
                                        Function 00007FFD9B8AE31D Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: #CN_^
                                        • API String ID: 0-2341464291
                                        • Opcode ID: 75c5b838f7695500ea7fdd3132c9b9dba067e6116df1a8b3acc2625c671109d9
                                        • Instruction ID: 7bd70ba83cbc57075dc9193bb700c261ba1848b5f32c6d5831fe285ae5064c22
                                        • Opcode Fuzzy Hash: 75c5b838f7695500ea7fdd3132c9b9dba067e6116df1a8b3acc2625c671109d9
                                        • Instruction Fuzzy Hash: 6C512931F0E94E4FE769EBA884357B937E1DF59341F0505BAE01DC72E6DE28A9408392
                                        Function 00007FFD9B89AFBD Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: +3
                                        • API String ID: 0-764479715
                                        • Opcode ID: 785d7402bf2621cd27b37eadb6fba2b39d29b3cb0e6732297c84bb396148754b
                                        • Instruction ID: d3eb1b983ecd063e9555d1f2befb4040ba9959092ef0edf89dbb05d20c307884
                                        • Opcode Fuzzy Hash: 785d7402bf2621cd27b37eadb6fba2b39d29b3cb0e6732297c84bb396148754b
                                        • Instruction Fuzzy Hash: 5E412A3270EE0E0FFFA8D64CA8A5AB577C5EB99360B0102BAD41DC71A6ED15ED424380
                                        Function 00007FFD9B8A2A68 Relevance: 1.4, Strings: 1, Instructions: 188COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: oL_H
                                        • API String ID: 0-2124793044
                                        • Opcode ID: 5836aedceedf107b5c54bee1a2af18ebbcba849a84dac93f7cf3b9791e859f65
                                        • Instruction ID: 06262f3322b634204cbbb0498c9ece37fa3ba99be0062b1e4eee47275788e14f
                                        • Opcode Fuzzy Hash: 5836aedceedf107b5c54bee1a2af18ebbcba849a84dac93f7cf3b9791e859f65
                                        • Instruction Fuzzy Hash: C0411812B0EE4E0FE7A9975C6C6D2752BD6DB9E26070542FBD00DC72A6EC09AC4243D1
                                        Function 00007FFD9B8ACBC8 Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: oL_H
                                        • API String ID: 0-2124793044
                                        • Opcode ID: 82fe824bae4f1a38eddc7c1ffc052fa814c586f71ef6c9afd5a253c458786656
                                        • Instruction ID: 82d54fcabdf948f7d5246c525aeb6670b639fcdf8bcc8cc4b544dd93ea2e7e59
                                        • Opcode Fuzzy Hash: 82fe824bae4f1a38eddc7c1ffc052fa814c586f71ef6c9afd5a253c458786656
                                        • Instruction Fuzzy Hash: BC412571B1EB8D0FD7A5976C5C691B53BD5EF9D36070642BBE00CC72A2ED18AC428391
                                        Function 00007FFD9B896910 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ^L_L
                                        • API String ID: 0-828350217
                                        • Opcode ID: 5175610e253f14f72334c16d7375fc4ef82db85df83dcc15bcf010afe6278034
                                        • Instruction ID: bb98128636a1bf0e09f361f80d13f908c3afa885b9223db7a6af32fd4d6d2f50
                                        • Opcode Fuzzy Hash: 5175610e253f14f72334c16d7375fc4ef82db85df83dcc15bcf010afe6278034
                                        • Instruction Fuzzy Hash: 56412572B1EA4C4FE7A8DB68985966573D1FFAC311F01017EE44DC32B2EE25A8428341
                                        Function 00007FFD9B8A05FA Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: M_^
                                        • API String ID: 0-921959145
                                        • Opcode ID: fe1450880ef7557c6d725ac99d6778b74b6a5d70d25a4b43894df67e0acd304c
                                        • Instruction ID: 7c0efdc09f29afae1e3d9d0422c5233b17199563c82d5597eb84c0b0f3acdf43
                                        • Opcode Fuzzy Hash: fe1450880ef7557c6d725ac99d6778b74b6a5d70d25a4b43894df67e0acd304c
                                        • Instruction Fuzzy Hash: CD416C53B1F6CE0FD762A76C98785E13F51DF96658B0A02FBC0DCCB0A3EC14650A8291
                                        Function 00007FFD9B8ADE5C Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: ^L_L
                                        • API String ID: 0-828350217
                                        • Opcode ID: edac5441e0323c8c8abc77a4508da2c01b4e312af9363e9ae4c7153ac01caa90
                                        • Instruction ID: 4179ad0e68c71e0182cef42d438f5c169051cc8f1b8e29daebb4d996b3695c67
                                        • Opcode Fuzzy Hash: edac5441e0323c8c8abc77a4508da2c01b4e312af9363e9ae4c7153ac01caa90
                                        • Instruction Fuzzy Hash: 4C315832B0EA4D0FE768AB6C986916537D1EF6D350B06017EE44CC32B3ED29AC46C341
                                        Function 00007FFD9B8AE615 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: #CN_^
                                        • API String ID: 0-2341464291
                                        • Opcode ID: a0fe7bdfb394302070eb1f30fde5455379988dbe8911656dfbcb256308bce795
                                        • Instruction ID: 246e393e97276acd69f8d1d425ce039eee82a5a601edbab13487403264bc6392
                                        • Opcode Fuzzy Hash: a0fe7bdfb394302070eb1f30fde5455379988dbe8911656dfbcb256308bce795
                                        • Instruction Fuzzy Hash: AD21F721F0F68A0FE75AA7A488346F47BA1DF4A744B1A05FAC04CCB5F7C82C5945C362
                                        Function 00007FFD9B8AE729 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: #CN_^
                                        • API String ID: 0-2341464291
                                        • Opcode ID: 017021b2e5b2fa6884d6931ff579716cdc103423050383e9a6c741465f3dced5
                                        • Instruction ID: 0ea8da9a4cd26259d027f0732cb38aaa6e15f4720ad910cb52b6a181ad409342
                                        • Opcode Fuzzy Hash: 017021b2e5b2fa6884d6931ff579716cdc103423050383e9a6c741465f3dced5
                                        • Instruction Fuzzy Hash: 1911AF20F1F68A4FE7A997A484756B83FA19F4B345F5A04FED049CB1F3DD2869048322
                                        Function 00007FFD9B89630A Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: H
                                        • API String ID: 0-2852464175
                                        • Opcode ID: 595060459c09636346e5520eb7b1893cdd4b4fca7838b9ffef24c323cf0ff854
                                        • Instruction ID: 1676e57afe5d99a2923479efc0754f79ddf6080b9e4d89da7511d97961ddf79a
                                        • Opcode Fuzzy Hash: 595060459c09636346e5520eb7b1893cdd4b4fca7838b9ffef24c323cf0ff854
                                        • Instruction Fuzzy Hash: 18F0E962B15E0B4FEB98AA9C54D44F4B392FBA8380750417BD01AC3196EE24B9428380
                                        Function 00007FFD9B8AEEB0 Relevance: .9, Instructions: 943COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c47bf947d916c3c61cfb663b8886cc48c7a1f5f9224ca2b8ccb1aa2b3ec7b286
                                        • Instruction ID: 3e0ac4e42712444a742308b4586c3791f07c655b37a8e89785d85b961474a994
                                        • Opcode Fuzzy Hash: c47bf947d916c3c61cfb663b8886cc48c7a1f5f9224ca2b8ccb1aa2b3ec7b286
                                        • Instruction Fuzzy Hash: D401845250F3D50FE72767A848361A87FA09F57204F4A45FBD0C88B4E3C91C6A458362
                                        Function 00007FFD9B896970 Relevance: .9, Instructions: 865COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 03b7cd493f7e1693e0b59d41b98297a5db57092463e44c6f56d33d9798499b24
                                        • Instruction ID: 99729c2f2897886660b926c589f6fd20609f3c1b64893849451c171c1da765b8
                                        • Opcode Fuzzy Hash: 03b7cd493f7e1693e0b59d41b98297a5db57092463e44c6f56d33d9798499b24
                                        • Instruction Fuzzy Hash: 43528130B1DA4D8FDFA8EF58C869AA937E2FF6C344F010579E44DD72A1DA24E9418750
                                        Function 00007FFD9B8959F0 Relevance: .6, Instructions: 629COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c918077acbb278189b9f6ae6da31dd3f4e34cb5a8eca31aad586336786a74a22
                                        • Instruction ID: a891f7779fb826dfef5a33f4521f6f9f103dba303f735d3b77d27e1c1bd83a9e
                                        • Opcode Fuzzy Hash: c918077acbb278189b9f6ae6da31dd3f4e34cb5a8eca31aad586336786a74a22
                                        • Instruction Fuzzy Hash: E902C721B19E4E0FEFACAB6C946567837D2EF9C350B0501BAE44DC72E6ED18BD424381
                                        Function 00007FFD9B8969A8 Relevance: .6, Instructions: 593COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1a8aadd312681df32fac6b0937cdc53650b8dfed82c096f53a3c166db9ed1477
                                        • Instruction ID: d79ffbd0583f18a9218ff81726308e0b5ea2b6955d2f9f864f5970c7530ba7d3
                                        • Opcode Fuzzy Hash: 1a8aadd312681df32fac6b0937cdc53650b8dfed82c096f53a3c166db9ed1477
                                        • Instruction Fuzzy Hash: A202087070DA498FDB69DB28D4A46B97BE1FF99300F14427ED48EC32A6DE34A941C781
                                        Function 00007FFD9B8A5CB0 Relevance: .6, Instructions: 572COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 033331af831150be92eac54191214a5f9bab55a8c98e15d4ec3fe383d656a015
                                        • Instruction ID: 28d8a2f3a159a4e51492310e06629d9be2c7150f17a3963874ebd9e8069496bb
                                        • Opcode Fuzzy Hash: 033331af831150be92eac54191214a5f9bab55a8c98e15d4ec3fe383d656a015
                                        • Instruction Fuzzy Hash: 59026C70B0DB4D4FDB69EB6C88655B97BE1EF99310B0501BEE44AC32B7DE24AD018781
                                        Function 00007FFD9B8A649D Relevance: .5, Instructions: 535COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ab66eea31019da1643a5ebebf15db20548612059ffd1d6daeaafd700a1251deb
                                        • Instruction ID: edf1147ed644041a32a2ffd1bde5d5a594800d3202093f2bce106e15e6fd0400
                                        • Opcode Fuzzy Hash: ab66eea31019da1643a5ebebf15db20548612059ffd1d6daeaafd700a1251deb
                                        • Instruction Fuzzy Hash: A0F13961F1DA4D4FEB689B6898752B837D2EF9D350F0601B9D40DC32EBED28AD418391
                                        Function 00007FFD9B8972A8 Relevance: .5, Instructions: 528COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ef6a53a90497193dfc31010e9bc902cff8c845701e9fa6798287e2534b38ce61
                                        • Instruction ID: 675e2aa5e4a0123d70d435bf7ad3ebdbd09e6c4ea20b9ea7b63acf27130abbe9
                                        • Opcode Fuzzy Hash: ef6a53a90497193dfc31010e9bc902cff8c845701e9fa6798287e2534b38ce61
                                        • Instruction Fuzzy Hash: 87E11731B1E94D4FEB98EB5C986567837D1EF5A350B0501BAE44EC32A7ED24EC42C391
                                        Function 00007FFD9B8AEED3 Relevance: .5, Instructions: 513COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f5528d37a18e4c252e4eca3af95fa4444fb261428a0e7eab617d6916d98cef0b
                                        • Instruction ID: 90b19cd8e71df2432db3e2cf1bae52c6f9b34de8e458f4e3739d389f53eeb979
                                        • Opcode Fuzzy Hash: f5528d37a18e4c252e4eca3af95fa4444fb261428a0e7eab617d6916d98cef0b
                                        • Instruction Fuzzy Hash: 8D1190A510F3C40FD7179B6858B11987FA0EF47204F4A00FFE4D88B0A3D6684A0AC352
                                        Function 00007FFD9B8AA3E8 Relevance: .5, Instructions: 493COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: eaa121cf7f242d187b9255101999c41b9cf78097bf694891948f26bb83a81b35
                                        • Instruction ID: 4693beec034abc28a7237aa48e050504c780ef560c0516ddb58f590297d72344
                                        • Opcode Fuzzy Hash: eaa121cf7f242d187b9255101999c41b9cf78097bf694891948f26bb83a81b35
                                        • Instruction Fuzzy Hash: AFF1F471F0991D8BE769EBACE8657E8B7A0FF58354F4401B6D04CD3193EE3469828B60
                                        Function 00007FFD9B8AA3E2 Relevance: .5, Instructions: 490COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bb8387a9b250ca46536cd566072febfab95ac8a56b8758ae2440ab4bc58de88e
                                        • Instruction ID: 8f8456fa110db7ad111fb5660db3c19ef8b5ab724fa90dba6fa70f522cb60a6b
                                        • Opcode Fuzzy Hash: bb8387a9b250ca46536cd566072febfab95ac8a56b8758ae2440ab4bc58de88e
                                        • Instruction Fuzzy Hash: DAF1F471F0995D8BE769EBACE8657ECB7A0FF58314F4401B6D04CD3192EE3469828B60
                                        Function 00007FFD9B8A4859 Relevance: .4, Instructions: 433COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e6ef82b79d7e0160d26f0296180688d9e18dd96dc492455b41c29148a661c88a
                                        • Instruction ID: 4cb737c2b4ab07e6e224d94a9a6548df472835090e96d99c93159a7f7872d870
                                        • Opcode Fuzzy Hash: e6ef82b79d7e0160d26f0296180688d9e18dd96dc492455b41c29148a661c88a
                                        • Instruction Fuzzy Hash: B9D1F621B0EA4A4AFB7957A854B12B977D1EF8D300F2A417EC04FC71E2DD2D7A4243A1
                                        Function 00007FFD9B8A63AC Relevance: .4, Instructions: 429COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 41f37463e0be9554d231d2c70fab41e9f0ee0c8a0bbd766f24c0ecc054be4a21
                                        • Instruction ID: 080c3df60503a1cd75040fce3c79b7dd007737001c3a2f6b6ede8f78ae53b976
                                        • Opcode Fuzzy Hash: 41f37463e0be9554d231d2c70fab41e9f0ee0c8a0bbd766f24c0ecc054be4a21
                                        • Instruction Fuzzy Hash: DDC10970B1DA4D4FEB95EB6C84A567837E2EF9D350B0601BAD44DC72E7DD28AC018351
                                        Function 00007FFD9B894C80 Relevance: .4, Instructions: 396COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b883ee3cf6a1126c177dc15e3a4ebc20385cf7c8062d56a2253a77bea883d36d
                                        • Instruction ID: 6b7ef7e81c2702ddac2976eb2c53dc406042a66e03c2734f273ee89efc350305
                                        • Opcode Fuzzy Hash: b883ee3cf6a1126c177dc15e3a4ebc20385cf7c8062d56a2253a77bea883d36d
                                        • Instruction Fuzzy Hash: 0BB1C621B0EB4E4FEBA9DBAC98746B83BD1EF59300B4940FAD44DC72A7DD54AD458340
                                        Function 00007FFD9B8984D5 Relevance: .4, Instructions: 388COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9b4c04989f8acf6a56fe3254cf232cd50e964d515d1472750a07bab896ef75f8
                                        • Instruction ID: ae8eb01898508dba5b2c84e6ce1ae932aecc052f6d1a9a2895bd9dc5fb8235ee
                                        • Opcode Fuzzy Hash: 9b4c04989f8acf6a56fe3254cf232cd50e964d515d1472750a07bab896ef75f8
                                        • Instruction Fuzzy Hash: 25A1BF21B0ED0E4FEEF4EB5C94A4A6477D2FF5C36071506BAD44EC72A6D925ED428340
                                        Function 00007FFD9B897298 Relevance: .4, Instructions: 384COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c9ad4f52f8e359dafdccec638ff1d702b6c4b5a627bede8e9a71b13dcacceca4
                                        • Instruction ID: ba74d614d1701b2b04cd129c331b6990a709c3ff43a48376d6463cc284e12a7c
                                        • Opcode Fuzzy Hash: c9ad4f52f8e359dafdccec638ff1d702b6c4b5a627bede8e9a71b13dcacceca4
                                        • Instruction Fuzzy Hash: A2A11932B0EA4E4FEBA5EBAC54B52B57BD2EF9E35070501BAD44DC31A2DD18AD06C350
                                        Function 00007FFD9B89F006 Relevance: .4, Instructions: 383COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dc4147c61e51dbb78ba04f24e7cfaf8ba18f1ce52a8abd13bc0f0d222ab24028
                                        • Instruction ID: c1f2ead8536b1888b02c982798c4f5b032ad0d91f06a2f9bd4d2f8bbc7aa5612
                                        • Opcode Fuzzy Hash: dc4147c61e51dbb78ba04f24e7cfaf8ba18f1ce52a8abd13bc0f0d222ab24028
                                        • Instruction Fuzzy Hash: 23C18570A1DF494FEB68EF6884556B677D2FFA8300F05457EE48DC32A6DE34A8418742
                                        Function 00007FFD9B8979A8 Relevance: .4, Instructions: 364COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f1bd2e49ea7706eae12e7131cac22a3ec8a9fbfd4ede39e1ec6592a41cac4572
                                        • Instruction ID: 2a37761dd4903b76ef67849928b4fd0f092cf7312b0af198813146c70ad26319
                                        • Opcode Fuzzy Hash: f1bd2e49ea7706eae12e7131cac22a3ec8a9fbfd4ede39e1ec6592a41cac4572
                                        • Instruction Fuzzy Hash: 6BA1F721B1D91D0FEBA4EB5CA8657B577C1EF9C360F0601BBE44DC72A5EE189D824381
                                        Function 00007FFD9B8968D0 Relevance: .4, Instructions: 359COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 826d5e9c88ade043a08eb60fa788f72b7931dad1e59bdd7cf4036afa0cbc196e
                                        • Instruction ID: 430581692672a145b940afab5fe727f368695f6ecd70653a7bd8d6b3c565dbba
                                        • Opcode Fuzzy Hash: 826d5e9c88ade043a08eb60fa788f72b7931dad1e59bdd7cf4036afa0cbc196e
                                        • Instruction Fuzzy Hash: 43A1E671B1CA0C4FEB68DB5CAC596B877D1EB9D710F05017EE04AD32A2DA25F8418B82
                                        Function 00007FFD9B8A0873 Relevance: .4, Instructions: 352COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ce1f6fd4eb24e3acda3e917b44b803cd48841416cc847c452ade3a3245e5d944
                                        • Instruction ID: e47571709651e24dba225a815e3cf440c86aa402e58d8629f5aee4e8fcd4c2ec
                                        • Opcode Fuzzy Hash: ce1f6fd4eb24e3acda3e917b44b803cd48841416cc847c452ade3a3245e5d944
                                        • Instruction Fuzzy Hash: F2B10961F2E94E4FFBA4DB9858B56B827D2EF9D744F1A00B9E44DC31F2DD24A9028311
                                        Function 00007FFD9B8AEAA9 Relevance: .3, Instructions: 339COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fdaeb755ca1e2f1765845ec621da948124f6a3186884a4bd642e81be0097e818
                                        • Instruction ID: 8065eb7a8db3f8476a165895b8f7e2f3a5b4f9cfc18983d2eb701fe3601e4a0a
                                        • Opcode Fuzzy Hash: fdaeb755ca1e2f1765845ec621da948124f6a3186884a4bd642e81be0097e818
                                        • Instruction Fuzzy Hash: 95913872B0DA4D0FE7A8DBAC98A567577D1EF99351B15007AE04DC32A6EE24AC038391
                                        Function 00007FFD9B899793 Relevance: .3, Instructions: 337COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 12169217a8265d5aab559cfdb1acd1c2edb4d96f4c20082e625d11366601d82d
                                        • Instruction ID: 7c73737991b2e7569d31457096954ad6132f6d6e7149c1db9660610290ba1e77
                                        • Opcode Fuzzy Hash: 12169217a8265d5aab559cfdb1acd1c2edb4d96f4c20082e625d11366601d82d
                                        • Instruction Fuzzy Hash: 1DC16571E15A5D8FEBA9DB58D8997E8B7B1FF58340F4101FAA40DD3292DE346E818B00
                                        Function 00007FFD9B89EB7F Relevance: .3, Instructions: 333COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fafc6138991a2bb5b4ea50ccb924bc2451da8a3d2d73b44ed209e1347eb1e26b
                                        • Instruction ID: ddf7c558d92d10d2f8fcf0ec5b63791e07a1e0dfcd0303c310303afe78275f0f
                                        • Opcode Fuzzy Hash: fafc6138991a2bb5b4ea50ccb924bc2451da8a3d2d73b44ed209e1347eb1e26b
                                        • Instruction Fuzzy Hash: F5313032B0DB498FE724E75898595F4BFD0EF98311F1506BBD04DC34E2DD24A5498342
                                        Function 00007FFD9B893DB0 Relevance: .3, Instructions: 332COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fae5fcd36bd6cea1f31a1074cc8bd08d9c38449cb3085b88b6ccba615b1d46d5
                                        • Instruction ID: 231e70ba9ca681dbbc4207c603586ecdb2480edfcfd0160272aadd9364b02386
                                        • Opcode Fuzzy Hash: fae5fcd36bd6cea1f31a1074cc8bd08d9c38449cb3085b88b6ccba615b1d46d5
                                        • Instruction Fuzzy Hash: F2B10621B0E74E4FE778ABA844A42B977D1EF49310F0641BBD45EC71E3ED2CA9468361
                                        Function 00007FFD9B8963E9 Relevance: .3, Instructions: 331COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: bccde5b3381c805bb696772bad32033ac57d48ee3c78fcd7f7ae451a80ad7103
                                        • Instruction ID: ec3a6f88ed26fb898f82ac21695b1e4fa6c2eeb92a42e6ea451f008cda4b9e36
                                        • Opcode Fuzzy Hash: bccde5b3381c805bb696772bad32033ac57d48ee3c78fcd7f7ae451a80ad7103
                                        • Instruction Fuzzy Hash: EB917F62A0FBC90FDB5B8B7498745647FB0EF5724070E41EBD488CB1E7DA18A90AC752
                                        Function 00007FFD9B892FF2 Relevance: .3, Instructions: 324COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dca4a91d8f6e4f1b6d17964bab0609425ea92bdec833d5225d7913eb6d715b0d
                                        • Instruction ID: 417088c063744bf74b5082ea90f595831a669f16f3c4a3784448e4a8cbf9d2c6
                                        • Opcode Fuzzy Hash: dca4a91d8f6e4f1b6d17964bab0609425ea92bdec833d5225d7913eb6d715b0d
                                        • Instruction Fuzzy Hash: 8E913253B0D6B68AE31A77FCB8795E97F50CF85379B0841B7D18D8A0D7A848248783D1
                                        Function 00007FFD9B89A664 Relevance: .3, Instructions: 307COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d25480ea19fda175968f37c2fcb0c3e81ecfbed3e615c7bec08f85f0ee875878
                                        • Instruction ID: f92b374335f099e06afb06f0ec3840261dcd0f495c5da6938ade2322b4c0393b
                                        • Opcode Fuzzy Hash: d25480ea19fda175968f37c2fcb0c3e81ecfbed3e615c7bec08f85f0ee875878
                                        • Instruction Fuzzy Hash: 44912230B19B4E5FDB68DB6894A55B57BE0FF99310B10467ED09AC31A6EE34F8438780
                                        Function 00007FFD9B8AACE4 Relevance: .3, Instructions: 307COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 40e8556392744d93f63446e1e7d0796f0f6475a80277cf0bdb24529b717654d1
                                        • Instruction ID: ac2aaddd0682efc4cac782fd86ed37f99e1a9330e0ebf809410a55c02ec50179
                                        • Opcode Fuzzy Hash: 40e8556392744d93f63446e1e7d0796f0f6475a80277cf0bdb24529b717654d1
                                        • Instruction Fuzzy Hash: 66912130B19B4E4FD768DB6C94A15B6B7E0EF99310F14467ED09AC35A6EE34F8428780
                                        Function 00007FFD9B89B280 Relevance: .3, Instructions: 290COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 648d9989b977fe97b7191642cef2198bf4d98cddd0dd973305335ec9e056a9e3
                                        • Instruction ID: 581c29c66b09e83f71242146bc4f63c8fef66fa9808bed41906b3d1e7efb5a5b
                                        • Opcode Fuzzy Hash: 648d9989b977fe97b7191642cef2198bf4d98cddd0dd973305335ec9e056a9e3
                                        • Instruction Fuzzy Hash: 8E711522B1ED4E0FEBA5D6AC64692753BC5EFAC361B2501BBE44DC32A5DD14DD438380
                                        Function 00007FFD9B8A8E68 Relevance: .3, Instructions: 290COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d6eb3c3a8d6e35b821d6b0724388a5b15355b40071bb5655b9f72fb509b5ff5
                                        • Instruction ID: 1b6c19568eccfe037f12a31b434c901d5c65fe6b72d51be8f8e77058db63c024
                                        • Opcode Fuzzy Hash: 2d6eb3c3a8d6e35b821d6b0724388a5b15355b40071bb5655b9f72fb509b5ff5
                                        • Instruction Fuzzy Hash: 2481423061DB8D8FD768EB6894945B577E0EF99310F14067EE48AC36A2EE34F8428791
                                        Function 00007FFD9B89590A Relevance: .3, Instructions: 289COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ab9d017bd14a47cf4ce102e840aa25d21c1ba0d73dfe1f8b7e557efeb5adb1e4
                                        • Instruction ID: b86a95dec8763917c17881b3995cfde74927453e82e704bf662ef0a81411e867
                                        • Opcode Fuzzy Hash: ab9d017bd14a47cf4ce102e840aa25d21c1ba0d73dfe1f8b7e557efeb5adb1e4
                                        • Instruction Fuzzy Hash: 4D913A32A1DE4A4FEB68E75884A47B5BBD1FF68340F1546BAD04EC34E2DD38B9498341
                                        Function 00007FFD9B893A1D Relevance: .3, Instructions: 287COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 982472915ab819e7c3ee34372fa9fb5d78faf277e1bb058bfcd8ffe0c6f89780
                                        • Instruction ID: 9cc1e1e4c4f0576bf27f3a04b85f3a5ae44477f531e0bd20acb49ce666e2ea93
                                        • Opcode Fuzzy Hash: 982472915ab819e7c3ee34372fa9fb5d78faf277e1bb058bfcd8ffe0c6f89780
                                        • Instruction Fuzzy Hash: 35812731B0E91E4FEB78AB9CD4646B577D1EF49310B0601BAD44DCB2F6DD29AD828390
                                        Function 00007FFD9B8AB030 Relevance: .3, Instructions: 287COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1b00594ba0aef4e72fcb3dfde0f23646c1aca96e9b8e0dbeb178cf61a7be7634
                                        • Instruction ID: f341427775a1354f280249b23cb751ce9557ea0990621dfd287a10b118e0837f
                                        • Opcode Fuzzy Hash: 1b00594ba0aef4e72fcb3dfde0f23646c1aca96e9b8e0dbeb178cf61a7be7634
                                        • Instruction Fuzzy Hash: DE71453170EB4E4FE3698B6898A46707BE4EF5A320B1502BED08DC71B3D929A8438751
                                        Function 00007FFD9B896985 Relevance: .3, Instructions: 272COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e493b963bfcbcdfefa53fefbb56a39f9bac818a14a7a548e7c35b292ef80a6d0
                                        • Instruction ID: 71013cc8d9c2b716bfcc70a10c76cf3cc208ff733004d1f004778ca2d4fb7a84
                                        • Opcode Fuzzy Hash: e493b963bfcbcdfefa53fefbb56a39f9bac818a14a7a548e7c35b292ef80a6d0
                                        • Instruction Fuzzy Hash: 1871F971B1DA5C8FDB69DB5CD8A55AD7BE1FF98701B04017FE48AC3261DD20A902CB81
                                        Function 00007FFD9B896988 Relevance: .3, Instructions: 269COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f24486e5b3e46a46f114dce391fc2a71b0adea34c6b46bed742001703e0f4777
                                        • Instruction ID: 3ed18b4fcbbc66af940ae767505f22f44e804a327ccb8fed2a972d7013c60e2c
                                        • Opcode Fuzzy Hash: f24486e5b3e46a46f114dce391fc2a71b0adea34c6b46bed742001703e0f4777
                                        • Instruction Fuzzy Hash: 6571E871B1DA1C8FDB69DB5CD8A55AD7BE1FF99701B04017FE48AC3261DE20A902CB81
                                        Function 00007FFD9B8A0C51 Relevance: .3, Instructions: 266COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b15b3acd7b89e7a4212c46f9aa53e0bece4baac520274b2bf088b29020c85bd4
                                        • Instruction ID: 7a6dcb33ab9b1eea17927df0212173b5ae6e816983a37b9701dddeeb8bfd9b81
                                        • Opcode Fuzzy Hash: b15b3acd7b89e7a4212c46f9aa53e0bece4baac520274b2bf088b29020c85bd4
                                        • Instruction Fuzzy Hash: E9713962F1E98D4FDBA5DB6858715A93BE2EF9D740B0901BBE08CD31E6DD186C01C391
                                        Function 00007FFD9B896998 Relevance: .3, Instructions: 257COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: a059295139ad09b6edacac8e6bae094c1592542b98360eab1851faf0394bdea3
                                        • Instruction ID: dc1967e0a8c2bff81c995d09c2e4162cbb29fa1f7417713aaf165ed19c315406
                                        • Opcode Fuzzy Hash: a059295139ad09b6edacac8e6bae094c1592542b98360eab1851faf0394bdea3
                                        • Instruction Fuzzy Hash: FB71E971A1DA5C8FDB69DB5CD8A55AC7BF1FF58700B05017EE48AD3262DE20E902CB81
                                        Function 00007FFD9B8A6A20 Relevance: .3, Instructions: 251COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1dad8d4ad4310a82d59e1d3f847639525dd625953ed827dbf8ae8acf29ff3ab3
                                        • Instruction ID: f1441fc085bc8ed545f5ad3bf5abb2b58ae343e1a28ab68647a679842eed39d3
                                        • Opcode Fuzzy Hash: 1dad8d4ad4310a82d59e1d3f847639525dd625953ed827dbf8ae8acf29ff3ab3
                                        • Instruction Fuzzy Hash: 0C818761B0E68E4FE37597B888642B57BE1EF4A310F1641BAC08AC70E7DD1C69468361
                                        Function 00007FFD9B8A1D70 Relevance: .2, Instructions: 245COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 289d283844abee01e79df8fa5b6bda9507874e9b32abdb909523a2558cdaec6c
                                        • Instruction ID: 4952bd5664abb5ace036895083b53d14854b9f57e5004b9d762e19538e1cf676
                                        • Opcode Fuzzy Hash: 289d283844abee01e79df8fa5b6bda9507874e9b32abdb909523a2558cdaec6c
                                        • Instruction Fuzzy Hash: 64611622B1ED4D4FEBE8E75C986566823D2EF9D750B4901FAD40DC72E6DE08ED428390
                                        Function 00007FFD9B893C98 Relevance: .2, Instructions: 242COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ea11d8c84377050ff8c14e17e7f17c434dfca1f2d27b259cd45046bb23305bae
                                        • Instruction ID: f3ce8ecb719cf7910e94bedd4606a34511ede52fbf757ca1bc43a441e8496d93
                                        • Opcode Fuzzy Hash: ea11d8c84377050ff8c14e17e7f17c434dfca1f2d27b259cd45046bb23305bae
                                        • Instruction Fuzzy Hash: B171223170AB498BD778DB6884A4AB6B7D4EF99300F11457ED04BC72A2DE28F942C781
                                        Function 00007FFD9B897250 Relevance: .2, Instructions: 234COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 41c107c96336919056c4d412b632e539a1ff90bc9459bc30e644ff6373a1b4b4
                                        • Instruction ID: 45398453038271f2ff57ed4f82ae0de9e552cebc195a79b7572a72edc507ced9
                                        • Opcode Fuzzy Hash: 41c107c96336919056c4d412b632e539a1ff90bc9459bc30e644ff6373a1b4b4
                                        • Instruction Fuzzy Hash: 6461FB22F1A94D4FEBA9DB6C98715A977D2EF9C740F05017AE44DD32E6DE246C018390
                                        Function 00007FFD9B89FF5E Relevance: .2, Instructions: 227COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e5a3d022a06f29815f92b96aa588fd7bd21ef913472df6dd68faf049a2daafa8
                                        • Instruction ID: 7763ed1e58f4e15606e1186371b0f71ff6d05d2e9688450bd7c687e18c37154e
                                        • Opcode Fuzzy Hash: e5a3d022a06f29815f92b96aa588fd7bd21ef913472df6dd68faf049a2daafa8
                                        • Instruction Fuzzy Hash: 0761E431F1994D8FDF98DB989860AEDBBA1FF5C340F0541B9D04DD72A6DE38A9428740
                                        Function 00007FFD9B8A1B6E Relevance: .2, Instructions: 223COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f71a35c624b2354e793cd1a94dccdfe3e142ededee8d7a79499b12b1583993aa
                                        • Instruction ID: 8ee9e13bc5f900789d4e07b921235514058ef867922e88abde6b216657fb40b2
                                        • Opcode Fuzzy Hash: f71a35c624b2354e793cd1a94dccdfe3e142ededee8d7a79499b12b1583993aa
                                        • Instruction Fuzzy Hash: 0561E820B1DA8D4FDB69EB6C54656B93BD1EF59340F0501ABE44AC32A3DD28A942C392
                                        Function 00007FFD9B8989F0 Relevance: .2, Instructions: 211COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 690d206b21675e9dfba8d8457e2a89b78c661309cf7fdf3578e342fe79787d88
                                        • Instruction ID: 44e52cd8457c3283f54ddd1a72844c8c1f859355cd09581b9941163c6dce9e82
                                        • Opcode Fuzzy Hash: 690d206b21675e9dfba8d8457e2a89b78c661309cf7fdf3578e342fe79787d88
                                        • Instruction Fuzzy Hash: DD512230719A0E9FDB68DB5CD894A717BE0FF98314715067DD49EC7272DA39B8828780
                                        Function 00007FFD9B8A1461 Relevance: .2, Instructions: 197COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: dcabd1e7da5633c726a5415f172fe65518d145b796ff1d60959e259b376e4f01
                                        • Instruction ID: 21896de91abc164e7a3c7304cc1f6313348bad566ce6e8968ac9b85cda44e004
                                        • Opcode Fuzzy Hash: dcabd1e7da5633c726a5415f172fe65518d145b796ff1d60959e259b376e4f01
                                        • Instruction Fuzzy Hash: CA51E62071E94D4FDBA5FB9C8864A7537D2EF9A310B1501BAD44EC72A7DD28EC42C390
                                        Function 00007FFD9B8A8EFA Relevance: .2, Instructions: 188COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8e6cf39e172aac48f98941ef9e866cb1c8044be9f5c186e947268ebd30f69526
                                        • Instruction ID: c2ed8bc66a0d8a2c6b1fcd5ef697ba5e39adf92e1ddd01606bf3c319e5190e91
                                        • Opcode Fuzzy Hash: 8e6cf39e172aac48f98941ef9e866cb1c8044be9f5c186e947268ebd30f69526
                                        • Instruction Fuzzy Hash: B8519E30A0EA4D8FDFA4DF58C8696E93BE1FF59344F0105B9E44DD32A1DA38A941CB91
                                        Function 00007FFD9B898E8D Relevance: .2, Instructions: 178COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: df083595b4cd9de0a532ed873f65acaf67647d80e5e6923b8423b1332ac60253
                                        • Instruction ID: 16c784820738d234ddb35bb31f6900fd17552899e22e65e1b339f03833d8de95
                                        • Opcode Fuzzy Hash: df083595b4cd9de0a532ed873f65acaf67647d80e5e6923b8423b1332ac60253
                                        • Instruction Fuzzy Hash: 1E51A971E1955D8FEBA5DB58D8A57ACB7B1FF58340F0001FAE00DE31A6DE3459828B40
                                        Function 00007FFD9B89C098 Relevance: .2, Instructions: 167COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 251c40cbecd0a4623bc2a900c8365b2c3686bd3df57678152eb31a589fa5185a
                                        • Instruction ID: 54a552e6761f396f9e341c57c4c92153d092dcbe9c7e3367151cc48c3aee6165
                                        • Opcode Fuzzy Hash: 251c40cbecd0a4623bc2a900c8365b2c3686bd3df57678152eb31a589fa5185a
                                        • Instruction Fuzzy Hash: 02417B2170E64D0FEB64A3ACBC595B17BD0DB8A331F1508BBD44DC31A7EC5A6C8283A1
                                        Function 00007FFD9B897731 Relevance: .2, Instructions: 159COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8ce64fab4e406468f14d949de7dcb0ef80113b7c833dd0f8204ff885524cafae
                                        • Instruction ID: e6983ef70c52260dee11f8d84f65f1fcd29dbde5922ec5f84e0868934e8f8342
                                        • Opcode Fuzzy Hash: 8ce64fab4e406468f14d949de7dcb0ef80113b7c833dd0f8204ff885524cafae
                                        • Instruction Fuzzy Hash: AE41DF56B0E6AA4FE71B626C7C764E93FA0DF4222970802F7D099CB0D3EC09544B8392
                                        Function 00007FFD9B89E5D1 Relevance: .2, Instructions: 159COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 122573b044ed27af5c6ef36e800b93e7c30ba892c0a2c1e8ef31168ade8dd38e
                                        • Instruction ID: 6a7b619a980fa763d5a03b98d12b484cb26e93075727b6e7dd7ef957af446ed5
                                        • Opcode Fuzzy Hash: 122573b044ed27af5c6ef36e800b93e7c30ba892c0a2c1e8ef31168ade8dd38e
                                        • Instruction Fuzzy Hash: 38411420B0DA4D0FEB99EB5CC829A757BD1EF99311B0541BEE44EC72E7DE18AC458341
                                        Function 00007FFD9B89B11D Relevance: .2, Instructions: 156COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: fd35fcb138a9453a6f0a82c1ebdfb5a0b92c000671229731a2c9880067a1c082
                                        • Instruction ID: cdd304209120015eb81bf100005f151181317a8e208c82dbaafbc93285bff341
                                        • Opcode Fuzzy Hash: fd35fcb138a9453a6f0a82c1ebdfb5a0b92c000671229731a2c9880067a1c082
                                        • Instruction Fuzzy Hash: C0411411B0FA8E0FEBAAA7A858647B43FD5DF5A340B0601BAE04CC71F3DC19AD424391
                                        Function 00007FFD9B89097F Relevance: .2, Instructions: 154COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9cdcce79da763064cf681dda60f21bf0eaa72c0fa2e2f5392052af5c994df9b4
                                        • Instruction ID: 1ea267f62bda397f84c24e74fb7a77cc74bc48f0e1b67a440e18a94cacb40728
                                        • Opcode Fuzzy Hash: 9cdcce79da763064cf681dda60f21bf0eaa72c0fa2e2f5392052af5c994df9b4
                                        • Instruction Fuzzy Hash: F051D771F1AA4D4FEB9DEB7884646AD7BE1EF58700B0101B9D00DC72E7DE38A9418741
                                        Function 00007FFD9B8A5F53 Relevance: .2, Instructions: 154COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 059ca289ac5b9d6f0313f57dc423dc47dfc2bddd07c21f9b0ede715bafb4ee07
                                        • Instruction ID: f703beb23691eec2fcbda84246d3115f0b5232d894e00930e3dda1104e797c06
                                        • Opcode Fuzzy Hash: 059ca289ac5b9d6f0313f57dc423dc47dfc2bddd07c21f9b0ede715bafb4ee07
                                        • Instruction Fuzzy Hash: F641E87160D7C95FDB66976888256A43FF1EF4B220F0901EBD489C72B3DA19AC46C391
                                        Function 00007FFD9B8A439A Relevance: .2, Instructions: 150COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6c328b84a8d82b807b3e47c105dcc5719c939aa0c34d66caa1084b29e9ce123b
                                        • Instruction ID: 4edccd0e90a9b82b68ce42932821d7541e2f48bc214bf0588b1593d642ad09dc
                                        • Opcode Fuzzy Hash: 6c328b84a8d82b807b3e47c105dcc5719c939aa0c34d66caa1084b29e9ce123b
                                        • Instruction Fuzzy Hash: E841C011B0FA8D0FEBAA976844742643BE1EF9A250B1A41FBD48DCB1F3DA189D058361
                                        Function 00007FFD9B89ADA5 Relevance: .1, Instructions: 147COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 25fd10a80ed63ca50f9a9203d16182e03ca347bc3320add8186f74e13f75598d
                                        • Instruction ID: 52e029fdf20ccbb8826027bd08c311ec517ef6a74a22b62f5d2b5e02770ebdd7
                                        • Opcode Fuzzy Hash: 25fd10a80ed63ca50f9a9203d16182e03ca347bc3320add8186f74e13f75598d
                                        • Instruction Fuzzy Hash: DD31A267B0EE4E0FEFE8DA9C54A826827C2EBAC39171541BBD44DC32A5DD20EC068340
                                        Function 00007FFD9B89D210 Relevance: .1, Instructions: 146COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 860784c39378be50fc91f7b085b4162f44f6b82095521ef017a3b2ddd0db81c6
                                        • Instruction ID: f41b70492a4676918bcfc279dfedeaf768d788ce55de5455c803f2225c850226
                                        • Opcode Fuzzy Hash: 860784c39378be50fc91f7b085b4162f44f6b82095521ef017a3b2ddd0db81c6
                                        • Instruction Fuzzy Hash: 8E418F30719A4A8FEFA9EB6CC060E61BBD1EF59300B1545B9D04EC72B6DE24F945C740
                                        Function 00007FFD9B8A4DF0 Relevance: .1, Instructions: 140COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0591697feccd7ab193c35865128191b772dd461621c0cf0c88c42aae50212297
                                        • Instruction ID: 3f04a32c451ef87d7d8c7542f0513f5f227735cc37baf58e47aaf8393e7ae01a
                                        • Opcode Fuzzy Hash: 0591697feccd7ab193c35865128191b772dd461621c0cf0c88c42aae50212297
                                        • Instruction Fuzzy Hash: 2741F230B19E094FDB68D738D4A5AA5B7D1FF88310F09457DD49EC32A5DE29B942C380
                                        Function 00007FFD9B8908E7 Relevance: .1, Instructions: 126COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1cf40833f7a7102ca539e0e4988c09d46b09212ba2c9f320089f23fdef0eec0e
                                        • Instruction ID: 5327789dd0428757ed3b272209bf8f4a789447117cf22c45006ef03b1a5a7182
                                        • Opcode Fuzzy Hash: 1cf40833f7a7102ca539e0e4988c09d46b09212ba2c9f320089f23fdef0eec0e
                                        • Instruction Fuzzy Hash: F141C671F1AA4D4FEB99EBB884396BCBAE1EF99740F0500B9D40DC72E7DD2869418341
                                        Function 00007FFD9B8A4310 Relevance: .1, Instructions: 124COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 743c92247f8544a23cfb73de3ef76f3a1524637dab64bb7caa4a49a77f2e0a4f
                                        • Instruction ID: d2f4f38667352f9c2c227bb2d8677bad3f3fd5326f2fb6de5f87947654ba85e5
                                        • Opcode Fuzzy Hash: 743c92247f8544a23cfb73de3ef76f3a1524637dab64bb7caa4a49a77f2e0a4f
                                        • Instruction Fuzzy Hash: D631E621A0EA8D4FDB66977898346B43FA0EF56250B1E41FBD489CB1F3DA089D458351
                                        Function 00007FFD9B89BA7D Relevance: .1, Instructions: 123COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e982b5ea27b8ce6b2da38d61265c1e0dc47f78e59c23214e7b52125a31ace8a2
                                        • Instruction ID: dd2c9577c64fd859efe37910a0ff47bf3e2acfc912b97f87a8b56839e112aba9
                                        • Opcode Fuzzy Hash: e982b5ea27b8ce6b2da38d61265c1e0dc47f78e59c23214e7b52125a31ace8a2
                                        • Instruction Fuzzy Hash: 3431A361B0994D8FEBA8EB5C94687683BE1EF9C350B0601F6D54DC72EADE24EC418741
                                        Function 00007FFD9B8972E0 Relevance: .1, Instructions: 122COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 47eb4d81d3980a27bcd28dcc0ddf810f646e4b45c593901e1605a4d19f3d7256
                                        • Instruction ID: 12543dc859c87ecd955c4c482bdcef8ac69a2c75606ec90a90fbdec2f231503e
                                        • Opcode Fuzzy Hash: 47eb4d81d3980a27bcd28dcc0ddf810f646e4b45c593901e1605a4d19f3d7256
                                        • Instruction Fuzzy Hash: 3731A361B0984D8FEFA8EB5CD46876837E1EF9C351B4101B6E54DC72EADE28EC418740
                                        Function 00007FFD9B8971A0 Relevance: .1, Instructions: 122COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ef3b7273b54ab928ed8353b580e1d2d4de84ca401d7485218a24091a540fc66
                                        • Instruction ID: 315c748e4691823860917aac86716093640563d027bb67532d53c884c2233009
                                        • Opcode Fuzzy Hash: 0ef3b7273b54ab928ed8353b580e1d2d4de84ca401d7485218a24091a540fc66
                                        • Instruction Fuzzy Hash: F6313822B0A80D0FEBA8DB6C98686BC7BD1EF9D340F0502B7E45DC73A6DD6859424380
                                        Function 00007FFD9B8AED39 Relevance: .1, Instructions: 121COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8475d25056c1fb2a24acea3f002758c0d846b1ed3bb4fa79b3b84c4848c9ae04
                                        • Instruction ID: ea4e81e534ba9c8865f9a45b00a5ed05dd8745788c9b07d0a36c8f3b4d290806
                                        • Opcode Fuzzy Hash: 8475d25056c1fb2a24acea3f002758c0d846b1ed3bb4fa79b3b84c4848c9ae04
                                        • Instruction Fuzzy Hash: DE31E33160CB4D4FEB98EF5C9C659657BE1EFA9740B20016EE84DC3662DE21ED428781
                                        Function 00007FFD9B893DBD Relevance: .1, Instructions: 120COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e9219afe372fc7c982ff79d088db0650e396deea1e0afddd54e08450b47e95f8
                                        • Instruction ID: ca26e359d26ae2534ec72f44b1819b96c449131b947f706d423ed2af074ea435
                                        • Opcode Fuzzy Hash: e9219afe372fc7c982ff79d088db0650e396deea1e0afddd54e08450b47e95f8
                                        • Instruction Fuzzy Hash: F131CE70B19A0D8BDB68AB68C0A46B973E1FF9C304F62417DD05FC32A5CE25B9428794
                                        Function 00007FFD9B8AE7D1 Relevance: .1, Instructions: 119COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7b81b7541aa3925cb76a3679d40c9ff79b471be726d2ab7ef776397f4876c15d
                                        • Instruction ID: a52a803ca53726dae2c113eb4b6a0e24d23439e8bd8797d5dbeba636a6c4c32a
                                        • Opcode Fuzzy Hash: 7b81b7541aa3925cb76a3679d40c9ff79b471be726d2ab7ef776397f4876c15d
                                        • Instruction Fuzzy Hash: 59311631B0D98E4FE759D76884243B8B7A1EF98300F1541B6D00DC75E6DE2CAA4687A1
                                        Function 00007FFD9B898D10 Relevance: .1, Instructions: 117COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0650eca20ac3253e01b8a9965b799427b2e007ac09203b8dc10e9b212dbb0158
                                        • Instruction ID: 4129d13a1eb860c7835fb09bd73b251d92fa67bc0d76a5614c57fc0cd5efba6c
                                        • Opcode Fuzzy Hash: 0650eca20ac3253e01b8a9965b799427b2e007ac09203b8dc10e9b212dbb0158
                                        • Instruction Fuzzy Hash: 4521CE22B1AD0E0FEEE8E65D947877937C6EBDC3A1B15417AE80EC32A4ED15BD024340
                                        Function 00007FFD9B8AE915 Relevance: .1, Instructions: 111COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1bde79941ad7de3fe4fd0e703fefad1fa7ae88336d44d613fd767fd60f572384
                                        • Instruction ID: 723632d3f6b47ef0073d178e74b237875a2fb4670126d1961c8b304e6effd93d
                                        • Opcode Fuzzy Hash: 1bde79941ad7de3fe4fd0e703fefad1fa7ae88336d44d613fd767fd60f572384
                                        • Instruction Fuzzy Hash: 90310621B0EA8D0FE795E7A858656B97BA1DF4A340B1A01B7D00CD76F3CD286D4583A2
                                        Function 00007FFD9B8A259B Relevance: .1, Instructions: 110COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 41304b4473e07f5110c4275d81cf5424433e0c44b13df77e3dd861f5531f9c4f
                                        • Instruction ID: 7aef1debb3340827ece8bd6638c70da38c41b1881b00586a2230fdecb3c3896c
                                        • Opcode Fuzzy Hash: 41304b4473e07f5110c4275d81cf5424433e0c44b13df77e3dd861f5531f9c4f
                                        • Instruction Fuzzy Hash: C921D712B1FA0F06E6B94AEC657527563C3DFE8B907164236C09EC32E5FD18E9431251
                                        Function 00007FFD9B8ABF91 Relevance: .1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f730e4f9244d3a42ac20289dfb411de785a91bff2dac4f85943fe00cbb808798
                                        • Instruction ID: 8342a893183293b5ff863157815bdb63283a0183fb0bc36e85f866c20efdacef
                                        • Opcode Fuzzy Hash: f730e4f9244d3a42ac20289dfb411de785a91bff2dac4f85943fe00cbb808798
                                        • Instruction Fuzzy Hash: 2B31E47190DB8C4FDF24AB589C1A5E9BBF4EB9A310F05016FE489D3162D624A945C7C3
                                        Function 00007FFD9B89FEA9 Relevance: .1, Instructions: 106COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 309881e942658b6e3d119b39d9960e8fad634c49bc780ba089c7fdcbc50ea3d6
                                        • Instruction ID: 4bc3b8d4b597f67b5c8acd481081d9d7e0e83043fba730797e3851bf83b47eea
                                        • Opcode Fuzzy Hash: 309881e942658b6e3d119b39d9960e8fad634c49bc780ba089c7fdcbc50ea3d6
                                        • Instruction Fuzzy Hash: 9331C771A1ABCD4FDB95DF6888696693FB1EF69300B0601EAE44DC72B3DA28DC05C741
                                        Function 00007FFD9B894F20 Relevance: .1, Instructions: 104COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 94c2eefeded7c837eebf9f54725b5bb2d016c4eb2f048256c2b19cc0e01a7749
                                        • Instruction ID: 49d9f6e5d4ef2cd93c9e9863c99beb4bf8f760499044cc9a2e9f468fa726e133
                                        • Opcode Fuzzy Hash: 94c2eefeded7c837eebf9f54725b5bb2d016c4eb2f048256c2b19cc0e01a7749
                                        • Instruction Fuzzy Hash: E731F622B1DA8F0FEB79D76894755B43BE1EF9921070D41BAD04DC71A7EE18A9064301
                                        Function 00007FFD9B8A62E1 Relevance: .1, Instructions: 102COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d5c339d40d6f131acca95a1803f1b4bc627b5865aa2640d4af1102e479063b11
                                        • Instruction ID: 1efe26df3cd62e4addb97183953ecea1f6fee0656be4437889b0ae7e2f94d417
                                        • Opcode Fuzzy Hash: d5c339d40d6f131acca95a1803f1b4bc627b5865aa2640d4af1102e479063b11
                                        • Instruction Fuzzy Hash: 1F216D70B1CA0C8FDBA8EB8894656BC77E1EF9C754F05027ED04ED32A5DE24A942C745
                                        Function 00007FFD9B8A90CB Relevance: .1, Instructions: 93COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e17364f2280e253106f039c746aebcd53c3a18eb045cd94124d258d9f461427e
                                        • Instruction ID: 65d3a81fb9d26a30638cf25ebc82002dd69583f8642e6a39af5167cf7f9dc3a6
                                        • Opcode Fuzzy Hash: e17364f2280e253106f039c746aebcd53c3a18eb045cd94124d258d9f461427e
                                        • Instruction Fuzzy Hash: BF310630A0994D8FDFA4DF58C4A9AA87BE1FF5D344F0205B9E40DD72A1CA38E944CB50
                                        Function 00007FFD9B8973D9 Relevance: .1, Instructions: 90COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8d30269baea487f2c6b00b2b45efb1d5049a7aafe037ac8cb0cf1dd498de7603
                                        • Instruction ID: bff118933525937a3ffc89586bccd1392b1a3a780645bd7d3c9623371fb9cf15
                                        • Opcode Fuzzy Hash: 8d30269baea487f2c6b00b2b45efb1d5049a7aafe037ac8cb0cf1dd498de7603
                                        • Instruction Fuzzy Hash: 5C212C34A1995E8FEF98DF988455AEA7BE0FF68345F01013AE40AD31A1CB249951CB80
                                        Function 00007FFD9B896890 Relevance: .1, Instructions: 88COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ec5168d68e163058e09e1d12d4972128110ce5a5b67a683fdec57df47edbb07a
                                        • Instruction ID: d1613d32073f7eb35cda8cc8aa1d83f08fe924a94496981c9f9e24d2f4730ebf
                                        • Opcode Fuzzy Hash: ec5168d68e163058e09e1d12d4972128110ce5a5b67a683fdec57df47edbb07a
                                        • Instruction Fuzzy Hash: F821D571609A0C8FEF78DB08D816AF937E1EB9D360F01027AE40ED3261D921BC5287D0
                                        Function 00007FFD9B895965 Relevance: .1, Instructions: 84COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 019eaaa19ceae7e685bb1e430c93d9398273b967c885a81c80f3e22c7ce1f1b2
                                        • Instruction ID: f8871ad0bbc6e27cc5b1bbddc3d7f96e81b51ca99ee0f9f2d108ed8ea353e3a0
                                        • Opcode Fuzzy Hash: 019eaaa19ceae7e685bb1e430c93d9398273b967c885a81c80f3e22c7ce1f1b2
                                        • Instruction Fuzzy Hash: 1F21F73161CB4D4BEB64E718C899A79FBE1FBA8301F10067AE44EC35A1DE24E9458782
                                        Function 00007FFD9B8945E2 Relevance: .1, Instructions: 78COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 92a62ab2b5fb34547858df4c6ac95333fd6ff17b9a00de47f9ab9e13f2cb4d1c
                                        • Instruction ID: 4b318d7b9544c55eee5a83bbc8b918063665673139fba0bf112db17e0ac7d628
                                        • Opcode Fuzzy Hash: 92a62ab2b5fb34547858df4c6ac95333fd6ff17b9a00de47f9ab9e13f2cb4d1c
                                        • Instruction Fuzzy Hash: 91213E72A0F7D95FFB2A97AC98691E87FA0EF05354B0941FBD048860A3FD1555464380
                                        Function 00007FFD9B89D4B0 Relevance: .1, Instructions: 77COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 4aa27e1c3b4807f5dd37bfd414a32685a540727c36181dfdb9258a1433bd17c5
                                        • Instruction ID: e9b87fb291e94d58ce45afe19f6a8f6bfca6206ee93fb92fb47f21391dd203d7
                                        • Opcode Fuzzy Hash: 4aa27e1c3b4807f5dd37bfd414a32685a540727c36181dfdb9258a1433bd17c5
                                        • Instruction Fuzzy Hash: E011E532B1FD4D0BEAE486AD3C6A1742AC5DB9D61571601BBE84CC32B5EC429C418345
                                        Function 00007FFD9B89B98C Relevance: .1, Instructions: 76COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 3cf8e70e75849fa3e451900f9c6635874c67c21ada02574edf3ffe3475ded6b1
                                        • Instruction ID: a79e02af58f39d45e0dd69b8298eb6c0615142300e4ed6b83e18cf87d7a80129
                                        • Opcode Fuzzy Hash: 3cf8e70e75849fa3e451900f9c6635874c67c21ada02574edf3ffe3475ded6b1
                                        • Instruction Fuzzy Hash: 8B113A66B0EA4D0FEBA6A32C84692B93FC1DF99250F0941BAD44DC71E7ED4859874342
                                        Function 00007FFD9B8AE4F9 Relevance: .1, Instructions: 74COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 21cbaa28b8aa929289ccc973c1e41df5c8532d18840a5436293459bb7ea5f295
                                        • Instruction ID: 2493e12967c67d9709966969e0d1e767f3616ecf8c45b71f7cf55923efe48560
                                        • Opcode Fuzzy Hash: 21cbaa28b8aa929289ccc973c1e41df5c8532d18840a5436293459bb7ea5f295
                                        • Instruction Fuzzy Hash: 01113D32A19A4D4FEBA0EBA868241B977E1FF8D340F45027BE45CD3192EF24DD018781
                                        Function 00007FFD9B890848 Relevance: .1, Instructions: 72COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ec285d9fb282ae249cc46f1cfa7c70f2fb96e2c7cd3948aa8c84eac0474c3dd
                                        • Instruction ID: 0869d8b72a4d8e70677955ce2a1cb48a9c59709d9d07164dd5c306c6879a0eda
                                        • Opcode Fuzzy Hash: 0ec285d9fb282ae249cc46f1cfa7c70f2fb96e2c7cd3948aa8c84eac0474c3dd
                                        • Instruction Fuzzy Hash: 0811CA62F1E98D1FEB695BA458303A87BD1FF49740F0941BBD058D31D7DD18AD058381
                                        Function 00007FFD9B89D4AA Relevance: .1, Instructions: 71COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ee49afeea926c0091824affd06f7694f2c82102d22bd90373ae0903fe1d67dc7
                                        • Instruction ID: 37101ac46e429f0bfafcdab56f41f6c30f81a1848720b352fc1f4a3308dfedd1
                                        • Opcode Fuzzy Hash: ee49afeea926c0091824affd06f7694f2c82102d22bd90373ae0903fe1d67dc7
                                        • Instruction Fuzzy Hash: CF11E532B1FD4D0BEBE586AD2C7613429C1EF9C60470601BBE84CC32B2ED41ED018349
                                        Function 00007FFD9B8A5DFA Relevance: .1, Instructions: 66COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0b5ce81b0683d7b6a734af9fe3c1fbf984dd5fe68c866a4013130a5d80b84cb7
                                        • Instruction ID: 27a544e9ae05c1b3e2d285b677a04f337de2d70d0ae8c95a74cda1552bb6edcc
                                        • Opcode Fuzzy Hash: 0b5ce81b0683d7b6a734af9fe3c1fbf984dd5fe68c866a4013130a5d80b84cb7
                                        • Instruction Fuzzy Hash: 63019E72B0D60C4AEB6C665878620FC73C1EB89235B00027FE14EC25E2ED1A6557418A
                                        Function 00007FFD9B8AE531 Relevance: .1, Instructions: 63COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0383f82bcc2ebbb23317f98a07d07d110929a6e37f68f83f37df6f502467d785
                                        • Instruction ID: 49146e6325be1885da4282210f72ff714066f372c027d1d682ef43ed0df69a39
                                        • Opcode Fuzzy Hash: 0383f82bcc2ebbb23317f98a07d07d110929a6e37f68f83f37df6f502467d785
                                        • Instruction Fuzzy Hash: 51016B31D1A94C1FDB6597A458291FA3BE0FF49310B050277E01CD39A3DA1C9A0287A1
                                        Function 00007FFD9B894398 Relevance: .1, Instructions: 57COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0c7fbe302a0ab03659a4e33ae5b29b1e7a9254325c0b43efc9ea6dd8c218a360
                                        • Instruction ID: 11abcdfa48e1992559cf106fd8d6dca3db2956fa446445dacd3c2276090a587f
                                        • Opcode Fuzzy Hash: 0c7fbe302a0ab03659a4e33ae5b29b1e7a9254325c0b43efc9ea6dd8c218a360
                                        • Instruction Fuzzy Hash: 0101D631B09A0E0FEBA4DB9DA854B7677D1EF9C320B51027AE94DC3266DE65EC018381
                                        Function 00007FFD9B8AEA39 Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c59508d831af400cc2a99cd65f45f32f4a412df9f511e6d63e36c9b28c4d5398
                                        • Instruction ID: 4de8974baf0bea5ac71e4d9a36adb4fa637782e673e2f9916cb9e29322f9e674
                                        • Opcode Fuzzy Hash: c59508d831af400cc2a99cd65f45f32f4a412df9f511e6d63e36c9b28c4d5398
                                        • Instruction Fuzzy Hash: 8A017B30B4E1890FE31993A868216E17BD1EF8A324F1A41FBE08CC75E3D95D6D438362
                                        Function 00007FFD9B8A9ECD Relevance: .1, Instructions: 55COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: b178f717a7a27ed0adc581059f44d28b92506b682b65514a0d6f39f82d844cd3
                                        • Instruction ID: 4d467f5c0808e41783fe07da269cc1bf3fbafbfa1b8745aaf1f301fefa27b0a9
                                        • Opcode Fuzzy Hash: b178f717a7a27ed0adc581059f44d28b92506b682b65514a0d6f39f82d844cd3
                                        • Instruction Fuzzy Hash: 3BF02D21B0E5581FEB50D7A89C199767FD4DFCE264B0905B7E44CC3173D81AD6014360
                                        Function 00007FFD9B89349C Relevance: .1, Instructions: 54COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: e1b15e6f20c2242a15a6ab6cc960926d01c26c70733f5bab0690f7d43e001b57
                                        • Instruction ID: 73f309f41fd3c692238890483cefb45cacbde18efd5756bc809ae4e385597420
                                        • Opcode Fuzzy Hash: e1b15e6f20c2242a15a6ab6cc960926d01c26c70733f5bab0690f7d43e001b57
                                        • Instruction Fuzzy Hash: F7F0FF30B1D9490FE799E76C98A97B4B7D1EF98311B1900BAD40CC72E6DE1A6C828340
                                        Function 00007FFD9B89F881 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 65a92af9f70af0d5c67df03b37d5316cc3dab84cb340a50019af217e4d09f899
                                        • Instruction ID: 23c293fb797fb3ce090b1be449e15f6bc789d2e282e0d03c75b26ddeff7eb32d
                                        • Opcode Fuzzy Hash: 65a92af9f70af0d5c67df03b37d5316cc3dab84cb340a50019af217e4d09f899
                                        • Instruction Fuzzy Hash: D7F0B42271D98C0FE7A8966CAC5D9B23FD4DB6A22230602FBE448C7573E9029C468350
                                        Function 00007FFD9B89B528 Relevance: .1, Instructions: 53COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0da4564e76fc6fe96755752136512190394b9ce0d9f099008ba8ab98e56efbfb
                                        • Instruction ID: 4e354236b73ea509f8054463c4c1623bfffd8231eb440a9417a233d10b0a3004
                                        • Opcode Fuzzy Hash: 0da4564e76fc6fe96755752136512190394b9ce0d9f099008ba8ab98e56efbfb
                                        • Instruction Fuzzy Hash: BEF02222B2EE4E0FEFA8E66C602423467C1EBEC365715013BD88CC32A5DD14DD434240
                                        Function 00007FFD9B896400 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2d3557371f8f9c21113e6c97c3a71cb8335fdf8d83e28ca389e9ca39688ad9e3
                                        • Instruction ID: 127ffe765f5072ea39bffee22bfeac4adc09119d43ff93491c6c45af38601ca7
                                        • Opcode Fuzzy Hash: 2d3557371f8f9c21113e6c97c3a71cb8335fdf8d83e28ca389e9ca39688ad9e3
                                        • Instruction Fuzzy Hash: C001D661B29D4F0FDFACEB2C9460A76B3E1FFA834074445BAD44DC3199ED24E8424781
                                        Function 00007FFD9B894F40 Relevance: .1, Instructions: 52COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 94a036173f9fd98daacf6fd9f47e0975752dca63923a9ac141904e6c8dd664f8
                                        • Instruction ID: 30a28e037b519617e2b89f0c4eee54d3042683b8ff0e7ae9be8dfeadeb9059a4
                                        • Opcode Fuzzy Hash: 94a036173f9fd98daacf6fd9f47e0975752dca63923a9ac141904e6c8dd664f8
                                        • Instruction Fuzzy Hash: 8001A221B29D0F4FDBBCE75C9460A7663D1FFD8300755857AD00DC3299EE28E9424381
                                        Function 00007FFD9B8AA111 Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 47657c5a122ae0646ec07f0a92a72aaddf46c956f13d25c6b2cea5678389af41
                                        • Instruction ID: 7cf65f69b43a04b9c4d386995451e6c6ff9ffcf3432e5421af43feb2ca31b9d8
                                        • Opcode Fuzzy Hash: 47657c5a122ae0646ec07f0a92a72aaddf46c956f13d25c6b2cea5678389af41
                                        • Instruction Fuzzy Hash: 99F0C852B4FA8D2FD3A293EC68952B46FC5DB9912170941B7D05CC65A3DC094D4683A2
                                        Function 00007FFD9B89401D Relevance: .0, Instructions: 49COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6f9e3946980fb13bc50c9b6786203366c554c281db34757e6bd2c5295d36b710
                                        • Instruction ID: 1b17c50f3eff275495f17c2e05d43c3f623c55714b34bb0b3a4ad13135884af3
                                        • Opcode Fuzzy Hash: 6f9e3946980fb13bc50c9b6786203366c554c281db34757e6bd2c5295d36b710
                                        • Instruction Fuzzy Hash: 1D018645A5F6CA6EEBB353B82C301652FA49E4B12570E01FBD0C8CA1E7E90C5D55C392
                                        Function 00007FFD9B8958FA Relevance: .0, Instructions: 48COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: f0feed91cdc65c3d2a0816cd75c0f43ba608d236a97fe95206b45951f52d9bb4
                                        • Instruction ID: 4b6a48180e041025b7a7b5ee5f796971d104fe4fe9d395b37310ba9605884ab0
                                        • Opcode Fuzzy Hash: f0feed91cdc65c3d2a0816cd75c0f43ba608d236a97fe95206b45951f52d9bb4
                                        • Instruction Fuzzy Hash: F6F04613B1EAAE1AFA75A3BC34693F91AC2CBD9275F094AFBC00DC5196D808294303D0
                                        Function 00007FFD9B8941C5 Relevance: .0, Instructions: 47COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9f05e762dd99332db4030d4937786b4824af96995d68a020daa4d6217f96c029
                                        • Instruction ID: 9aed6f7db0e20d2054caf46259cdfdc0562cfa2ad39632962ae0830bfde22a05
                                        • Opcode Fuzzy Hash: 9f05e762dd99332db4030d4937786b4824af96995d68a020daa4d6217f96c029
                                        • Instruction Fuzzy Hash: 3CF0B442F5FEDE1AEB76536C28611781B92EB9956074E02F7C448C62E7DC095D870381
                                        Function 00007FFD9B89C93D Relevance: .0, Instructions: 46COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 7c5c7c723852d2e777d41acdd54567ef5321050e30c910ebfed1688b439360b9
                                        • Instruction ID: 3a63c2bb707cb9fef64e459b332b5fd76f51257d523b86893686256488201acf
                                        • Opcode Fuzzy Hash: 7c5c7c723852d2e777d41acdd54567ef5321050e30c910ebfed1688b439360b9
                                        • Instruction Fuzzy Hash: C3F04911A1FECA0FEB69A37814782B47FD09F5A210F0600FAC4C9C31A3DD0929428341
                                        Function 00007FFD9B8972A0 Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 05fb1df27ae39813f610a0985ee06cd84a1e87cf7107f569773c7c5265851196
                                        • Instruction ID: ccc636941be93966532c3535c5f6eb33449fadfef1c28252a8d4ec3a76960b5b
                                        • Opcode Fuzzy Hash: 05fb1df27ae39813f610a0985ee06cd84a1e87cf7107f569773c7c5265851196
                                        • Instruction Fuzzy Hash: 64F0E931B0980F0EE6B4B2CC94697716AD5EF5F3B0F161077E44EC21A2DC489D42C260
                                        Function 00007FFD9B89DE51 Relevance: .0, Instructions: 44COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ba88d0d399dfcdaec822f59669350a5af97cf6b519e78adad91ad455a9e1c29b
                                        • Instruction ID: d6696a675ed614fc3b44acfdbfc3c4b8f22e68683eba902055f5b4b39a12841b
                                        • Opcode Fuzzy Hash: ba88d0d399dfcdaec822f59669350a5af97cf6b519e78adad91ad455a9e1c29b
                                        • Instruction Fuzzy Hash: 51F0E252B0FACE0FDB76937C08652A85F92DBA9154B8E06E7C09DC6197D8081D424391
                                        Function 00007FFD9B8A5D23 Relevance: .0, Instructions: 41COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 69bc478d0f5f6ec31d7dedc228e30d13cf8283c8bee1ac617064a5f2fc170855
                                        • Instruction ID: fee9fc56ae997323a5ae5b80cf481e3e261fe4f0ea80c63625a8c9b6c2c81734
                                        • Opcode Fuzzy Hash: 69bc478d0f5f6ec31d7dedc228e30d13cf8283c8bee1ac617064a5f2fc170855
                                        • Instruction Fuzzy Hash: F0F0DA71A2CB489B9F14AE4CAC434A977D0EB88B60F10116FF94943611D621B9928AC7
                                        Function 00007FFD9B8AB3FB Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 13d9a244cdf6e4e3a5a230d614143684c2700194485d78256981b8577f0c1f8a
                                        • Instruction ID: f597978a10c8761fa7671aeef9e962417c7fc3a64e64ae5141c31026e39a600e
                                        • Opcode Fuzzy Hash: 13d9a244cdf6e4e3a5a230d614143684c2700194485d78256981b8577f0c1f8a
                                        • Instruction Fuzzy Hash: 18F0A7B271EA1D4FE5586B0C24121B877C6DB8D920B10406FD48FC3157DC1569070391
                                        Function 00007FFD9B8950A9 Relevance: .0, Instructions: 40COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0f63ce6de8c7ddfacbdbde98f9339ed34bc594c7307480b24125f1acf3bf04a0
                                        • Instruction ID: a3d6ff4c8b43eea80d66bfd2c588438d346e52bca4cc2fd33532e1422ae1d7cd
                                        • Opcode Fuzzy Hash: 0f63ce6de8c7ddfacbdbde98f9339ed34bc594c7307480b24125f1acf3bf04a0
                                        • Instruction Fuzzy Hash: F801AD30919BCD4FDB4ADB6888280A97FB0FF59200B0504EBD858C72A2DA7449148741
                                        Function 00007FFD9B89AAA2 Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 78a3047b025af043e675a33836ce64b2a43f376fc317b7a5872c8a0bb0aaa387
                                        • Instruction ID: 0b809fa482ffaa0aa324126ae3600674526c542542fd991b342fd9a674ca410a
                                        • Opcode Fuzzy Hash: 78a3047b025af043e675a33836ce64b2a43f376fc317b7a5872c8a0bb0aaa387
                                        • Instruction Fuzzy Hash: 32F0282560E6CE1FE72A977C84645A07FF0EF4A310B0E01F6C488CB2A3D928E985C351
                                        Function 00007FFD9B893F5E Relevance: .0, Instructions: 39COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 131084c814513af8c9296818f83657244071c7d6145d328f73eb4e866b72938a
                                        • Instruction ID: 408c0e2b621e5ecbbb64280bed50aff37e997bad40169ccadf7a085ab0002a43
                                        • Opcode Fuzzy Hash: 131084c814513af8c9296818f83657244071c7d6145d328f73eb4e866b72938a
                                        • Instruction Fuzzy Hash: 6BF0F831B0882C8FDF94EB8CE485AECB7E1EB9C321B0502A6E40DD7255CA24980147C1
                                        Function 00007FFD9B8988C5 Relevance: .0, Instructions: 36COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9329e0b5c2f3c0abcb00346c58e80cddab92404a983c235f6a8e6f58e13101c2
                                        • Instruction ID: 50e838c8c7c8ba0becd2d2035564a074cae5bb8ce3adfda066a3a52508f1c71d
                                        • Opcode Fuzzy Hash: 9329e0b5c2f3c0abcb00346c58e80cddab92404a983c235f6a8e6f58e13101c2
                                        • Instruction Fuzzy Hash: 44F0902550E3CA4FD716CB6948600953FB0EEC6251F4B42FBC0C4CA0A3EA1C468A8762
                                        Function 00007FFD9B895902 Relevance: .0, Instructions: 35COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 0ff2fdadea6bbad5984ffbbce6bc5ceb83218511445fd9018a5867c4813b2038
                                        • Instruction ID: b2264e3c7bcfc3561696d5966b840b85905642ba9573afec77f64da7e0fb5ae8
                                        • Opcode Fuzzy Hash: 0ff2fdadea6bbad5984ffbbce6bc5ceb83218511445fd9018a5867c4813b2038
                                        • Instruction Fuzzy Hash: 68E0E512B0EA9E1AEA75A3BC241A3B95DC2CBDD264F590AFBD41DC6195D8081D4243C0
                                        Function 00007FFD9B897B50 Relevance: .0, Instructions: 34COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 00fe739c7545e7ca64ab5a4f4bb31759198bb3462e7ba26a8a09378b1bb44cea
                                        • Instruction ID: f564cc48f41cb4be22525f5d4267f4821c320c6240239a1a2feac50abdd123a5
                                        • Opcode Fuzzy Hash: 00fe739c7545e7ca64ab5a4f4bb31759198bb3462e7ba26a8a09378b1bb44cea
                                        • Instruction Fuzzy Hash: 49F0EC31B16D0D0BEE68A3685454BF966D1DB99310F410079D40EC3295DD5969424781
                                        Function 00007FFD9B8ACB8C Relevance: .0, Instructions: 33COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 71993f120076841d2c219dd97d43a623ab4f22115ec796fb69ed7222effbb343
                                        • Instruction ID: e03bebc1e2e13ac2f2249bff78b0fc00c05456d9c3ba6b6b79d83686013ba988
                                        • Opcode Fuzzy Hash: 71993f120076841d2c219dd97d43a623ab4f22115ec796fb69ed7222effbb343
                                        • Instruction Fuzzy Hash: 35F0393270C90D8F8F88EF58E451DEA73A0FBA832171001A6E00AC3156DA31E952CBC0
                                        Function 00007FFD9B895958 Relevance: .0, Instructions: 30COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: db4a52e2d14970ce0a5ad7e4a1f0c5205dc16af4e6d8bd32bdd1288bbd6adccb
                                        • Instruction ID: 7bbc4dddd0c78e93dd49f4c9741c771736530e2abfc145f5aac1628bf70378a5
                                        • Opcode Fuzzy Hash: db4a52e2d14970ce0a5ad7e4a1f0c5205dc16af4e6d8bd32bdd1288bbd6adccb
                                        • Instruction Fuzzy Hash: 1EE0DF22B1ED4D1FEAB8A3BC182A36948C3CBDC264F5A0AFAD41DC2199DC082D4103C0
                                        Function 00007FFD9B898875 Relevance: .0, Instructions: 27COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: ae8d85469a24fe45857699168c19bde277264e3285e1762fe4e929dd7676ad56
                                        • Instruction ID: 061af51c1c49aa97ca3853ac50bd72b2c2f3f793a1f2246ec7a713a3088c67cd
                                        • Opcode Fuzzy Hash: ae8d85469a24fe45857699168c19bde277264e3285e1762fe4e929dd7676ad56
                                        • Instruction Fuzzy Hash: 5AE0619281E7C60FE7655335485A1A83FC0BF99300F4D42FFC084CB0B3D62C828A8702
                                        Function 00007FFD9B893A70 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1d6820586c76dccf062eca5c86fab91356e2a13b9c07c598c8b0e70790dffc52
                                        • Instruction ID: 5bc959f99749da69aeb69897bf0c1ca1cd6e99e83295de51819f2ab2068d6d8a
                                        • Opcode Fuzzy Hash: 1d6820586c76dccf062eca5c86fab91356e2a13b9c07c598c8b0e70790dffc52
                                        • Instruction Fuzzy Hash: B2E04621B0AC2D5FDEB8EB5CA46476427D1EF0D74071A04EAA48ED72A5DA10AD0883D1
                                        Function 00007FFD9B8A4631 Relevance: .0, Instructions: 26COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: d576f3d705ee07b08314465ca808fd036b9060ed48070ee8a0b89852e9bb691e
                                        • Instruction ID: 8097557eef3246f26d0aa5838187c230bcf668dcd134b64f37c5c824b86613ae
                                        • Opcode Fuzzy Hash: d576f3d705ee07b08314465ca808fd036b9060ed48070ee8a0b89852e9bb691e
                                        • Instruction Fuzzy Hash: 4CE0D83270850D4FEB28E784D4A06F43392DB89320F15423EC406C62E0DD1DEA454380
                                        Function 00007FFD9B8AE6E9 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2b0ac5c4266e3cbad612104316fc568d7fa038eba1d1d3b6f36c36cec4d32d99
                                        • Instruction ID: d2fdf2180538419d1460ae26435e35e82b223eea41c97f6796ef518f18877cb1
                                        • Opcode Fuzzy Hash: 2b0ac5c4266e3cbad612104316fc568d7fa038eba1d1d3b6f36c36cec4d32d99
                                        • Instruction Fuzzy Hash: 8BE02011A1D7D80FE76557A81D752A47FB0DF4A210F5A00E7D018DB2E7EC4D1C494393
                                        Function 00007FFD9B893730 Relevance: .0, Instructions: 25COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 18ba18a943ee4dd1e0716ccb17947207b2c0a5ac732912e0e0b1e0b67193fad7
                                        • Instruction ID: 51e5f7228e47e2f574360478eabd39f8215448a310bc2110f06956e1c8775c51
                                        • Opcode Fuzzy Hash: 18ba18a943ee4dd1e0716ccb17947207b2c0a5ac732912e0e0b1e0b67193fad7
                                        • Instruction Fuzzy Hash: FFD05B11F1BC1E36E8F4636D382577A04D1DBCC62075A0276E80CD2299DC189D8102C1
                                        Function 00007FFD9B897700 Relevance: .0, Instructions: 24COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 1e4eb14c0c90397d5bbb78833969c5cd17300fc01b2ae699f6abf6dfc00d7703
                                        • Instruction ID: 2b2a311d71f829b48e5e5a4f6e9b3421988812f4e974a670e35d3c0032c5bd12
                                        • Opcode Fuzzy Hash: 1e4eb14c0c90397d5bbb78833969c5cd17300fc01b2ae699f6abf6dfc00d7703
                                        • Instruction Fuzzy Hash: 9EE02B24F0ED0E47EE8CA5694CB602035D1FBEC204BE50499D41CC22A1FE5ED983C301
                                        Function 00007FFD9B89E3D0 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 314bdd1a1dab0e1fe50a0c50611ed339ffb792f6bcf6bc74e062ade89bbd276a
                                        • Instruction ID: a78b7776ea8301f9d4299518ead9216e8918a0039f9d860589959ff987599846
                                        • Opcode Fuzzy Hash: 314bdd1a1dab0e1fe50a0c50611ed339ffb792f6bcf6bc74e062ade89bbd276a
                                        • Instruction Fuzzy Hash: 7BE08C14A0B90D0FED58A39889A15502E90EF1E240F8900A1E80CCB2B2E44EEA885352
                                        Function 00007FFD9B8959D8 Relevance: .0, Instructions: 23COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 6e4f7a5272dcd7f559848e978bbd48788d60d46e8b9364024bd2b6fa1ed5e732
                                        • Instruction ID: 23c16be846eebe4b07d132331973584f290497b10efe9806cac4ce9f8673b5bc
                                        • Opcode Fuzzy Hash: 6e4f7a5272dcd7f559848e978bbd48788d60d46e8b9364024bd2b6fa1ed5e732
                                        • Instruction Fuzzy Hash: CCE0C220A29A4B07FB18AB724C4507A75D1FBCC341F854B36D88CD0060EA3CC3C64252
                                        Function 00007FFD9B8959E8 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 691a2f3a06536ee3440fbcbf9ecb7c0123ed8711d37f8a065ab607ce4027d070
                                        • Instruction ID: d842dd3c6fdf12ba5d941020923d34fb1099f9808944b649e137c542f495f697
                                        • Opcode Fuzzy Hash: 691a2f3a06536ee3440fbcbf9ecb7c0123ed8711d37f8a065ab607ce4027d070
                                        • Instruction Fuzzy Hash: 1FD02E30A2E91D06EFB4B36850186F93BC0CF48310F050A37FC0EE22B0ED499A8202C9
                                        Function 00007FFD9B89DE29 Relevance: .0, Instructions: 21COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 8e65f64a81e2d823213aa90f426e21870421c236d9c7cd68317d9b6ecfccf42b
                                        • Instruction ID: e22db297023d2e01f5e8d3d6479c511ae433fa814fae783f45c92040dbe6fe5d
                                        • Opcode Fuzzy Hash: 8e65f64a81e2d823213aa90f426e21870421c236d9c7cd68317d9b6ecfccf42b
                                        • Instruction Fuzzy Hash: 33D0A7829024491EFE4521650859CF56BC6DA1425038400D56C85C7522CA0C49864310
                                        Function 00007FFD9B8904C0 Relevance: .0, Instructions: 20COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: c22d245a3d06a7635d3f287a1cb9f9c500b1ec7a8d9d66a3c700258c7a83b05a
                                        • Instruction ID: 2567e6d8a849619cb5ea0052996060ad25d4aaa39ba04a50506f384e6fbcfccb
                                        • Opcode Fuzzy Hash: c22d245a3d06a7635d3f287a1cb9f9c500b1ec7a8d9d66a3c700258c7a83b05a
                                        • Instruction Fuzzy Hash: 9CD05E10F1982D05EB7822DC28617B89081DB48214F210475D41DD35CBDC8D2D8502D2
                                        Function 00007FFD9B8962C4 Relevance: .0, Instructions: 19COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 2eeb2aecddab8f19c1e55b8b0b30809bfb17a9a55b684adf936aed013079a7ef
                                        • Instruction ID: 7b577cf546dc273c2c9e1c9ae398e00b60a2ce3d0f3ac310c8bcf0438f0f6538
                                        • Opcode Fuzzy Hash: 2eeb2aecddab8f19c1e55b8b0b30809bfb17a9a55b684adf936aed013079a7ef
                                        • Instruction Fuzzy Hash: 1DE0CD61615F4E0AE75DE71440747F666C2FB98344F4400B8D05EC31D7EE3875024350
                                        Function 00007FFD9B8A6B66 Relevance: .0, Instructions: 18COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 9b981aa5db57342b918fa7f8a433a232875e05ef903a26f08180b4f1af454b8f
                                        • Instruction ID: edabeeb86914dbbd11477d6566fcb5aff3631f46996ca2ba49d5b5c326b3c758
                                        • Opcode Fuzzy Hash: 9b981aa5db57342b918fa7f8a433a232875e05ef903a26f08180b4f1af454b8f
                                        • Instruction Fuzzy Hash: 61E012A4B1DE2E96E5345FA440213B97292FF48300F51C539D0BEC36D6CE7D76525760
                                        Function 00007FFD9B89328F Relevance: .0, Instructions: 14COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 66411b06518590d10a9bf31cfc1f47928c1ee3fe047d0a10cf3f0ad96947c277
                                        • Instruction ID: 332c81fa91de09648a4971af3bf8f4fdcecaa6e58f5d9db7d451cf5cac1451ad
                                        • Opcode Fuzzy Hash: 66411b06518590d10a9bf31cfc1f47928c1ee3fe047d0a10cf3f0ad96947c277
                                        • Instruction Fuzzy Hash: F2C08C32F0082D8F8F90EBCCA8052ECB7B0FB8C212B800133D10CE3140CB2818104790

                                        Non-executed Functions

                                        Function 00007FFD9B893DF8 Relevance: .9, Instructions: 855COMMON
                                        Download Yara Rule
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID:
                                        • API String ID:
                                        • Opcode ID: 5d1470fbf735d82553b4b767557960e3eea5275463352a9a7cef76bdeae3e2c4
                                        • Instruction ID: 2cd67bfe88cf30fe47994803adbab4d5dfe028b7590b8821eae53acbb0745cbe
                                        • Opcode Fuzzy Hash: 5d1470fbf735d82553b4b767557960e3eea5275463352a9a7cef76bdeae3e2c4
                                        • Instruction Fuzzy Hash: BB42E531B0D90D8FEBA8EB6C846567877D2EF9C300F5541BAE04DC72E6DE28AD428751
                                        Function 00007FFD9B8989F5 Relevance: 8.9, Strings: 7, Instructions: 180COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: M_^$M_^$M_^$M_^D$M_^Z$M_^]$M_^`
                                        • API String ID: 0-1665171156
                                        • Opcode ID: 6e30fe9559b8b5dab5a573a0d20bb16d9837f4b128e553751866732ee503916f
                                        • Instruction ID: 2b23a37d9c28596c1c04cb8e752b308ccee143e90c677dddad88a533f1bdfc12
                                        • Opcode Fuzzy Hash: 6e30fe9559b8b5dab5a573a0d20bb16d9837f4b128e553751866732ee503916f
                                        • Instruction Fuzzy Hash: A95128A2A0E1958BD71B57A86C794E57FD0EF5126874D02FBC0A8CB1D3F805A50B8292
                                        Function 00007FFD9B8A89FA Relevance: 8.9, Strings: 7, Instructions: 106COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: L_^5$L_^D$L_^G$L_^Z$L_^]$L_^`$L_^c
                                        • API String ID: 0-732025951
                                        • Opcode ID: f42e2bf641f94f6f6a42883260950e03aae7e713fc1e4a24581cf9c29e37f3d5
                                        • Instruction ID: 4cbf8ab933bf4515554ca71d590c46c3e500e6ddac2c5a9ab65075d6a8169109
                                        • Opcode Fuzzy Hash: f42e2bf641f94f6f6a42883260950e03aae7e713fc1e4a24581cf9c29e37f3d5
                                        • Instruction Fuzzy Hash: 8B31ABB2A0E18A5BE316A7686C545EE7FC0EF40354F4441FBC69C8B183FD30994B8261
                                        Function 00007FFD9B8A88FA Relevance: 6.3, Strings: 5, Instructions: 86COMMON
                                        Download Yara Rule
                                        Strings
                                        Memory Dump Source
                                        • Source File: 00000000.00000002.1992148432.00007FFD9B890000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD9B890000, based on PE: false
                                        Joe Sandbox IDA Plugin
                                        • Snapshot File: hcaresult_0_2_7ffd9b890000_SecuriteInfo.jbxd
                                        Similarity
                                        • API ID:
                                        • String ID: L_^$L_^$L_^ $L_^#$L_^.
                                        • API String ID: 0-3539711518
                                        • Opcode ID: 2b46ef9c09a07786f6d1108fe500351a0aa18e365cc92aa88f46c70d9a24d2f9
                                        • Instruction ID: 49f2922bf8532526f06834724dfc96ea3b0ea7d12b7c78d689385052d0a05e80
                                        • Opcode Fuzzy Hash: 2b46ef9c09a07786f6d1108fe500351a0aa18e365cc92aa88f46c70d9a24d2f9
                                        • Instruction Fuzzy Hash: 2621F4F7B042155A830A7EBC78D54DD3390EF5822830A51F6C6AC8F187EE24508E8AC6